{"product_id":11076,"v_id":11076,"product_name":"FlashArray//X running Purity//FA 5.3","certification_status":"Certified","certification_date":"2021-01-13T00:00:00Z","tech_type":"Network Device","vendor_id":{"name":"Pure Storage, Inc.","website":"https://www.purestorage.com"},"vendor_poc":"Victor Chang","vendor_phone":"800-379-7873","vendor_email":"vchang@purestorage.com","assigned_lab":{"cctl_name":"UL Verification Services"},"product_description":"<p class=\"MsoNormal\" style=\"text-align: justify;\">The Target of Evaluation (TOE) is Pure Storage, Inc's (Pure Storage) <span style=\"mso-bidi-font-family: Arial;\">FlashArray//X running Purity//FA 5.3</span>.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The TOE is an enterprise Network Attached Storage solution that includes a Linux-based operating system, SAN (Storage Area Network) protocols and interfaces (iSCSI, Fiber Channel, SAS), and custom software to provide network storage with high performance, reliability, usability, and efficiency.</p>","evaluation_configuration":"<p class=\"MsoNormal\"><span style=\"mso-bidi-font-family: Arial;\">The TOE consists of the following FlashArray//X (R2 and R3 families) hardware models:</span></p>\r\n<p class=\"MsoNormal\"><strong><span style=\"color: black;\">&nbsp;</span></strong></p>\r\n<table class=\"MsoTableGrid\" style=\"margin-left: 41.4pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 1184; mso-padding-alt: 0in 5.4pt 0in 5.4pt;\" border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes;\">\r\n<td style=\"width: 2.1in; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"202\">\r\n<p class=\"MsoNormal\"><strong><span style=\"color: black;\">FlashArray//X R2 Family</span></strong><span style=\"color: black;\">:</span></p>\r\n<p class=\"MsoListParagraphCxSpFirst\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X10 R2</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X20 R2</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X50 R2</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X70 R2</p>\r\n<p class=\"MsoListParagraphCxSpLast\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X90 R2</p>\r\n</td>\r\n<td style=\"width: 2.1in; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"202\">\r\n<p class=\"MsoNormal\"><strong><span style=\"color: black;\">FlashArray//X R3 Family</span></strong><span style=\"color: black;\">:</span></p>\r\n<p class=\"MsoListParagraphCxSpFirst\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X10 R3</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X20 R3</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X50 R3</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X70 R3</p>\r\n<p class=\"MsoListParagraphCxSpLast\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; margin: 0in 0in 6.0pt 38.25pt;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->X90 R3</p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n<p>&nbsp;</p>","security_evaluation_summary":"<p class=\"MsoNormal\" style=\"text-align: justify;\">The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Pure Storage FlashArray//X running Purity//FA 5.3 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5, April 2017. The TOE, when installed and configured per the instructions provided in the preparative and administrative guidance, satisfies all the security functional requirements stated in the FlashArray//X running Purity//FA 5.3 Security Target. The evaluation underwent CCEVS Validator review. The evaluation was completed in January 2021.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11076-2021) prepared by CCEVS.</p>","environmental_strengths":"<p class=\"MsoNormal\" style=\"text-align: justify;\">The logical boundary of the TOE includes those security functions implemented exclusively by the TOE.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Each security function is summarized below.</p>\r\n<p class=\"MsoNormal\"><strong><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Audit</span></strong></p>\r\n<ul style=\"margin-top: 0in;\" type=\"disc\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE will audit all events and information defined in </span><!-- [if supportFields]><span\r\n     style='mso-bidi-font-size:10.0pt;mso-bidi-font-family:Times'><span\r\n     style='mso-element:field-begin'></span><span\r\n     style='mso-spacerun:yes'> </span>REF _Ref508713729 \\h<span\r\n     style='mso-spacerun:yes'>  </span>\\* MERGEFORMAT <span style='mso-element:\r\n     field-separator'></span></span><![endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Table <span style=\"mso-no-proof: yes;\">3</span>: Auditable Events<!-- [if gte mso 9]><xml>\r\n      <w:data>08D0C9EA79F9BACE118C8200AA004BA90B02000000080000000E0000005F005200650066003500300038003700310033003700320039000000</w:data>\r\n     </xml><![endif]--></span><!-- [if supportFields]><span style='mso-bidi-font-size:\r\n     10.0pt;mso-bidi-font-family:Times'><span style='mso-element:field-end'></span></span><![endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\"> in the Security Target.</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE will also include the identity of the user that caused the event (if applicable), date and time of the event, type of event, and the outcome of the event.