HP A-Series Specifiche

Hewlett-Packard Company Network Switches Security Target Version 1.02 08/16/2013 Prepared for: Hewlett-Packard Development Compan

Security Target Version 1.02, 08/16/2013 10  HP 9500 48-port Gig-T REB Module  HP 9500 16-port GbE SFP/8-port GbE Combo LEB Module  HP

Security Target Version 1.02, 08/16/2013 11 2.2 TOE Architecture The HP Network switches share a common software code base, called

Security Target Version 1.02, 08/16/2013 12 queue management, semaphore management, time management, IPC, RPC, module loading management and c

Security Target Version 1.02, 08/16/2013 13  Security audit  Cryptographic support  User data protection  Identification and authentic

Security Target Version 1.02, 08/16/2013 14 The TOE includes functions to perform self-tests so it might detect when it is failing. It also in

Security Target Version 1.02, 08/16/2013 15 3. Security Problem Definition The Security Problem Definition (composed of organizational polici

Security Target Version 1.02, 08/16/2013 16 A.NO_GENERAL_PURPOSE It is assumed that there are no general-purpose computing capabiliti

Security Target Version 1.02, 08/16/2013 17 4. Security Objectives Like the Security Problem Definition, the Security Objectives hav

Security Target Version 1.02, 08/16/2013 18 OE.PHYSICAL Physical security, commensurate with the value of the TOE and the data it

Security Target Version 1.02, 08/16/2013 19 5. IT Security Requirements This section defines the Security Functional Requirements (SF

Security Target Version 1.02, 08/16/2013 2 1. SECURITY TARGET INTRODUCTION ...

Security Target Version 1.02, 08/16/2013 20 5.2 TOE Security Functional Requirements The following table describes the SFRs that are satisfie

Security Target Version 1.02, 08/16/2013 21 b) For each audit event type, based on the auditable event definitions of the functional component

Security Target Version 1.02, 08/16/2013 22 Requirement Auditable Events Additional Audit Record Contents Termination of the trusted channel

Security Target Version 1.02, 08/16/2013 23 5.2.2.6 Cryptographic Operation (for keyed-hash message authentication) (FCS_COP.1(4)) FCS_COP.1

Security Target Version 1.02, 08/16/2013 24 5.2.3 User data protection (FDP) 5.2.3.1 Full Residual Information Protection (FDP_RIP.2) FDP_R

Security Target Version 1.02, 08/16/2013 25 FMT_SMR.2.2 The TSF shall be able to associate users with roles. FMT_SMR.2.3 The TSF shall ens

Security Target Version 1.02, 08/16/2013 26 5.2.7.4 Default TOE Access Banners (FTA_TAB.1) FTA_TAB.1.1 Refinement: Before establishing an a

Security Target Version 1.02, 08/16/2013 27 5.3 TOE Security Assurance Requirements The security assurance requirements for the TOE are the E

Security Target Version 1.02, 08/16/2013 28 AGD_OPE.1.6c The operational user guidance shall, for each user role, describe the security measu

Security Target Version 1.02, 08/16/2013 29 AVA_VAN.1.3e The evaluator shall conduct penetration testing, based on the identified potential v

Security Target Version 1.02, 08/16/2013 3 8.1.1 Security Objectives Rationale for the TOE and Environment ...

Security Target Version 1.02, 08/16/2013 30 5.4 Explicit Assurance Activities The following tables (Table 5 NDPP Security Functional

Security Target Version 1.02, 08/16/2013 31 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FAU_STG_EX

Security Target Version 1.02, 08/16/2013 32 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FCS_CKM_EX

Security Target Version 1.02, 08/16/2013 33 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FCS_IPSEC_

Security Target Version 1.02, 08/16/2013 34 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FCS_IPSEC_

Security Target Version 1.02, 08/16/2013 35 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FCS_SSH_EX

Security Target Version 1.02, 08/16/2013 36 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FDP_RIP.2.

Security Target Version 1.02, 08/16/2013 37 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FIA_UAU_EX

Security Target Version 1.02, 08/16/2013 38 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FPT_TUD_(E

Security Target Version 1.02, 08/16/2013 39 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FTA_TAB.1.

