Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target Version 1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target TABLE OF CONTENTS SECTION PAGE 1 Introduction to the Security Target ....................................................................... 6 1.1 Security Target Identification.....................................................................................6 1.2 Security Target Overview ...........................................................................................6 1.3 Common Criteria Conformance ................
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.2.1.18 FIA_USB.1(1) User-subject binding. ....................................................................................... 26 5.2.1.19 FIA_USB.1(2) User-subject binding. ....................................................................................... 27 5.2.1.20 FMT_MOF.1(1) Management of cryptographic security functions behavior........................... 27 5.2.1.21 FMT_MOF.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 6.1.6 6.1.7 6.1.8 6.2 Protection of the TSF .............................................................................................................. 42 TOE Access ............................................................................................................................ 43 Trusted Path/Channels ...........................................................................................................
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target Table of Tables Table Page Table 3-1 TOE Assumptions ...............................................................................................................................................12 Table 3-2 Threats................................................................................................................................................................13 Table 3-3 Organizational Security Policies..................
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 1 Introduction to the Security Target 1.1 Security Target Identification TOE Identification: This Security Target describes two TOEs: Motorola WS5100 Wireless Switch Hardware Version: WS5100 Software Version: WS5100-3.0.0.0-022GR Motorola RFS7000 RF Switch Hardware Version: RFS7000 Software Version: RFS7000-1.0.0.0-022GR Document Title: Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target, Document Version 1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target The CC allows several operations to be performed on functional requirements; refinement, selection, assignment, and iteration are defined in paragraph 2.1.4 of Part 2 of the CC. Each of these operations is used in this ST. The refinement operation is used to add detail to a requirement, and thus further restricts a requirement. Refinement of security requirements is denoted by bold text. Deleted words are denoted by strike-through text.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 2 TOE Description 2.1 Overview This Security Target describes two TOEs which have the same security functionality, but different performance and hardware characteristics. Motorola WS5100 Wireless Switch is a rack-mounted hardware device with 1U chassis. It supports up to 48 wireless access points. The device includes two Gigabit Ethernet ports, which provide network connectivity. An RS232 Serial port is used for local administration.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target Figure 3. Typical TOE deployment diagram Audit server TOE Local Admin Auth Server Time Server IPSec/VPN tunnel L2 Switch The TOE is a device used to control operation of multiple wireless access points and to provide secure Wireless Local Area Network (WLAN) connectivity to a set of wireless client devices.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target between the TOE and the wireless client device. Once the connection is established, the wireless client device may access the protected wired network utilizing the TOE as a gateway. The network connection between the TOE and the external authentication server is protected using the IPSec/IKE security protocol.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target The following wireless security protocols are disabled in the FIPS 140-2 mode of operation and are not included in this evaluation: WEP, WPA, TKIP. The following TOE features are not included in the evaluation: intrusion detection, protection against denial-of-service attacks, roaming of mobile clients across distributed networks, stateful packet analysis, network address translation, 802.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 3 TOE Security Environment This section describes the assumptions, threats, and policies that are relevant to both the TOE and the TOE environment. 3.1 Secure Usage Assumptions Assumptions are limiting conditions that are accepted before developing policy or considering threats. Table 3-1 TOE Assumptions identifies the conditions that are assumed to exist in the operational environment.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target Table 3-2 Threats Name T.ACCIDENTAL_ADMIN_ ERROR Threat Definition An administrator may incorrectly install or configure the TOE resulting in ineffective security mechanisms. T.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target T.UNAUTH_ADMIN_ACCESS An unauthorized user or process may gain access to an administrative account. 3.3 Organizational Security Policies An organizational security policy is a set of rules, practices, and procedures imposed by an organization to address its security needs. Table 3-3 Organizational Security Policies identifies the organizational security policies applicable to the TOE. The policies are identical to those of WLANAS PP.