NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0302:  Update to FAU_ARP.1

Publication Date
2018.03.29

Protection Profiles
EP_SBC_V1.1

Other References
FAU_ARP.1

Issue Description

FAU_ARP.1 currently mandates the use of SNMPv3 protocol, but a selection of protocols is acceptable.

Resolution

FAU_ARP.1 is modified as follows:

FAU_ARP.1 Specification of Management Functions

FAU_ARP_EXT.1.1 The TSF shall be capable of using [selection: TLS, Ipsec, SSH, HTTPS, SNMPv3] to transmit potential security violation upon detection to an external IT entity in the operational environment.

Application Note: The selected protocol(s) must be reflected in FTP_ITC.

 

Assurance Activity

TSS

The evaluator shall verify that the TSS describes the ability of the TOE to transmit potential security violations to a alert receiver in the operational environment.

AGD

The evaluator shall verify that the Operational Guidance provides instructions on how to configure the TOE so that it is able to communicate potential security violations to a alert receiver in the operational environment using the selected protocols.

Test

The evaluator shall deploy the TOE in an environment that contains a alert receiver in the operational environment. The evaluator shall configure the TOE to communicate with the a alert receiver in the manner that is specified by the AGD. The evaluator shall deploy a packet capture tool that is capable of sniffing the traffic between the TOE and the alert receiver.  For each type of potential security violation that is defined by the ST, the evaluator shall cause that potential security violation to occur on the TOE, including configuring the TOE to detect the behavior as a potential security violation if it is necessary to do so.

Depending on what the TSF considers to be potential security violations, it may be necessary for the evaluator to set up traffic generators, heat guns, or other equipment that is used to simulate potential security violations.

After this is done, the evaluator shall observe via use of the packet capture tool and direct interaction with the alert receiver that the TSF transmitted the potential security violation and that it correctly used the selected protocol(s).

Justification

See Issue Description.

 
 
Site Map              Contact Us              Home