Nortel Networks VPN Router v7.05 and Client Workstation v7.11 Security Target Evaluation Assurance Level: EAL 4+ Document Version: 3.9 Prepared for: Prepared by: Nortel Networks 600 Technology Park Drive Billerica, MA 01821 Phone: (800) 466-7835 http://www.nortel.com Corsec Security, Inc. 10340 Democracy Lane, Suite 201 Fairfax, VA 22030 Phone: (703) 267-6050 http://www.corsec.
Security Target, Version 3.9 March 18, 2008 Revision History Version Modification Date Modified By Description of Changes 1.0 2005-05-31 Kiran Kadambari 2.0 2006-01-17 Nathan Lee 2.1 2006-09-04 Christie Kummers Revised dependencies for SFRs. Minor updates throughout. 3.0 2006-09-29 Christie Kummers Minor updates throughout. 3.1 2006-10-25 Nathan Lee Minor updates throughout. 3.2 2006-12-19 Christie Kummers Updates and changes in response to Lab verdicts. 3.
Security Target, Version 3.9 March 18, 2008 Table of Contents REVISION HISTORY ................................................................................................................................................2 TABLE OF CONTENTS ............................................................................................................................................3 TABLE OF FIGURES ............................................................................................................
Security Target, Version 3.9 March 18, 2008 7 PROTECTION PROFILE CLAIMS ............................................................................................................... 51 7.1 PROTECTION PROFILE REFERENCE ............................................................................................................... 51 8 RATIONALE ..................................................................................................................................................... 52 8.
Security Target, Version 3.9 March 18, 2008 1 Security Target Introduction This section identifies the Security Target (ST), Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and the ST organization. The Targets of Evaluation are models 600, 1010, 1050, 1100, 1750, 2750, and 5000 of the Nortel VPN Router v7.05 and Client Workstation v7.11. These devices are functionally identical and will hereafter be referred to, collectively, as “the TOE” throughout this document.
Security Target, Version 3.9 Keywords March 18, 2008 VPN, Router, Firewall, IPSec 1.3 Conventions, Acronyms, and Terminology 1.3.1 Conventions There are several font variations used within this ST. Selected presentation choices are discussed here to aid the Security Target reader. The CC allows for several operations to be performed on security requirements: assignment, refinement, selection and iteration. All of these operations are used within this ST.
Security Target, Version 3.9 Term March 18, 2008 Explanation Manage Nortel VPN Router Grants administrative rights to view (monitor) and manage (configure) Nortel VPN Router configuration settings or user rights settings. This is the highest level of administrative privilege. The only permission not granted to this level is access to the Primary Admin password.
Security Target, Version 3.9 March 18, 2008 2 TOE Description This section provides a general overview of the TOE as an aid to understanding the general capabilities and security requirements provided by the TOE. The TOE description provides a context for the TOE evaluation by identifying the product type and describing the evaluated configuration. 2.1 Product Type The Nortel VPN Router v7.05 and Client Workstation v7.
Security Target, Version 3.9 March 18, 2008 mode, a Nortel VPN Router on one Enterprise network segment will establish a VPN tunnel with another Nortel VPN Router on another Enterprise network segment. All communications between the two network segments are protected by the VPN tunnel.
Security Target, Version 3.9 March 18, 2008 Configuration of the TOE is performed via a Command Line Interface (CLI) by physically connecting a device (such as a laptop) to the serial interface of the TOE and utilizing dumb-terminal software. After the TOE is configured, it can be managed remotely via a Graphical User Interface (GUI) which is accessed by a management workstation connected to the protected and trusted internal network. 2.
Security Target, Version 3.9 March 18, 2008 In Figure 3 above, the TOE is installed at the boundary of the private (“Enterprise”) network and the public (“Internet”) network. In Figure 4 above, the TOE is installed at the boundary of the two private (“Enterprise”) networks. The essential physical components of the TOE are: Nortel VPN Router v7.05 build 100: The Nortel VPN Router is a dedicated hardware/software appliance running a Nortel-hardened version of the VxWorks OS.
