Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual
Page 63
Security Target, Version 3.9
March 18, 2008
Nortel VPN Router v7.05 and Client Workstation v7.11
Page 63 of 67
© 2008 Nortel Networks
8.6.2 TOE Summary Specification Rationale for the Security Assurance
Requirements
8.6.2.1
Configuration Management
The Configuration Management documentation provides a description of tools used to control the configuration
items and how they are used by Nortel. The documentation provides a complete configuration item list and a unique
reference for each item. Additionally, the configuration management system is described including procedures that
are used by developers to control and track changes that are made to the TOE. The documentation further details the
TOE configuration items that are controlled by the configuration management system.
Corresponding CC Assurance Components:
Configuration Items
8.6.2.2
Secure Delivery and Operation
The Delivery and Operation documentation provides a description of the secure delivery procedures implemented by
Nortel to protect against TOE modification during product delivery. The Installation Documentation provided by
Nortel details the procedures for installing the TOE and placing the TOE in a secure state offering the same
protection properties as the master copy of the TOE. The Installation Documentation provides guidance to the
administrator on the TOE configuration parameters and how they affect the TSF.
Corresponding CC Assurance Components:
Delivery Procedures
Installation, Generation, and Start-Up Procedures
8.6.2.3
Development
The Nortel design documentation consists of several related design documents that address the components of the
TOE at different levels of abstraction. The following design documents address the Development Assurance
Requirements:
The Functional Specification provides a description of the security functions provided by the TOE and a
description of the external interfaces to the TSF. The Functional Specification covers the purpose and
method of use and a list of effects, exceptions, and errors message for each external TSF interface.
The High-Level Design provides a top level design specification that refines the TSF functional
specification into the major constituent parts (subsystems) of the TSF. The high-level design identifies the
basic structure of the TSF, the major elements, a listing of all interfaces, and the purpose and method of use
for each interface.
The Low-Level Design describes each security supporting module in terms of its purpose and interaction
with other modules. It describes the TSF in terms of modules, designating each module as either security-
enforcing or security-supporting. It provides an algorithmic description for each security-enforcing module
detailed enough to represent the TSF implementation.
The Implementation Representation unambiguously defines the TSF to a level of detail such that the TSF
can be generated without further design decisions. It also describes the relationships between all portions of
the implementation.
The Security Policy Model provides an informal TSP model and it demonstrates correspondence between
the functional specification and the TSP model by showing that all of the security functions in the functional
specification are consistent and complete with respect to the TSP model. The TSP model describes the rules
and characteristics of all policies of the TSP that can be modeled. The model should include a rationale that
demonstrates that it is consistent and complete with respect to all policies of the TSP that can be modeled.
The Correspondence Analysis demonstrates the correspondence between each of the TSF representations
provided. This mapping is performed to show the functions traced from the ST description to the High-
Level Design.