</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE protects storage of audit information from unauthorized deletion.</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE prevents unauthorized modifications to the stored audit records.</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE can transmit audit data to an external IT entity using the Syslog over TLS protocol.</span></li>\r\n</ul>\r\n<p class=\"MsoNormal\"><strong>Cryptographic Operations</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-fareast-font-family: Calibri; mso-bidi-font-family: Times;\">The TSF performs the following cryptographic operations:</span></p>\r\n<ul style=\"margin-top: 0in;\" type=\"disc\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l2 level1 lfo3;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">SSH for remote CLI administrative management of the TOE:</span></li>\r\n</ul>\r\n<ul style=\"margin-top: 0in;\" type=\"disc\">\r\n<ul style=\"margin-top: 0in;\" type=\"circle\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level2 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Protocol versions:<span style=\"mso-spacerun: yes;\">&nbsp; </span>SSHv2 (Conforming to RFCs 4251-4254, 5656, and 6668)</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level2 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Public-Key Algorithms:<span style=\"mso-spacerun: yes;\">&nbsp; </span>SSH-RSA, 2048-bit RSA keys</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level2 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Data Encryption:</span></li>\r\n<ul style=\"margin-top: 0in;\" type=\"square\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level3 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">AES-CBC-128, 128-bit, AES symmetric key</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level3 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">AES-CBC-256, 256-bit AES symmetric key</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level3 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">AES128-CTR, 128-bit AES symmetric key</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level3 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">AES256-CTR, 256-bit AES symmetric key</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level3 lfo2;\"><a href=\"mailto:aes128-gcm@openssh.com\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times; color: windowtext; text-decoration: none; text-underline: none;\">aes128-gcm@openssh.com</span></a><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">, 128-bit AES symmetric key</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level3 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">aes256-gcm@openssh.com, 256-bit AES symmetric key</span></li>\r\n</ul>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level2 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Data Integrity:<span style=\"mso-spacerun: yes;\">&nbsp; </span>hmac-sha1, hmac-sha2-256, hmac-sha2-512, &ldquo;Implicit&rdquo;</span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l4 level2 lfo2;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Key Exchange:<span style=\"mso-spacerun: yes;\">&nbsp; </span>diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, </span></li>\r\n</ul>\r\n</ul>\r\n<p class=\"MsoNormalCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; margin: 0in 0in 6.0pt 1.0in;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">ecdh-sha2-nistp521</span></p>\r\n<ul style=\"margin-top: 0in;\" type=\"disc\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l2 level1 lfo3;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">HTTPS for remote administrative management of the TOE:</span></li>\r\n<ul style=\"margin-top: 0in;\" type=\"circle\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l2 level2 lfo3;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Protocol versions supporting:<span style=\"mso-spacerun: yes;\">&nbsp; </span>HTTPS/TLSv1.2 (Conforming to RFCs 2818 &amp; 5246)</span></li>\r\n<li class=\"MsoNormalCxSpLast\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l2 level2 lfo3;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Supporting the following TLS Ciphersuites:</span></li>\r\n</ul>\r\n</ul>\r\n<p class=\"MsoListParagraphCxSpFirst\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_RSA_WITH_AES_128_CBC_SHA</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_RSA_WITH_AES_256_CBC_SHA</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_DHE_RSA_WITH_AES_128_CBC_SHA</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_DHE_RSA_WITH_AES_256_CBC_SHA</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_RSA_WITH_AES_128_CBC_SHA256 </span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_RSA_WITH_AES_256_CBC_SHA256 </span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 </span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; mso-layout-grid-align: none; text-autospace: none; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 </span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; mso-layout-grid-align: none; text-autospace: none; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 </span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; mso-layout-grid-align: none; text-autospace: none; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 </span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span></p>\r\n<p class=\"MsoListParagraphCxSpLast\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo4; tab-stops: 1.75in; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; vertical-align: baseline; margin: 0in 0in 6.0pt 1.75in;\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 10.0pt; font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">&nbsp;</span></p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-fareast-font-family: Calibri; mso-bidi-font-family: Times;\">The TSF zeroizes all plaintext secret and private cryptographic keys and CSPs once they are no longer required.