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 4 Security Objectives 4.1 Security Objectives for the TOE Table 4-1 Security Objectives for TOE identifies the security objectives of the TOE. These security objectives reflect the stated intent to counter identified threats and/or comply with any organizational security policies identified. The table also shows the corresponding threats and policies that are addressed by the objectives.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target O.RESIDUAL_ INFORMATION The TOE will ensure that any information contained in a protected resource within its Scope of Control is not released when the resource is reallocated. O.SELF_PROTECTION The TSF will maintain a domain for its own execution that protects itself and its resources from external interference, tampering, or unauthorized disclosure through its own interfaces. O.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target OE.AUDIT_PROTECTION The IT Environment will provide the capability to protect audit information and the authentication credentials. OE.AUDIT_REVIEW The IT Environment will provide the capability to selectively view audit information. OE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5 IT Security Requirements This section provides functional and assurance requirements that must be satisfied by the TOE and the IT environment. 5.1 Strength of Function Claims The statement of the TOE security requirements must include a minimum strength level for the TOE security functions realized by a probabilistic or permutational mechanism, except for cryptographic functions. For this ST, the overall level will be SoF-basic.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target FCS_CKM.4 Cryptographic key destruction FTP_ITC.1 or FCS_CKM.1] FMT_MSA.2 FCS_COP_EXP.1 Explicit: random number generation [FTP_ITC.1or FCS_CKM.1] FCS_CKM.4 FMT_MSA.2 FCS_COP_EXP.2 Explicit: cryptographic operation [FTP_ITC.1 or FCS_CKM.1] FCS_CKM.4 FMT_MSA.2 FDP_PUD_EXP.1 Protection of user data None FDP_RIP.1(1) Subset residual information protection None FIA_AFL.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target (administrator) FMT_SMF.1(1) FMT_SMF.1(1) Specification of management functions (cryptographic functions) None FMT_SMF.1(2) Specification of management functions (TOE audit record generation) None FMT_SMF.1(3) Specification of management functions (Cryptographic key data) None FMT_SMR.1(1) Security roles FIA_UID.1 FPT_RVM.1(1) Non-bypassability of the TOE Security Policy (TSP) None FPT_SEP.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target Table 5-2 TOE Auditable Events Requirement FAU_GEN.1 FAU_GEN.2 FAU_SEL.1 Auditable Events FCS_CKM.1 None None All modifications to the audit configuration that occur while the audit collection functions are operating Manual load of a key FCS_CKM_EXP.2 Error(s) detected during cryptographic key transfer FCS_CKM.4 Destruction of a cryptographic key FCS_COP_EXP.1 FCS_COP_EXP.2 FDP_PUD.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target FMT_MOF.1(3) Changes to the TOE remote authentication settings; Changes to the threshold of failed authentication attempts; Changes to the session lock timeframe The identity of the Administrator performing the function. FMT_MSA.2 All offered and rejected values for security attributes Changes to the set of rules used to pre-select audit events. Changing the TOE authentication credentials None FMT_MTD.1(1) FMT_MTD.1(2) FMT_SMR.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.2.1.2 FAU_GEN.2 User identity association FAU_GEN.2.1 For audit events resulting from actions of identified users, the TSF shall be able to associate each auditable event with the identity of the user that caused the event. 5.2.1.3 FAU_SEL.1 Selective audit FAU_SEL.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.2.1.7 FCS_CKM.4 Cryptographic key destruction FCS_CKM.4.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.2.1.11 FDP_PUD_EXP.1 Protection of user data FDP_PUD_EXP.1.1 When the administrator has enabled encryption, the TSF shall: encrypt authenticated user data transmitted to a wireless client from the radio interface of the wireless access system using the cryptographic algorithm(s) specified in FCS_COP_EXP.2 utilizing 802.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.2.1.15 FIA_UAU.1 Timing of local authentication FIA_UAU.1.1 The TSF shall allow [identification as provided in FIA_UID.2] on behalf of the user users to be performed before the user is authenticated. FIA_UAU.1.2 The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user. 5.2.1.16 FIA_UAU_EXP.5(1) Explicit: multiple authentication mechanisms FIA_UAU_EXP.5.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target FIA_USB.1.2(1) The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users: [upon successful identification and authentication the username shall be that of the user that has authenticated successfully]. FIA_USB.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.2.1.22 FMT_MOF.1(3) Management of authentication security functions behavior FMT_MOF.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.2.1.28 FMT_SMF.1(3) Specification of management functions (cryptographic key data) FMT_SMF.1.1(3) The TSF shall be capable of performing the following security management functions: [query, set, modify, and delete the cryptographic keys and key data in support of FDP_PUD_EXP and enable/disable verification of cryptographic key testing].
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target FPT_TST_EXP.1.2 The TSF shall provide the capability to use a TSF-provided cryptographic function to verify the integrity of all TSF data except the following: audit data, [temporary files, page files, configuration files, core dumps, data stored in volatile memory]. FPT_TST_EXP.1.3 The TSF shall provide the capability to use a TSF-provided cryptographic function to verify the integrity of stored TSF executable code. 5.2.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.2.1.38 FTP_TRP.1 Trusted path FTP_TRP.1.1 The TSF shall provide a communication path between itself and wireless users that is logically distinct from other communication paths and provides assured identification of its end points and protection of the communicated data from modification, replay or disclosure. FTP_TRP.1.2 The TSF shall permit wireless client devices to initiate communication via the trusted path. FTP_TRP.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target FDP_RIP.1(2) Subset residual information protection None FIA_AFL.1(2) Remote user authentication failure handling User attribute definition Remote authentication mechanisms FIA_UAU.1 None FIA_UID.1 FIA_UID.1 FMT_MOF.1(4) Timing of identification Management of security functions Behavior None FMT_SMF.1(1)(2)(3) FMT_SMR.1 FMT_MTD.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target Requirement FAU_GEN.1(2) FAU_SAR.1 FAU_SAR.2 Auditable Events None None Unsuccessful attempt to read the audit records Additional Audit Record Contents None None The identity of the user attempting to perform the function None None None FAU_SAR.3 FAU_STG.1 FAU_STG.3 None None Any actions taken when audit trail limits are exceeded FDP_RIP.1(2) FIA_AFL.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target performed the action FAU_GEN.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.3.1.6 FAU_STG.3 Action in case of possible audit data loss FAU_STG.3.1 The TOE IT environment TSF shall [immediately alert the administrators by displaying a message at the local console, none] if the audit trail exceeds [an administrator-settable percentage of storage capacity]. 5.3.1.7 FDP_RIP.1(2) Subset residual information protection FDP_RIP.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.3.1.11 FIA_UID.1 Timing of identification FIA_UID.1.1 The TOE IT environment TSF shall allow [no actions] on behalf of the TOE remote user to be performed before the user is identified. FIA_UID.1.2 The TOE IT environment TSF shall require each TOE remote user to identify itself before allowing any other IT environment or TSF-mediated actions on behalf of that TOE remote user.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 5.3.1.17 FMT_MTD.1(5) Management of time data FMT_MTD.1.1(5) The TOE IT environment shall restrict the ability to [set] the [time and date used to form the time stamps in FPT_STM.1] to [the Security Administrator or authorized IT entity]. 5.3.1.18 FMT_SMR.1(2) Security roles FMT_SMR.1.1(2) The TOE IT environment TSF shall maintain the roles [administrator]. FMT_SMR.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target Application Note: The TOE IT environment must provide reliable time stamps (for example: an NTP server). It is also acceptable for the TOE to satisfy this requirement by providing its own time stamp. 5.4 TOE Security Assurance Requirements The Security Assurance Requirements for the TOE are the assurance components of Evaluation Assurance Level 4 (EAL4) augmented with ALC_FLR.2 (Flaw Remediation).