Security Target, Version 3.9 March 18, 2008 Legend: TOE Boundary The World Enterprise Nortel VPN Client Software Windows OS General Purpose Computing Hardware Nortel VPN Switch Software VPN Tunnel VxWorks OS Internet Contivity Hardware Appliance Corporate Network Nortel VPN Client Workstation Nortel VPN Router Figure 5 - TOE Logical Boundary Figure 6 - TOE Logical Boundary in Branch Office Tunnel Mode The essential logical components of the TOE are: Nortel VPN Router v7.
Security Target, Version 3.9 March 18, 2008 Nortel VPN Router: Each of the logical components contained within the physical Nortel VPN Router are included within the TOE boundary. These components are: o Nortel VPN Switch Software o VxWorks OS o Contivity Hardware Appliance. Nortel VPN Client Workstation: The Nortel VPN Client software is part of the TOE but the underlying OS and hardware are excluded from the TOE boundary. The TOE’s logical boundary includes all of the TOE Security Functions (TSFs).
Security Target, Version 3.9 March 18, 2008 Nortel VPN Routers, as well as providing protection against external attack. The architecture of the TOE ensures that VPN data is subject to enforcement of the VPN IFC SFP, and that all data passing through the firewall is subject to enforcement of the Firewall IFC SFP. These SFPs are enforced by the TOE based upon the privilege criteria defined in the SFPs. 2.3.2.
Security Target, Version 3.9 March 18, 2008 2.3.3 Excluded TOE Functionality The following product features and functionality are excluded from the evaluated configuration of the TOE: Remote VPN connections using a tunneling protocol other than IPSec Remote authentication using a Smart Card or a hardware or software token Card Nortel VPN Router v7.05 and Client Workstation v7.
Security Target, Version 3.9 March 18, 2008 3 TOE Security Environment This section describes the security aspects of the environment in which the TOE will be used and the manner in which the TOE is expected to be employed. Section 3.1 provides assumptions about the secure usage of the TOE, including physical, personnel, and connectivity aspects. Section 3.2 lists the known and presumed threats countered by either the TOE or by the security environment. 3.
Security Target, Version 3.9 March 18, 2008 Attackers who are not TOE users: These attackers have no knowledge of how the TOE operates and are assumed to possess a low skill level, a low level of motivation, limited resources to alter TOE configuration settings/parameters, and no physical access to the TOE.
Security Target, Version 3.9 March 18, 2008 4 Security Objectives This section identifies the security objectives for the TOE and its supporting environment. The security objectives identify the responsibilities of the TOE and its environment in meeting the security needs. 4.1 Security Objectives for the TOE The specific security objectives are as follows: O.I&A The TOE must be able to identify and authenticate users prior to allowing access to TOE functions and data. O.
Security Target, Version 3.9 March 18, 2008 4.2 Security Objectives for the Environment 4.2.1 IT Security Objectives The following IT security objectives are to be satisfied by the environment: OE.TIME The environment must provide reliable timestamps for the time-stamping of audit events. OE.CERTIFICATE The environment must provide the required certificate infrastructure so that the validity of certificates can be verified.
Security Target, Version 3.9 March 18, 2008 5 IT Security Requirements This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) met by the TOE as well as SFRs met by the TOE IT environment. These requirements are presented following the conventions identified in Section 1.3.1. 5.1 TOE Security Functional Requirements This section specifies the SFRs for the TOE. This section organizes the SFRs by CC class.
Security Target, Version 3.9 March 18, 2008 SFR ID Description ST Operation FMT_MSA.1(b) Management of Security Attributes FMT_MSA.1(c) Management of Security Attributes FMT_MSA.2 Secure Security Attributes FMT_MSA.3(a) Static Attribute Initialization FMT_MSA.3(b) Static Attribute Initialization FMT_MSA.3(c) Static Attribute Initialization FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security Roles FPT_AMT.
Security Target, Version 3.9 March 18, 2008 5.1.1 Class FAU: Security Audit FAU_GEN.1 Audit Data Generation Hierarchical to: No other components. FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and shutdown of the audit functions; b) All auditable events, for the [not specified] level of audit; and c) [All events listed in Table 4].
Security Target, Version 3.9 March 18, 2008 The TSF shall provide the audit records in a manner suitable for the user to interpret the information. Dependencies: FAU_GEN.1 Audit data generation Nortel VPN Router v7.05 and Client Workstation v7.