Security Target Version 1.02, 08/16/2013 4 1. Security Target Introduction This section identifies the Security Target (ST) and Target of Eva

Security Target Version 1.02, 08/16/2013 40 Assurance Activity ADV_FSP There are no specific assurance activities associated with these SA

Security Target Version 1.02, 08/16/2013 41 Assurance Activity ATE_IND The evaluator shall prepare a test plan and report documenting the te

Security Target Version 1.02, 08/16/2013 42 6. TOE Summary Specification This chapter describes the security functions:  Security audit 

Security Target Version 1.02, 08/16/2013 43 Functions Standards Certificates Asymmetric key generation  Domain parameter generation NIST S

Security Target Version 1.02, 08/16/2013 44 The TOE uses a software-based random bit generator that complies with FIPS 140-2 ANSI x9.31 Rando

Security Target Version 1.02, 08/16/2013 45 Identifier Name Generation/ Algorithm Purpose Storage Location Zeroization Summary CSP6 SSH Sessio

Security Target Version 1.02, 08/16/2013 46 Identifier Name Generation/ Algorithm Purpose Storage Location Zeroization Summary CSP13 IKE Encry

Security Target Version 1.02, 08/16/2013 47 being received, the TOE uses a buffer to build all packet information. Once complete,

Security Target Version 1.02, 08/16/2013 48  FCS_CKM.1: See table above.  FCS_CKM_EXT.4: Keys are zeroized when they are no longer needed

Security Target Version 1.02, 08/16/2013 49 The Identification and authentication function is designed to satisfy the following security funct

Security Target Version 1.02, 08/16/2013 5 Product Series Specific Devices HP 5800‐24G‐SFP Switch HP 5800‐48G‐PoE Switch HP 5800‐48G Switch H

Security Target Version 1.02, 08/16/2013 50 6.6 Protection of the TSF The TOE is an appliance and as such is designed to work independent of

Security Target Version 1.02, 08/16/2013 51  FPT_STM.1: The TOE includes its own hardware clock.  FPT_TST_EXT.1: The TOE includes a number

Security Target Version 1.02, 08/16/2013 52 To support secure remote administration, the TOE includes an implementation of SSHv2. In each cas

Security Target Version 1.02, 08/16/2013 53 7. Protection Profile Claims This ST is conformant to the Security Requirements for Network Devic

Security Target Version 1.02, 08/16/2013 54 8. Rationale This section provides the rationale for completeness and consistency of the Security

Security Target Version 1.02, 08/16/2013 55 8.1.1.1 P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions

Security Target Version 1.02, 08/16/2013 56 8.1.1.6 T.UNDETECTED_ACTIONS Malicious remote users or external IT entities may take actions t

Security Target Version 1.02, 08/16/2013 57 O.DISPLAY_BANNER O.PROTECTED_COMMUNICATIONS O.RESIDUAL_INFORMATION_CLEARING O.SESSION_LOCK O

Security Target Version 1.02, 08/16/2013 58 This TOE Security Objective is satisfied by ensuring:  FTA_TAB.1: The TOE is required to display

Security Target Version 1.02, 08/16/2013 59 This TOE Security Objective is satisfied by ensuring:  FAU_GEN.1: The TOE is required to be abl

Security Target Version 1.02, 08/16/2013 6 reproduced in this Security Target to ensure they are within scope of the corresponding evaluati

Security Target Version 1.02, 08/16/2013 60  FCS_COP.1(3): The TOE is required to either use digital signatures or cryptographic hashes to e

Security Target Version 1.02, 08/16/2013 61 ST Requirement CC Dependencies ST Dependencies FTP_ITC.1 none none FTP_TRP.1 none none AD

Security Target Version 1.02, 08/16/2013 62 Security audit Cryptographic support User data protection Identification and authentication

Security Target Version 1.02, 08/16/2013 63 Appendix A: Documentation for A Series Switches This Appendix provides a list of the product docum

Security Target Version 1.02, 08/16/2013 64 The following documents for the 5500 HI Switch series can be found under the General Reference sec

Security Target Version 1.02, 08/16/2013 65  R1211-HP 5820X & 5800 Switch Series Layer-3 IP Services Command Reference, 8 Jan 2013 http:

Security Target Version 1.02, 08/16/2013 66  H3C S9500E Series Routing Switches Network Management and Monitoring Configuration Guide, 1 Dec

Security Target Version 1.02, 08/16/2013 7 2.1 TOE Overview The HP Network switches are Gigabit Ethernet switch appliances which co

Security Target Version 1.02, 08/16/2013 8 optionally be used since they do not affect any of the claimed security functions but rather serve

Security Target Version 1.02, 08/16/2013 9  HP 7510 768Gbps Fabric/Main Processing Unit  HP 7500 384Gbps Fabric/Main Processing Unit 