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target AVA_SOF.1 Strength of TOE security function evaluation AVA_VLA.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 6 TOE Summary Specification This chapter describes the security functions and associated assurance measures. 6.1 TOE Security Functions The following security functions are implemented by the TOE a) Security Audit b) Cryptographic Support c) User Data Protection d) Identification and Authentication e) Security Management f) Protection of the TSF g) TOE Access h) Trusted Path/Channels 6.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target The audit events records are transmitted to the external audit server over a secure IPSec/IKE connection. Reliable time stamps are used for audit records. 6.1.2 Cryptographic Support The TOE utilizes cryptographic functions for the purposes of wireless data protection using 802.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target the external authentication server is protected using IPSec/IKE security protocol with pre-shared keys. EAP-TLS uses a client certificate for user authentication, the username is embedded in the certificate. EAP-TTLS and PEAP use a password for user authentication. No services are provided by the TOE until the user is successfully identified and authenticated. 6.1.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 6.1.7 TOE Access The TOE terminates a local serial console administrator or a wireless user session after a configurable time interval of user inactivity is reached. A default banner regarding unauthorized access is displayed before establishing a user session. 6.1.8 Trusted Path/Channels The TOE maintains a trusted channel with audit, authentication, and network time protocol servers.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target ADV_IMP.1 Subset of the implementation of the TSF A subset of the source code and hardware diagrams used to generate the TOE ADV_LLD.1 Descriptive low-level design Motorola Wireless Switch Low-Level Design Specification ADV_RCR.1 Informal correspondence demonstration Motorola Wireless Switch Informal Correspondence Demonstration ADV_SPM.1 Informal TOE security policy model Motorola Wireless Switch Security Policy Model AGD_ADM.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target AVA_VLA.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 7 PP Claims The TOE conforms to the US Government Wireless Local Area Network (WLAN) Access System Protection Profile for Basic Robustness Environments, Version 1.0, April 2006. Please see Section 8.10, PP Claims Rationale, for a detailed discussion of PP compliance.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 8 Rationale This section describes the rationale for the Security Objectives, Security Functional Requirements and TOE Summary Specification. Additionally, this section describes the rationale for not satisfying all of the dependencies and the rationale for the strength of function (SOF) claim. Table 8-1 illustrates the mapping from Security Objectives to Threats and Policies. It is identical to that of the WLANAS PP. 8.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target and are trained to appropriately manage and administer the TOE. OE.NO_GENERAL_PURPOS E also helps to mitigate this threat by ensuring that there can be no accidental errors due to the introduction of unauthorized software or data, by ensuring that there are no general-purpose or storage repository applications available on the TOE. T.ACCIDENTAL_CRYPTO_COM PROMISE O.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target T.MASQUERADE O.TOE_ACCESS A user may masquerade as an authorized user or the authentication server to gain access to data or TOE resources. The TOE will provide mechanisms that control a user’s logical access to the TOE. OE.TOE_ACCESS The environment will provide mechanisms that support the TOE in providing users logical access to the TOE. OE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target T.POOR_DESIGN Unintentional errors in requirements specification or design of the TOE may occur, leading to flaws that may be exploited by a casually mischievous user or program. O.CONFIGURATION_ IDENTIFICATION The configuration of the TOE is fully identified in a manner that will allow implementation errors to be identified, corrected with the TOE being redistributed promptly. O.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target T.POOR_IMPLEMENTATION Unintentional errors in implementation of the TOE design may occur, leading to flaws that may be exploited by a casually mischievous user or program. O.CONFIGURATION_ IDENTIFICATION The configuration of the TOE is fully identified in a manner that will allow implementation errors to be identified, corrected with the TOE being redistributed promptly. O.