Security Target, Version 3.9 March 18, 2008 5.1.2 Class FCS: Cryptographic Support FCS_CKM.1(a) Cryptographic key generation (Diffie-Hellman) Hierarchical to: No other components. FCS_CKM.1.1(a) The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm [Diffie-Hellman] and specified cryptographic key sizes [1024, 1536 bit keys] that meet the following: [RFC 2631]. Dependencies: [FCS_CKM.2 Cryptographic key distribution, or FCS_COP.
Security Target, Version 3.9 March 18, 2008 FCS_COP.1.1(a) The TSF shall perform [encryption and decryption] in accordance with a specified cryptographic algorithm [3DES and AES] and cryptographic key sizes [168-bit key, 128 and 256-bit keys, respectively] that meet the following: [FIPS 46-3 and FIPS 197, respectively]. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.
Security Target, Version 3.9 Dependencies: March 18, 2008 [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction FMT_MSA.2 Secure security attributes Nortel VPN Router v7.05 and Client Workstation v7.
Security Target, Version 3.9 March 18, 2008 5.1.3 Class FDP: User Data Protection FDP_ACC.2 Complete access control Hierarchical to: FDP_ACC.1 FDP_ACC.2.1 The TSF shall enforce the [Access Control SFP] on [Subjects: administrators; Objects: VPN Router configuration parameters] and all operations among subjects and objects covered by the SFP. FDP_ACC.2.2 The TSF shall ensure that all operations between any subject in the TSC and any object within the TSC are covered by an access control SFP.
Security Target, Version 3.9 March 18, 2008 The TSF shall enforce the [VPN Information Flow Control SFP] on [remote authenticated VPN Clients connecting to a Nortel VPN Router] and all operations that cause that information to flow to and from subjects covered by the SFP. FDP_IFC.2.2(a) The TSF shall ensure that all operations that cause any information in the TSC to flow to and from any subject in the TSC are covered by an information flow control SFP. Dependencies: FDP_IFF.
Security Target, Version 3.9 March 18, 2008 FDP_IFF.1.3(a) The TSF shall enforce the [none]. FDP_IFF.1.4(a) The TSF shall provide the following [stateful Firewall, Network Address Translation (NAT), IPSec]. FDP_IFF.1.5(a) The TSF shall explicitly authorise an information flow based on the following rules: [none]. FDP_IFF.1.6(a) The TSF shall explicitly deny an information flow based on the following rules: [none]. Dependencies: FDP_IFC.1 Subset information flow control FMT_MSA.
Security Target, Version 3.9 Dependencies: March 18, 2008 FDP_IFC.1 Subset information flow control FMT_MSA.3 Static attribute initialisation FDP_UCT.1 Basic data exchange confidentiality Hierarchical to: No other components. FDP_UCT.1.1 The TSF shall enforce the [VPN Information Flow Control SFP] to be able to [transmit, receive] objects in a manner protected from unauthorised disclosure. Dependencies: [FTP_ITC.1 Inter-TSF trusted channel, or FTP_TRP.1 Trusted path] [FDP_ACC.
Security Target, Version 3.9 March 18, 2008 5.1.4 Class FIA: Identification and Authentication FIA_UAU.1 Timing of authentication Hierarchical to: No other components. FIA_UAU.1.1 The TSF shall allow [ o o o o o o o o connection configuration, username entry, password entry, destination selection, authentication options (digital certificates, username, password), keepalive options, autoconnect, name server options ] on behalf of the user to be performed before the user is authenticated. FIA_UAU.1.
Security Target, Version 3.9 March 18, 2008 The TSF shall require each user to identify itself before allowing any other 4 TSF-mediated actions on behalf of that user. Dependencies: 4 No dependencies “Other” in this SFR means any action not included in the assignment in FIA_UAU.1.1. Nortel VPN Router v7.05 and Client Workstation v7.
Security Target, Version 3.9 March 18, 2008 5.1.5 Class FMT: Security Management FMT_MOF.1(a) Management of security functions behaviour Hierarchical to: No other components. FMT_MOF.1.1(a) The TSF shall restrict the ability to [modify the behaviour of] the functions [creation and rights assignment of Restricted Admins] to [Primary Admin]. Dependencies: FMT_SMF.1 Specification of management functions FMT_SMR.1 Security roles FMT_MOF.