</span></p>\r\n<p class=\"MsoNormal\"><strong>Identification and Authentication</strong></p>\r\n<ul style=\"margin-top: 0in;\" type=\"disc\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6pt; text-align: justify;\">The TSF supports passwords consisting of alphanumeric and special characters.&nbsp;</li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6pt; text-align: justify;\">The TSF allows the security administrator to configure the minimum password length from 1 character to 100 characters.</li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6pt; text-align: justify;\">The TSF prevents offending Administrator accounts (FIA_AFL.1.1) from successfully establishing remote session using any authentication method that involves a password until an Administrator defined time period has elapsed.&nbsp;</li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6pt; text-align: justify;\">The TSF allows local administrators to re-enable user accounts locked by the FIA_AFL.1 functionality.</li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6pt; text-align: justify;\">The TSF requires all administrative users to authenticate before allowing the user to perform any actions other than:</li>\r\n</ul>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l1 level2 lfo1; margin: 0in 0in 6.0pt 1.0in;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Display the warning banner in accordance with FTA_TAB.1,</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l1 level2 lfo1; margin: 0in 0in 6.0pt 1.0in;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Respond to ICMP Echo Request,</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l1 level2 lfo1; margin: 0in 0in 6.0pt 1.0in;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Respond to ARP requests with ARP replies,</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l1 level2 lfo1; margin: 0in 0in 6.0pt 1.0in;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Make DNS Requests,</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l1 level2 lfo1; margin: 0in 0in 6.0pt 1.0in;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Respond to HTTP Get Requests on TCP port 80 with a HTTP 301 &lsquo;Moved Permanently&rsquo; Status, Code redirecting to TCP port 443,and</p>\r\n<p class=\"MsoListParagraphCxSpLast\" style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l1 level2 lfo1; margin: 0in 0in 6.0pt 1.0in;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Respond to TLS Client_Hello messages with TLS Server_Hello messages on TCP port 443.</p>\r\n<p class=\"MsoNormal\"><span style=\"mso-bookmark: _Toc294429561;\"><strong>Security Management</strong></span><a name=\"_Toc294429562\"></a></p>\r\n<ul style=\"margin-top: 0in;\" type=\"disc\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TSF data includes the following:</span></span></li>\r\n<ul style=\"margin-top: 0in;\" type=\"circle\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level2 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">All audit records generated to meet the auditing requirements of the Protection Profile;</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level2 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">All user credentials (symmetric keys, private keys, keying material, username/password); and</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level2 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">TSF Configuration data.</span></span></li>\r\n</ul>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TSF includes four administrative roles within the Authorized Administrator role: </span></span></li>\r\n<ul style=\"margin-top: 0in;\" type=\"circle\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level2 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Internal Administrator,</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level2 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Array Administrator,</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level2 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Storage Administrator; and</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level2 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Read-Only Administrator.</span></span></li>\r\n</ul>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">All roles are considered authorized administrators for the remainder of this document. </span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The device ships with three hard-coded users but allows for additional users to be created.