HP A-Series Spezifikationen PDF herunterladen (Seite 59)

Security Target Version 1.02, 08/16/2013

This TOE Security Objective is satisfied by ensuring:

 FAU_GEN.1: The TOE is required to be able to generate audit events for security relevant activities on the

TOE.

 FAU_GEN.2: The TOE is required to associate audit events to users to ensure proper accountability.

 FAU_STG_EXT.1: The TOE is required to be able to export audit records to an external audit server via a

secure channel to protect the integrity and security of those records.

 FPT_STM.1: The TOE is required to generate reliable time stamps to be used in its audit records for proper

accounting.

8.2.1.6 O.TOE_ADMINISTRATION

The TOE will provide mechanisms to ensure only administrators are able to log in and configure the TOE,

and provide protections for logged-in administrators.

This TOE Security Objective is satisfied by ensuring:

 FIA_PMG_EXT.1: The TOE is required to implement mechanisms allowing an administrator to constrain

the construction of passwords to encourage more secure (or harder to guess) passwords.

 FIA_UAU.7: The TOE is required to not echo passwords when being entered to mitigate the chance of an

accidental password disclosure.

 FIA_UAU_EXT.2: The TOE is required to implement a local authentication mechanism and can support

additional authentication mechanisms.

 FIA_UIA_EXT.1: The TOE is required to ensure users must be identified and authenticated in order to

access functions, other than those specifically intended to be accessed without identification and

authentication.

 FMT_MTD.1: The TOE is required to restrict access to security relevant data to administrators.

 FMT_SMF.1: The TOE is required to provide a minimum set of security functions to ensure the TOE

security features can be properly managed.

 FMT_SMR.1: The TOE is required to implement a minimum of an Authorized Administrator role and can

implement additional roles where necessary.

 FPT_APW_EXT.1: The TOE is required to prevent even administrators from readily accessing sensitive

user and TSF data such as passwords.

 FTA_SSL.3: The TOE is required to terminate remote sessions after an administrator defined period of

inactivity indicating the administrator may not be in attendance.

 FTA_SSL.4: The TOE allows users to terminate their sessions at any time to help them ensure their

credentials are not inappropriately used.

 FTA_SSL_EXT.1: The TOE is required to lock or terminate local sessions after an administrator defined

period of inactivity indicating the administrator may not be in attendance.

8.2.1.7 O.TSF_SELF_TEST

The TOE will provide the capability to test some subset of its security functionality to ensure it is operating

properly.

This TOE Security Objective is satisfied by ensuring:

 FPT_TST_EXT.1: The TOE is required to exercise self-tests during start-up to periodically ensure the TOE

security functions appear to be operating correctly.

8.2.1.8 O.VERIFIABLE_UPDATES

The TOE will provide the capability to help ensure any updates to the TOE can be verified by the

administrator to be unaltered and (optionally) from a trusted source.

This TOE Security Objective is satisfied by ensuring:

 FCS_COP.1(2): The TOE is required to either use digital signatures or cryptographic hashes to ensure the

integrity of updates.

1 2 ... 54 55 56 57 58 59 60 61 62 63 64 65 66

Kommentare zu diesen Handbüchern

Keine Kommentare

HP A-Series Spezifikationen Seite 59

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für PC / Workstation Barebones HP A-Series