Security Target, Version 3.9 Dependencies: March 18, 2008 [FDP_ACC.1 Subset access control or FDP_IFC.1 Subset information flow control] FMT_SMF.1 Specification of management functions FMT_SMR.1 Security roles FMT_MSA.1(c) Management of security attributes Hierarchical to: No other components. FMT_MSA.1.
Security Target, Version 3.9 March 18, 2008 FMT_MSA.3(b) Static attribute initialisation Hierarchical to: No other components. FMT_MSA.3.1(b) The TSF shall enforce the [Firewall Information Control SFP] to provide [restrictive] default values for security attributes that are used to enforce the SFP. FMT_MSA.3.2(b) The TSF shall allow the [Primary Admin] to specify alternative initial values to override the default values when an object or information is created. Dependencies: FMT_MSA.
Security Target, Version 3.9 March 18, 2008 The TSF shall maintain the roles [Primary Admin, Restricted Admin, VPN User]. FMT_SMR.1.2 The TSF shall be able to associate users with roles. Dependencies: FIA_UID.1 Timing of identification Nortel VPN Router v7.05 and Client Workstation v7.
Security Target, Version 3.9 March 18, 2008 5.1.6 Class FPT: Protection of the TSF FPT_AMT.1 Abstract machine testing Hierarchical to: No other components. FPT_AMT.1.1 The TSF shall run a suite of tests [during initial start-up, periodically during normal operation] to demonstrate the correct operation of the security assumptions provided by the abstract machine that underlies the TSF. Dependencies: No dependencies FPT_RPL.1 Replay detection Hierarchical to: No other components. FPT_RPL.1.
Security Target, Version 3.9 March 18, 2008 5.1.7 Class FTP: Trusted Path/Channels FTP_TRP.1 Trusted path Hierarchical to: No other components. FTP_TRP.1.1 The TSF shall provide a communication path between itself and [remote] users that is logically distinct from other communication paths and provides assured identification of its end points and protection of the communicated data from modification or disclosure. FTP_TRP.1.
Security Target, Version 3.9 March 18, 2008 5.2 Security Functional Requirements on the IT Environment The TOE has the following security requirement for its IT environment. Table 5 identifies all SFRs implemented by the IT Environment and indicates the ST operations performed on each requirement. Table 5 - IT Environment Security Functional Requirements FPT_RVM.1 Non-bypassability of the TSP FPT_SEP.1 TSF domain separation FPT_STM.
Security Target, Version 3.9 March 18, 2008 The TSF TOE Environment shall be able to provide reliable time stamps for it’s the TOE’s own use. Dependencies: No dependencies Nortel VPN Router v7.05 and Client Workstation v7.
Security Target, Version 3.9 March 18, 2008 5.3 Assurance Requirements This section defines the assurance requirements for the TOE. The assurance requirements are taken from Part 3 of the CC and are EAL 4 augmented with ALC_FLR.2. Table 6 below summarizes the components. Table 6 - Assurance Components Assurance Requirements Class ACM: Configuration management ACM_AUT.1 Partial CM automation ACM_CAP.4 General support and acceptance procedures ACM_SCP.
Security Target, Version 3.9 March 18, 2008 6 TOE Summary Specification This section presents information to detail how the TOE meets the functional and assurance requirements described in previous sections of this ST. 6.1 TOE Security Functions Each of the security function descriptions is organized by the security requirements corresponding to the security function. Hence, each function is described by how it specifically satisfies each of its related requirements.
Security Target, Version 3.9 TOE Security Function March 18, 2008 SFR ID Description FMT_MSA.3(b) Static Attribute Initialization FMT_MSA.3(c) Static Attribute Initialization FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security Roles FPT_AMT.1 Abstract Machine Testing FPT_RPL.1 Replay Detection FPT_TST.1 TSF Testing Trusted Path/Channels FTP_TRP.1 Trusted Path Protection of the TSF 6.1.
Security Target, Version 3.9 System Log March 18, 2008 The System Log records data about System events which are considered significant enough to be written to disk, including those displayed in the Configuration and Security logs.
Security Target, Version 3.9 March 18, 2008 6.1.2 Cryptographic Support The TOE’s cryptographic functionality is provided by a FIPS 140-2-validated cryptographic module. All modules have received either a Level 1 or Level 2 FIPS 140-2 validation. Table 8 below indicates the modules and the validation levels achieved.
