Download CA Layer 7 Security Target

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
Transcript 
CA Layer 7
#
Source
Security Target
Requirement
Assurance
Family
standard for the nation in which the evaluation is being conducted.
38. FTP_ITC.1(
2)
The evaluator shall test this capability by enabling secure communications on
the TOE and placing a packet sniffer on the local network. They shall then use
the TOE to perform actions that require communications to all trusted IT
products with which it communicates and observe the captured packet traffic
that is directed to or from the TOE to ensure that their contents are obfuscated.
ATE_IND
39. FTP_TRP.1
The evaluator shall check the operational guidance to verify that it discusses
the methods by which users will interact with the TOE such as a web
application via HTTPS. The evaluator shall check the operational guidance to
determine if it discusses the mechanism by which a trusted path to the TOE is
established and what environmental components (if any) the TSF relies on to
assist in this establishment.
AGD_OPE
40. FTP_TRP.1
The evaluator shall test this capability in a similar manner to the assurance
activities for FTP_ITC.1. If data transmitted between the user and the TOE is
obfuscated, the trusted path can be assumed to have been established.
ATE_IND
Annex A.2: ESM Access Control PP Assurance Activities
#
Source
Requirement
1.
FAU_GEN.1
As per ESM Policy Manager PP assurance activity, in addition:
Assurance
Family
ATE_IND
This testing may be done in conjunction with the exercise of other functionality.
For example, if the ST specifies that an audit record will be generated when an
access request is denied by a policy specified in FDP_ACF.1, then audit
records will be expected to be generated as a result of testing the policy’s
effectiveness. The evaluator shall also check to ensure that the content of the
logs are consistent with the activity performed on the TOE. For example, if a
test is performed such that an access request is denied by policy, the
corresponding audit record should correctly indicate the failure.
2.
FAU_SEL.1
The evaluator shall check the operational guidance in order to determine the
selections that are capable of being made to the set of auditable events, and
shall confirm that it contains all of the selections identified in the Security
Target.
3.
FAU_SEL.1
The evaluator shall test this capability by using a compatible Policy
Management product to configure the TOE in the following manners:
AGD_OPE
ATE_IND
- All selectable auditable events enabled
- All selectable auditable events disabled
- Some selectable auditable events enabled
For each of these configurations, the evaluator shall perform all selectable
auditable events and determine by review of the audit data that in each
configuration, only the enabled events are recorded.
Page 70 of 74
Related documents
Lire/enregistrer le document - Droit-ntic
Lire/enregistrer le document - Droit-ntic
Operating Instructions Elevator Machine Model
Operating Instructions Elevator Machine Model
User manual - energetyka.itr.org.pl
User manual - energetyka.itr.org.pl
Administrative Guide
Administrative Guide
RAD Data comm IPmux-8 Specifications
RAD Data comm IPmux-8 Specifications
Brainloop Secure Connector for Microsoft PowerPoint
Brainloop Secure Connector for Microsoft PowerPoint
Sierra Products EasyFire MODEL EF 3800 Repair manual
Sierra Products EasyFire MODEL EF 3800 Repair manual
RAD Data comm IPmux-11 Specifications
RAD Data comm IPmux-11 Specifications
Benutzerhandbuch - CA Technologies
Benutzerhandbuch - CA Technologies
JiJi Active Directory Reports User Manual
JiJi Active Directory Reports User Manual
Panasonic NA-140VS4
Panasonic NA-140VS4
140VG3 NA - 148VG3 - Appliances Online
140VG3 NA - 148VG3 - Appliances Online
Manual SIA IP
Manual SIA IP
View/Open - Oregon State University
View/Open - Oregon State University
CMS 1
CMS 1
Common Criteria Protection Profile BSI-PP-0025
Common Criteria Protection Profile BSI-PP-0025
Introduction to Computers
Introduction to Computers
OfficeServ 7400 GWIMC Certification Report
OfficeServ 7400 GWIMC Certification Report
SuperNet 2000 EAL4/r1 Common Criteria Security Target (EAL4)
SuperNet 2000 EAL4/r1 Common Criteria Security Target (EAL4)