HP A-Series Especificações Página 31
- Página / 66
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
Security Target Version 1.02, 08/16/2013
31
Assurance Activity – Design
Assurance Activity - Guidance
Assurance Activity - Testing
FAU_STG_EXT.1.1
The evaluator shall examine the TSS to
ensure it describes the amount of audit
data that are stored locally; what happens
when the local audit data store is full;
and how these records are protected
against unauthorized access.
The evaluator shall examine the TSS to
ensure it describes the means by which
the audit data are transferred to the
external audit server, and how the trusted
channel is provided.
The evaluator shall also examine the operational
guidance to determine it describes the
relationship between the local audit data and the
audit data that are sent to the audit log server
(for TOEs that are not acting as an audit log
server). For example, when an audit event is
generated, it is simultaneously sent to the
external server and the local store, or the local
store is used as a buffer and “cleared”
periodically by sending the data to the audit
server.
The evaluator shall also examine the operational
guidance to ensure it describes how to establish
the trusted channel to the audit server, as well as
describe any requirements on the audit server
(particular audit server protocol, version of the
protocol required, etc.), as well as configuration
of the TOE needed to communicate with the
audit server.
Testing of the trusted channel mechanism will be
performed as specified in the associated assurance
activities for the particular trusted channel
mechanism.
The evaluator shall perform the following test for this
requirement:
The evaluator shall establish a session between the
TOE and the audit server according to the
configuration guidance provided. The evaluator shall
examine the traffic that passes between the audit
server and the TOE during several activities of the
evaluator’s choice designed to generate audit data to
be transferred to the audit server. The evaluator shall
observe that these data are not able to be viewed in
the clear during this transfer, and are successfully
received by the audit server. The evaluator shall
record the particular software (name, version) used on
the audit server during testing.
FCS_CKM.1.1
In order to show that the TSF complies
with 800-56A and/or 800-56B,
depending on the selections made, the
evaluator shall ensure that the TSS
contains the following information:
The TSS shall list all sections of the
appropriate 800-56 standard(s) to
which the TOE complies.
For each applicable section listed in the
TSS, for all statements that are not
"shall" (that is, "shall not", "should",
and "should not"), if the TOE
implements such options it shall be
described in the TSS. If the included
functionality is indicated as "shall not"
or "should not" in the standard, the
TSS shall provide a rationale for why
this will not adversely affect the
security policy implemented by the
TOE;
For each applicable section of 800-56A
and 800-56B (as selected), any
omission of functionality related to
"shall" or “should” statements shall be
described;
Any TOE-specific extensions, processing
that is not included in the documents, or
alternative implementations allowed by
the documents that may impact the
security requirements the TOE is to
enforce shall be described.
The evaluator shall use the key pair generation
portions of "The FIPS 186-3 Digital Signature
Algorithm Validation System (DSA2VS)", "The FIPS
186-3 Elliptic Curve Digital Signature Algorithm
Validation System (ECDSA2VS)", and "The RSA
Validation System (RSA2VS)" as a guide in testing
the requirement above, depending on the selection
performed by the ST author. This will require the
evaluator have a trusted reference implementation of
the algorithms can produce test vectors that are
verifiable during the test.
- Switches Security Target 1
- 1.2 Conformance Claims 5
- 1.3 Conventions 6
- 2. TOE Description 6
- 2.1 TOE Overview 7
- 2.2 TOE Architecture 11
- 2.2.2 Physical Boundaries 12
- 2.2.3 Logical Boundaries 12
- 2.3 TOE Documentation 14
- 3.1 Organizational Policies 15
- 3.2 Threats 15
- 3.3 Assumptions 15
- 4. Security Objectives 17
- 5.1 Extended Requirements 19
- 5.2.1 Security audit (FAU) 20
- 5.2.7 TOE access (FTA) 25
- 5.3.1 Development (ADV) 27
- 5.3.4 Tests (ATE) 28
- 6.1 Security audit 42
- 6.2 Cryptographic support 42
- 6.3 User data protection 48
- 6.5 Security management 49
- 6.6 Protection of the TSF 50
- 6.7 TOE access 51
- 6.8 Trusted path/channels 51
- 8. Rationale 54
Manuais e produtos relacionados com Barebones PC/estação de trabalho HP A-Series
Barebones PC/estação de trabalho HP All-in-One G1-2000 - Desktop PC Especificações Rápidas
(43 páginas)
(43 páginas)
Barebones PC/estação de trabalho HP Compaq Presario,Presario 5270 Informações Técnicas
(146 páginas)
(146 páginas)
© 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.072 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais