TD0302: Update to FAU_ARP.1
FAU_ARP.1 currently mandates the use of SNMPv3 protocol, but a selection of protocols is acceptable.
FAU_ARP.1 is modified as follows:
FAU_ARP.1 Specification of Management Functions
FAU_ARP_EXT.1.1 The TSF shall be capable of using [selection: TLS, Ipsec, SSH, HTTPS, SNMPv3] to transmit potential security violation upon detection to an external IT entity in the operational environment.
Application Note: The selected protocol(s) must be reflected in FTP_ITC.
The evaluator shall verify that the TSS describes the ability of the TOE to transmit potential security violations to a alert receiver in the operational environment.
The evaluator shall verify that the Operational Guidance provides instructions on how to configure the TOE so that it is able to communicate potential security violations to a alert receiver in the operational environment using the selected protocols.
The evaluator shall deploy the TOE in an environment that contains a alert receiver in the operational environment. The evaluator shall configure the TOE to communicate with the a alert receiver in the manner that is specified by the AGD. The evaluator shall deploy a packet capture tool that is capable of sniffing the traffic between the TOE and the alert receiver. For each type of potential security violation that is defined by the ST, the evaluator shall cause that potential security violation to occur on the TOE, including configuring the TOE to detect the behavior as a potential security violation if it is necessary to do so.
Depending on what the TSF considers to be potential security violations, it may be necessary for the evaluator to set up traffic generators, heat guns, or other equipment that is used to simulate potential security violations.
After this is done, the evaluator shall observe via use of the packet capture tool and direct interaction with the alert receiver that the TSF transmitted the potential security violation and that it correctly used the selected protocol(s).
See Issue Description.