NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0440:  Assurance Activities for FIA_UAU.2

Publication Date
2019.08.20

Protection Profiles
EP_ESC_V1.0

Other References
FIA_UAU.2/TC, FIA_UAU.2/VVoIP

Issue Description

FIA_UAU.2.1/TC and FIA_UAU.2/VVoIP have test assurance activities that contain implicit assumptions regarding the TOE implementation details.

Resolution

FIA_UAU.2 tests in the ESC EP V1.0 are modified as follows (marked with strikethroughs for deletions and underlines for additions):

FIA_UAU.2.1/TC

Test 1: The evaluator shall configure the TOE to accept encrypted trunk communications from the remote ESC using authentication credentials based on username, password, and IP address. The evaluator shall then use the remote ESC to connect to the TOE and verify that the encrypted trunk is successfully established. The evaluator shall use packet captures to verify that encrypted traffic is transmitted between the TOE and the remote ESC.

Test 2: The evaluator shall repeat test 1 but enter an invalid username/password credentials when attempting to authenticate. The evaluator shall observe that the encrypted trunk is not successfully established due to invalid credentials.

Test 3: The evaluator shall repeat test 1 but configure the TOE to accept encrypted trunk communications from a different IP address than what is assigned to the remote ESC. The evaluator shall then attempt to connect to the TOE using the remote ESC with valid credentials and observe that the encrypted trunk is not successfully established due to invalid IP address.

 

FIA_UAU.2.1/VVoIP

Test 1: The evaluator shall connect a VVoIP endpoint device to the TOE and attempt to place a call with a VVoIP endpoint device without registering to the TOE. The attempt should fail. The evaluator shall also attempt to download an update from the TOE and observe failure.

Test 2: [Conditional on TOE requiring certificate authentication to establish the connection used for registration] The evaluator shall load an invalid certificate onto a VVoIP endpoint device, connect that device to the TOE, and initiate the registration process. The registration process should fail due to an invalid certificate.

Test 3: The evaluator shall load a valid certificate onto a VVoIP endpoint device, connect that device to the TOE, and initiate the registration process. When prompted for credentialsa username and password, the evaluator shall supply invalid credentials and observe the registration process fails for that reason.

Test 4: The evaluator shall load a valid certificate onto a VVoIP endpoint device, connect that device to the TOE, and initiate the registration process. When prompted for credentialsa username and password, the evaluator shall supply valid credentials and observe the registration process succeeds and that the registered device can be used to place calls.

Justification

See issue description.

 
 
Site Map              Contact Us              Home