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target O.DOCUMENTED_DESIGN The design of the TOE is adequately and accurately documented. T.RESIDUAL_DATA A user or process may gain unauthorized access to data through reallocation of TOE resources from one user or process to another. O.RESIDUAL_ INFORMATION The TOE will ensure that any information contained in a protected resource within its Scope of Control is not released when the resource is reallocated. OE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target T.TSF_COMPROMISE O.MANAGE A user or process may cause, through an unsophisticated attack, TSF data, or executable code to be inappropriately accessed (viewed, modified, or deleted). The TOE will provide functions and facilities necessary to support the administrators in their management of the security of the TOE. OE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target and its resources from external interference, tampering, or unauthorized disclosure through its own interfaces. T.UNATTENDED_SESSION O.TOE_ACCESS A user may gain unauthorized access to an unattended session. The TOE will provide mechanisms that control a user’s logical access to the TOE. Page 54 of 85 The only sessions that are established with the TOE are anticipated to be administrative sessions.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target T.UNAUTH_ADMIN_ACCESS O.ADMIN_GUIDANCE An unauthorized user or process may gain access to an administrative account. The TOE will provide administrators with the necessary information for secure management. O.MANAGE The TOE will provide functions and facilities necessary to support the administrators in their management of the security of the TOE, and restrict these functions and facilities from unauthorized use. OE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions of use, legal agreements, or any other appropriate information to which users consent by accessing the system. O.DISPLAY_BANNER The TOE will display an advisory warning regarding use of the TOE. O.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target augment the TOE functions and facilities necessary to support the administrators in their management of the security of the TOE, and restrict these functions and facilities from unauthorized use. O.TIME_STAMPS The TOE shall obtain reliable time stamps and the capability for the administrator to set the time used for these time stamps. OE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target is reallocated. P.CRYPTOGRAPHY_VALIDATE D Only NIST FIPS validated cryptography (methods and implementations) are acceptable for key management (i.e.; generation, access, distribution, destruction, handling, and storage of keys) and cryptographic services (i.e.; encryption, decryption, signature, hashing, key exchange, and random number generation services). O.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target P.ENCRYPTED_CHANNEL The TOE shall provide the capability to encrypt/decrypt wireless network traffic between the TOE and those wireless clients that are authorized to join the network. O.CRYPTOGRAPHY The TOE shall provide cryptographic functions to maintain the confidentiality and allow for detection of modification of user data that is transmitted between physically separated portions of the TOE, or outside of the TOE. O.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target P.NO_AD_HOC_NETWORKS In concordance with the DOD Wireless Policy, there will be no ad hoc 802.11 or 802.15 networks allowed. O.MEDIATE The TOE must mediate the flow of information to and from wireless clients communicating via the TOE in accordance with its security policy. OE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 8.3 Rationale for TOE Security Requirements Table 8-2 Rationale for TOE Security Requirements Objective Requirements Addressing the Objective O.ADMIN_GUIDANCE ADO_DEL.1 The TOE will provide administrators with the necessary information for secure management. ADO_IGS.1 AGD_ADM.1 AGD_USR.1 AVA_MSU.1 Rationale ADO_DEL.1 ensures that the administrator has the ability to begin their TOE installation with a clean (e.g.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target wireless clients may be configured by administrators that are not administrators of this TOE, then that guidance may be user guidance from the perspective of this TOE. AVA_MSU.1 ensures that the guidance documentation can be followed unambiguously to ensure the TOE is not misconfigured in an insecure state due to confusing guidance. O.AUDIT_GENERATION FAU_GEN.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target the proper identity of the subject that causes an audit record to be generated (e.g., presumed network address of an unauthenticated user may be a spoofed address). FPT_STM_EXP.1 supports the audit functionality by ensuring that the TOE is capable of obtaining a time stamp for use in recording audit events. FTP_ITC_EXP.1(1) provides a trusted channel for services provided by the TOE IT environment (the audit server and the time server).
