HP A-Series Spezifikationen Seite 30
- Seite / 66
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
Security Target Version 1.02, 08/16/2013
30
5.4 Explicit Assurance Activities
The following tables (Table 5 NDPP Security Functional Requirement Assurance Activities and Table 6 NDPP
Assurance Family Assurance Activities) define the explicit assurance activities presented in the NDPP for applicable
SFR elements and SAR families.
The table for the SFRs has divided the assurance activities based on whether they apply to TOE design, operational
guidance, or testing. The NDPP doesn’t include any SFR-specific life-cycle or vulnerability analysis assurance
activities. All SFR elements are represented in the table. The first column identifies the applicable SFR element, but
when there are no associated assurance activities the row is modified to identify only the applicable element.
The assurance activities in the following tables serve to refine the SARs above with specific activities to be
performed by the evaluators during the course of their evaluation.
Assurance Activity – Design
Assurance Activity - Guidance
Assurance Activity - Testing
FAU_GEN.1.1
The evaluator shall check the administrative
guide and ensure it lists all of the auditable
events and provides a format for audit records.
Each audit record format type must be covered,
along with a brief description of each field. The
evaluator shall check to make sure every audit
event type mandated by the NDPP is described
and the description of the fields contains the
information required in FAU_GEN1.2, and the
additional information specified in Table 3.
The evaluator shall also make a determination
of the administrative actions that are relevant in
the context of the NDPP. The evaluator shall
examine the administrative guide and make a
determination of which administrative
commands, including subcommands, scripts,
and configuration files, are related to the
configuration (including enabling or disabling)
of the mechanisms implemented in the TOE that
are necessary to enforce the requirements
specified in the NDPP. The evaluator shall
document the methodology or approach taken
while determining which actions in the
administrative guide are security relevant with
respect to the NDPP. The evaluator may
perform this activity as part of the activities
associated with ensuring the AGD_OPE
guidance satisfies the requirements.
The evaluator shall test the TOE’s ability to correctly
generate audit records by having the TOE generate
audit records for the events listed in table 1 and
administrative actions. This should include all
instances of an event--for instance, if there are several
different I&A mechanisms for a system, the
FIA_UIA_EXT.1 events must be generated for each
mechanism. The evaluator shall test that audit
records are generated for the establishment and
termination of a channel for each of the cryptographic
protocols contained in the ST. If HTTPS is
implemented, the test demonstrating the
establishment and termination of a TLS session can
be combined with the test for an HTTPS session. For
administrative actions, the evaluator shall test that
each action determined by the evaluator above to be
security relevant in the context of the NDPP is
auditable. When verifying the test results, the
evaluator shall ensure the audit records generated
during testing match the format specified in the
administrative guide, and the fields in each audit
record have the proper entries.
Testing here can be accomplished in conjunction with
the testing of the security mechanisms directly. For
example, testing performed to ensure the
administrative guidance provided is correct verifies
that AGD_OPE.1 is satisfied and should address the
invocation of the administrative actions that are
needed to verify the audit records are generated as
expected.
FAU_GEN.1.2
This activity should be accomplished in conjunction with the testing of FAU_GEN.1.1.
- Switches Security Target 1
- 1.2 Conformance Claims 5
- 1.3 Conventions 6
- 2. TOE Description 6
- 2.1 TOE Overview 7
- 2.2 TOE Architecture 11
- 2.2.2 Physical Boundaries 12
- 2.2.3 Logical Boundaries 12
- 2.3 TOE Documentation 14
- 3.1 Organizational Policies 15
- 3.2 Threats 15
- 3.3 Assumptions 15
- 4. Security Objectives 17
- 5.1 Extended Requirements 19
- 5.2.1 Security audit (FAU) 20
- 5.2.7 TOE access (FTA) 25
- 5.3.1 Development (ADV) 27
- 5.3.4 Tests (ATE) 28
- 6.1 Security audit 42
- 6.2 Cryptographic support 42
- 6.3 User data protection 48
- 6.5 Security management 49
- 6.6 Protection of the TSF 50
- 6.7 TOE access 51
- 6.8 Trusted path/channels 51
- 8. Rationale 54
Verwandte Produkte und Handbücher für PC / Workstation Barebones HP A-Series
(6 Seiten)© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.105 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern