Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual
Page 64
Security Target, Version 3.9
March 18, 2008
Nortel VPN Router v7.05 and Client Workstation v7.11
Page 64 of 67
© 2008 Nortel Networks
Corresponding CC Assurance Components:
Functional Specification with Complete Summary
Security-Enforcing High-Level Design
Descriptive Low-Level Design
Implementation of the TSF
Informal TOE Security Policy Model
Informal Representation Correspondence
8.6.2.4
Guidance Documentation
The Nortel Guidance documentation provides administrator and user guidance on how to securely operate the TOE.
The Administrator Guidance provides descriptions of the security functions provided by the TOE. Additionally, it
provides detailed accurate information on how to administer the TOE in a secure manner and how to effectively use
the TSF privileges and protective functions. The User Guidance provided directs users on how to operate the TOE
in a secure manner. Additionally, User Guidance explains the user-visible security functions and how they are to be
used and explains the user’s role in maintaining the TOE’s Security. Nortel provides single versions of documents
which address the administrator Guidance and User Guidance; there are no separate guidance documents
specifically for non-administrator users of the TOE.
Corresponding CC Assurance Components:
Administrator Guidance
User Guidance
8.6.2.5
Life Cycle Support Documents
The Life Cycle Support documentation describes all the physical, procedural, personnel, and other security measures
that are necessary to protect the confidentiality and integrity of the TOE design and implementation in its
development environment. It provides evidence that these security measures are followed during the development
and maintenance of the TOE. It provides evidence that these security measures are followed during the
development and maintenance of the TOE. The flaw remediation procedures addressed to the TOE developers are
provided and so are the established procedures for accepting and acting upon all reports of security flaws and
requests for corrections of those flaws. The flaw remediation guidance addressed to TOE users is provided. The
description also contains the procedures used by Nortel to track all reported security flaws in each release of the
TOE. The established life-cycle model to be used in the development and maintenance of the TOE is documented
and explanation on why the model is used is also documented. The selected implementation-dependent options of
the development tools are described.
Corresponding CC Assurance Components:
Identification of Development Security Measures
Flaw Reporting Procedures
Developer Defined Life Cycle Model
Well-defined Development Tools
8.6.2.6
Tests
There are a number of components that make up the Test documentation. The Coverage Analysis demonstrates the
testing performed against the functional specification. The Coverage Analysis demonstrates the correspondence
between the tests identified in the test documentation and the TSF as described in the functional specification. The
depth analysis demonstrates that the tests identified in the test documentation are sufficient to demonstrate that the
TSF operates in accordance with its high-level design and low-level design. Nortel Test Plans and Test Procedures,
which detail the overall efforts of the testing effort and break down the specific steps taken by a tester, are also
provided. The Independent Testing documentation provides an equivalent set of resources to those that were used in
the developer’s functional testing.