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target O.CORRECT_ TSF_OPERATION The TOE will provide the capability to test the TSF to ensure the correct operation of the TSF at a customer’s site. FPT_TST_EXP.1 FPT_TST_EXP.2 O.CRYPTOGRAPHY The TOE shall provide cryptographic functions to maintain the confidentiality and allow for detection of modification of user data that is transmitted between physically separated portions of the TOE, or outside of the TOE. FCS_BCM_EXP.1 FCS_CKM.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target O.CRYPTOGRAPHY_VAL IDATED The TOE will use NIST FIPS 140-1/2 validated cryptomodules for cryptographic services implementing NISTapproved security functions and random number generation services used by cryptographic functions. FCS_BCM_EXP.1 FCS_CKM.1 FCS_CKM_EXP.2 FCS_CKM.4 FCS_COP_EXP.1 FCS_COP_EXP.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target O.DOCUMENTED_DESIG N ADV_FSP.1 ADV_HLD.1 ADV_RCR.1 ADV_FSP.1, ADV_HLD.1, and ADV_RCR.1 support this objective by requiring that the TOE be developed using sound engineering principles. The use of a high level design and the functional specification ensure that developers responsible for TOE development understand the overall design of the TOE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target interface in accordance with its security policy. O.PARTIAL_FUNCTIONA L_TESTING The TOE will undergo some security functional testing that demonstrates the TSF satisfies some of its security functional requirements. allowed to pass through the TOE. ATE_COV.1 ATE_FUN.1 ATE_IND.2 ATE_FUN.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target O.RESIDUAL_ INFORMATION FDP_RIP.1(1) FCS_CKM_EXP.2 FCS_CKM.4 The TOE will ensure that any information contained in a protected resource within its Scope of Control is not released when the resource is reallocated. FDP_RIP.1 is used to ensure the contents of resources are not available once the resource is reallocated.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target O.TIME_STAMPS FPT_STM_EXP.1 FPT_STM_EXP.1 requires that the TOE be able to obtain reliable time stamps for its own use and therefore, partially satisfies this objective. Time stamps include date and time and are reliable in that they are always available to the TOE, and the clock must be monotonically increasing. O.TOE_ACCESS FIA_AFL.1(1) The TOE will provide mechanisms that control a user’s logical access to the TOE. FIA_ATD.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target attacks on their authentication credentials. FIA_ATD.1(1) Management requirements provides additional control to supplement the authentication requirements. FTA_SSL.3 ensures that inactive user and administrative sessions are dropped. FTP_TRP.1 ensures that remote users have a trusted path in order to authenticate. FTP_ITC_EXP.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target OE.AUDIT_PROTECTION The IT Environment will provide the capability to protect audit information and the authentication credentials. FAU_SAR.2 FAU_STG.1 FAU_STG.3 FMT_MOF.1(4) FMT_SMR.1(2) FAU_SAR.2 restricts the ability to read the audit records to only the administrator. The exception to this is that all administrators have access to the audit record information presented in the alarm indicating a potential security violation.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target to manage the IT environment. OE.NO_EVIL Sites using the TOE shall ensure that administrators are non-hostile, appropriately trained and follow all administrator guidance. AGD_ADM.1 OE.NO_GENERAL_PURP OSE A.NO_GENERAL_P URPOSE There are no generalpurpose computing or storage repository capabilities (e.g., compilers, editors, or user applications) available on the TOE. OE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target TOE in a manner that is commensurate with the risks posed to the network. OE.RESIDUAL_INFORMA TION The TOE IT environment will ensure that any information contained in a protected resource within its Scope of Control is not released when the resource is reallocated. FDP_RIP.1(2) OE.SELF_PROTECTION FPT_SEP.1(2) The IT environment will FPT_RVM.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target OE.TIME_STAMPS The TOE IT environment shall provide reliable time stamps and the capability for the administrator to set the time used for these time stamps. FPT_STM.1 FMT_MTD.1(5) FPT_STM.1 requires that the TOE IT environment be able to provide reliable time stamps for its own use and that of the TOE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target dependencies were introduced as a result of completing each operation. With the exception of dependencies related to FMT_MSA.2, all dependencies in this ST have been satisfied. FMT_MSA.2 is included in this ST as a dependency of the Cryptographic Support family (FCS_COP and FCS_CKM). It is used there to ensure that security attributes related to cryptographic objects (e.g. cryptographic keys) are protected.