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1; mso-layout-grid-align: none; text-autospace: none;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE provides management over HTTPS (remote), SSH (remote), and a local console.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1; mso-layout-grid-align: none; text-autospace: none;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE authenticates administrative users using a username/password combination or a username/SSH_RSA key combination.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1; mso-layout-grid-align: none; text-autospace: none;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TSF does not allow access to any administrative functions prior to successful authentication.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1; mso-layout-grid-align: none; text-autospace: none;\"><span style=\"mso-bookmark: _Toc294429562;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE also has the capability of being updated and verifying updates via published hash verification.</span></span></li>\r\n</ul>\r\n<p class=\"MsoNormal\"><span style=\"mso-bookmark: _Toc294429564;\"><strong>Protection of the TSF</strong></span></p>\r\n<ul style=\"margin-top: 0in;\" type=\"disc\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TSF protects TSF data from disclosure when the data is transmitted between administrators and the TOE, and between the TOE and trusted IT entities.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TSF prevents the reading of secret and private keys.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE provides reliable time stamps for itself.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE runs a suite of self-tests during the initial start-up (upon power on) to demonstrate the correction operation of the TSF. </span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE provides a means to verify firmware/software updates to the TOE using a published hash mechanism to verify the candidate update package prior to installing the update.</span></span></li>\r\n</ul>\r\n<p class=\"MsoNormal\"><span style=\"mso-bookmark: _Toc294429564;\"><strong>TOE Access</strong></span></p>\r\n<ul style=\"margin-top: 0in;\" type=\"disc\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE, for local interactive sessions, terminates the user&rsquo;s session after an Authorized Administrator-specified period of session inactivity (applies to the local console).</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE terminates a <span style=\"mso-bidi-font-weight: bold;\">remote </span>interactive session after an <span style=\"mso-bidi-font-weight: bold;\">Authorized Administrator-configurable period of session inactivity (applies to SSH remote console and HTTPS remote web GUI console)</span>.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE allows Administrator-initiated termination of the Administrator&rsquo;s own interactive session.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">Before establishing <span style=\"mso-bidi-font-weight: bold;\">an administrative user </span>session, the TOE can display <span style=\"mso-bidi-font-weight: bold;\">an Authorized Administrator-specified </span>advisory <span style=\"mso-bidi-font-weight: bold;\">notice and consent </span>warning message regarding unauthorized use of the TOE. <br style=\"mso-special-character: line-break;\" /><!--[endif]--></span></span></li>\r\n</ul>\r\n<p class=\"MsoNormal\"><span style=\"mso-bookmark: _Toc294429564;\"><strong>Trusted Path/Channels</strong></span></p>\r\n<ul style=\"margin-top: 0in;\" type=\"disc\">\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE <span style=\"mso-bidi-font-weight: bold;\">uses </span>TLS to provide a <span style=\"mso-bidi-font-weight: bold;\">trusted </span>communication channel between itself and <span style=\"mso-bidi-font-weight: bold;\">all authorized IT entities </span>that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data <span style=\"mso-bidi-font-weight: bold;\">from disclosure and detection of modification of the channel data</span>.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE permits <span style=\"mso-bidi-font-style: italic;\">the TSF</span>, <span style=\"mso-bidi-font-weight: bold; mso-bidi-font-style: italic;\">or the authorized IT entities, </span>to initiate communication via the trusted channel.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE permits <span style=\"mso-bidi-font-weight: bold;\">remote administrators </span>to initiate communication via the trusted path. The TOE provides an HTTPS protected trusted path, as well as an SSH protected trusted path to administer the TOE.</span></span></li>\r\n<li class=\"MsoNormalCxSpMiddle\" style=\"margin-bottom: 6.0pt; mso-add-space: auto; text-align: justify; mso-list: l1 level1 lfo1;\"><span style=\"mso-bookmark: _Toc294429564;\"><span style=\"mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Times;\">The TOE requires the use of the trusted path for <span style=\"mso-bidi-font-style: italic;\">initial administrator authentication and all remote administration actions</span>.</span></span></li>\r\n</ul>\r\n<p class=\"MsoNormal\">Note: <span style=\"mso-spacerun: yes;\">&nbsp;</span>NTP functionality is unevaluated; Security Administrative users are instructed to disable NTP functionality in the evaluated configuration.</p>","features":[]}