Security Target, Version 3.9 March 18, 2008 for reuse. This ensures that the keys are completely destroyed before any other process might have access to that memory location. TOE Security Functional Requirements Satisfied: FCS_CKM.1(a), FCS_COP.1(a), FCS_COP.1(b)., FCS_COP.1(d), FCS_COP.1(e) FCS_CKM.1(b), FCS_CKM.4, 6.1.3 User Data Protection The TOE enforces access controls on each administrator and user of the TOE based on the privileges held by that user.
Security Target, Version 3.9 March 18, 2008 VPN Information Flow Control SFP and Firewall Information Flow Control SFP: Both SFPs enforce a stateful Firewall. Each time a TCP connection is established from a host on the internal network to a host on the external network through the Nortel VPN Router, information about the connection is recorded in a stateful session flow table.
Security Target, Version 3.9 March 18, 2008 functions. The VPN User has no access to administrative functions and may only authenticate to the Nortel VPN Router through the Nortel VPN Client in order to access the private network. These roles determine a user’s level of access to security management functions provided by the TOE. These security management functions include management of all audit and event records, management of access control, and management of VPN and firewall functions.
Security Target, Version 3.9 March 18, 2008 o Runs when a random number needs to be generated. Continuous RNG for Entropy Gathering: Verifies that the seed for the FIPS 182-2 PRNG is not failing to a constant value. o Runs when a seed for the RNG needs to be generated. Pair-wise Consistency Test for RSA Key Generation: Verifies that a newly generated RSA public/private keypair works properly. o Runs when an RSA public/private keypair is generated.
Security Target, Version 3.9 Assurance Component ALC_DVS.1 8 8 March 18, 2008 Assurance Measure Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_FLR.2 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_LCD.1 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_TAT.1 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ATE_COV.2 Nortel Networks Virtual Private Network Router v7.
Security Target, Version 3.9 March 18, 2008 7 Protection Profile Claims This section provides the identification and justification for any Protection Profile conformance claims. 7.1 Protection Profile Reference There are no protection profile claims for this security target. Nortel VPN Router v7.05 and Client Workstation v7.
Security Target, Version 3.9 March 18, 2008 8 Rationale This section provides the rationale for the selection of the security requirements, objectives, assumptions, and threats. In particular, it shows that the security requirements are suitable to meet the security objectives, which in turn are shown to be suitable to cover all aspects of the TOE security environment. 8.
Security Target, Version 3.9 March 18, 2008 T.AUTH-ERROR An authorized user may accidentally alter the configuration of a policy that permits or denies information flow through the TOE, thereby affecting the integrity of the transmitted information. The TOE provide facilities to enable an authorized administrator to effectively manage the TOE and its security function, and ensures that only authorized administrators are able to access such functionality (O.ADMIN).
Security Target, Version 3.9 March 18, 2008 TE.PHYSICAL An attacker may physically attack the Hardware appliance in order to compromise its secure operation. The environment ensures that the TOE is physically protected so that only TOE users who possess the appropriate privileges have access (OE.PHYS-SEC). OE.PHYS-SEC ensures that this threat is removed. TE.
Security Target, Version 3.9 March 18, 2008 This may mean the environment provides a connection to a trusted Certificate Authority, or that the required certificates are otherwise available to the TOE. It is assumed that the appropriate infrastructure is properly maintained in order to ensure the accuracy and security of the certificates (e.g., certificates are revoked in a timely manner).
Security Target, Version 3.9 March 18, 2008 Table 12 - Relationship of Security Requirements to Objectives FCS_COP.1(b) FCS_COP.1(d) FCS_COP.1(e) FCS_CKM.1(b) FDP_IFC.2(a) FDP_IFC.2(b) FDP_IFF.1(a) FDP_IFF.1(b) FDP_UCT.1 FDP_UIT.1 OE.NONBYPASS OE.PROTECT FCS_COP.1(a) OE.TIME O.TEST O.FILTER O.REPLAY FCS.CKM.4 FAU_SAR.1 O.INTEGRITY O.ADMIN FAU_GEN.1 O.FUNCTIONS O.