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target Explicit Requirement Identifier Rationale FCS_BCM_EXP.1 Baseline cryptographic module This explicit requirement is necessary since the CC does not provide a means to specify a cryptographic baseline of implementation. FCS_CKM_EXP.2 Cryptographic key handling and storage This explicit requirement is necessary since the CC does not specifically provide components for key handling and storage. FCS_COP_EXP.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target FIA_UAU_EXP.5(1), (2) Multiple authentication mechanisms This explicit requirement is needed for local administrators because there is concern over whether or not existing CC requirements specifically require that the TSF provide authentication. Authentication provided by the TOE is implied by other FIA_UAU requirements and is generally assumed to be a requirement when other FIA_UAU requirements are included in a TOE.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 8.9 TOE Summary Specification Rationale The TOE Summary Specification describes security functions of the TOE. The security functions considered together satisfy all of the TSFRs and security assurance requirements. All of the security functions are required in order for the TOE to support the required security functionalities. The table below demonstrates the relationship of TSFRs to security functions. FAU_GEN.1(1) X FAU_GEN.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target FMT_MOF.1(1) X FMT_MOF.1(2) X FMT_MOF.1(3) X FMT_MSA.2 X FMT_MTD.1(1) X FMT_MTD.1(2) X FMT_SMF.1(1) X FMT_SMF.1(2) X FMT_SMF.1(3) X FMT_SMR.1(1) X FPT_RVM.1(1) X FPT_SEP.1(1) X FPT_STM_EXP.1 X FPT_TST_EXP.1 X FPT_TST_EXP.2 X FTA_SSL.3 X FTA_TAB.1 X FTP_ITC_EXP.1(1) X FTP_TRP.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target The table below demonstrates suitability of Security Functions to meet TSFRs. Table 8-6 Suitability of Security Functions to meet TSFRs Security Functions Security Audit SFRs FAU_GEN.1(1) FAU_GEN.2 FAU_SEL.1 Cryptographic Support FCS_BCM_EXP.1 FCS_CKM.1 FCS_CKM_EXP.2 FCS_CKM.4 FCS_COP_EXP.1 FCS_COP_EXP.2(1) FCS_COP_EXP.2(2) User Data Protection FDP_PUD_EXP.1 FDP_RIP.1(1) Identification and Authentication FIA_AFL.1(1) FIA_ATD.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target authentictation before any actions other than identification (FIA_UAU.1). The TOE authenticates administrators using passwords while wireless LAN users are authenticated using the EAP protocol (FIA_UAU_EXP.5(1)). The TOE requires that each user must be successfully identified before allowing TSFmediated actions (FIA_UID.2).
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target users with roles (FMT_SMR.1(1)). Protection of the TSF FPT_RVM.1(1) FPT_SEP.1(1) FPT_STM_EXP.1 FPT_TST_EXP.1 FPT_TST_EXP.2 TOE Access FTA_SSL.3 FTA_TAB.1 The TOE provides for nonbypassability of the TOE Security Policy (FPT_RVM.1(1)) and TSF domain separation (FPT_SEP.1(1)).
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target Mapping of assurance measures to assurance requirements is provided in Table 6-1 Assurance Measures. 8.10 PP Claims Rationale The TOE conforms to the US Government Wireless Local Area Network (WLAN) Access System Protection Profile for Basic Robustness Environments, Version 1.0, April 2006. The following IT security requirements statements included in this ST contain completed WLANAS PP operations: FAU_GEN.1, FCS_CKM_EXP.
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target 9 Appendix Table 9-1 Abbreviations and Acronyms AES CC CBC CCM EAL EAP EAP-TLS EAP-TTLS FIPS 140-2 IKE IP IPSec IT LAN NTP MAC PEAP PP SOF SF SFP SSH ST TOE TLS Triple DES TSC TSF TSP WLAN WLANAS PP Advanced Encryption Standard Common Criteria Cipher Block Chaining Counter with CBC-MAC Evaluation Assurance Level Extensible Authentication Protocol EAP-Transport Layer Security Protocol EAP-Tunneled Transport Layer Security Protocol Federa
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target [6] FIPS PUB 140-2, Security Requirements for Cryptographic Modules, May 2001 [7] Motorola Wireless Switch Configuration Management Plan and Procedures [8] Motorola Wireless Switch Delivery and Operation Plan and Procedures [9] Motorola Wireless Switch Installation Guide [10] Motorola Wireless Switch Functional Specification [11] Motorola Wireless Switch High-Level Design Specification [12] Motorola Wireless Switch Low-Level Design Specif