Security Target, Version 3.9 March 18, 2008 FPT_AMT.1 FPT_RLT.1 FPT_TST.1 FTP_TRP.1 Env FPT_RVM.1 O.I&A FPT_SEP.1 FPT_STM.1 OE.NONBYPASS OE.PROTECT OE.TIME O.TEST O.FILTER O.REPLAY O.INTEGRITY O.ADMIN O.FUNCTIONS O.CONFIDENT O.SELFPROTECT O.AUDIT Requirements O.I&A Objectives The TOE must be able to identify and authenticate users prior to allowing access to TOE functions and data.
Security Target, Version 3.9 March 18, 2008 required to use SHA-1 and it must be implemented according to RFC 3174 [FCS_CKM.1(a), FCS_CKM.4, and FCS_COP.1(a,b,c,d,e,f)]. O.CONFIDENT The TOE must use the IPSec tunneling protocol to ensure confidentiality of data transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel VPN Routers.
Security Target, Version 3.9 March 18, 2008 The TSF is required to perform security management functions such as create users and assign roles to users [FMT_SMF.1]. The TOE must be able to recognize the different administrative and user roles that exist for the TOE [FMT_SMR.1]. O.INTEGRITY The TOE must use the IPSec tunneling protocol to ensure integrity of data transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel VPN Routers.
Security Target, Version 3.9 March 18, 2008 authorized users with the ability to verify the integrity of TSF Data and TSF executable code [FPT_AMT.1 and FPT_TST.1]. OE.TIME The environment must provide reliable timestamps for the time-stamping of audit events. Time stamps associated with an audit record must be reliable [FPT_STM.1]. OE.PROTECT The environment must protect the TOE from interference and tampering by untrusted subjects.
Security Target, Version 3.9 March 18, 2008 SFR ID Dependencies Dependency Met FCS_CKM.1(a) FCS.CKM.4 FMT_MSA.2 FCS_COP.1 FCS_CKM.1(a) FCS_CKM.4 FMT_MSA.2 FDP_ACC.2 FDP_ACF.1 9 FDP_ACF.1 FDP_ACC.1 FMT_MSA.3 FDP_IFC.2 FDP_IFF.1 FDP_IFF.1 10 FDP_IFC.1 FTP_TRP.1 FDP_UCT.1 9 FDP_ACC.1 / 10 FDP_IFC.1 9 FDP_UIT.1 FDP_ACC.1 / 10 FDP_IFC.1 FTP_TRP.1 FIA_UAU.1 11 FIA_UID.1 FIA_UAU.5 [none] FIA_UID.2 [none] FMT_SMF.1 FMT_SMR.1 FMT_MOF.1 9 FDP_ACC.
Security Target, Version 3.9 March 18, 2008 SFR ID Dependencies Dependency Met FPT_TST.1 FPT_AMT.1 FTP_TRP.1 [none] 8.6 TOE Summary Specification Rationale 8.6.1 TOE Summary Specification Rationale for the Security Functional Requirements Each subsection in the TOE Summary Specification (Section 6) describes a security function of the TOE.
Security Target, Version 3.9 March 18, 2008 8.6.2 TOE Summary Specification Rationale for the Security Assurance Requirements 8.6.2.1 Configuration Management The Configuration Management documentation provides a description of tools used to control the configuration items and how they are used by Nortel. The documentation provides a complete configuration item list and a unique reference for each item.
Security Target, Version 3.9 March 18, 2008 Corresponding CC Assurance Components: Functional Specification with Complete Summary Security-Enforcing High-Level Design Descriptive Low-Level Design Implementation of the TSF Informal TOE Security Policy Model Informal Representation Correspondence 8.6.2.4 Guidance Documentation The Nortel Guidance documentation provides administrator and user guidance on how to securely operate the TOE.
Security Target, Version 3.9 March 18, 2008 Corresponding CC Assurance Components: Analysis of Coverage High-Level Design Functional Testing Independent Testing 8.6.2.7 Vulnerability and TOE Strength of Function Analyses The Validation of Analysis documentation identifies all possible modes of operation of the TOE, their consequences and implications for maintaining secure operation.
Security Target, Version 3.
Security Target, Version 3.9 March 18, 2008 Acronym Definition SHA Secure Hash Algorithm SOF Strength of Function ST Security Target TCP Transmission Control Protocol TOE Target of Evaluation TSF TOE Security Function TSP TOE Security Policy UDP User Datagram Protocol VPN Virtual Private Network WAN Wide Area Network Nortel VPN Router v7.05 and Client Workstation v7.