Cisco IPS4345 Manual de usuario descargar pdf (Pagina 56)

Cisco Intrusion Prevention System Security Target

56

Section

Shall/Shall Not

Statement(s)

Should (Not) Statements

2

TOE

Compliant?

Rationale

Elements

5.1 Cryptographic

Hash Functions

None.

None.

Yes

N/A

5.2 Message

Authentication Code

(MAC) Algorithm

None.

None.

Yes

N/A

5.2.1 MacTag

Computation

None.

None.

Yes

N/A

5.2.2 MacTag

Checking

N/A, no shall

statements

None.

Yes

N/A

5.2.3 Implementation

Validation Message

None.

None.

Yes

N/A

5.3 Random Bit

Generation

None.

None.

Yes

N/A

5.4 Prime Number

Generators

Only approved prime

number generation

methods shall be

employed in this

Recommendation.

None.

No

TOE is ANSI X9.31

compliant.

5.5 Primality Testing

Methods

None.

None.

Yes

N/A

5.6 Nonces

None.

“When using a nonce, a

random nonce should be

used.”

Yes

N/A

5.7 Symmetric Key-

Wrapping Algorithms

N/A for TLS and

SSH.

None.

Yes

N/A

5.8 Mask Generation

Function (MGF)

None.

None.

Yes

N/A

5.9 Key Derivation

Functions for Key

Establishment

Schemes

None.

None.

Yes

TOE uses other

allowable methods

and the protocols as

referenced in FIPS

140-2 Annex D

5.9.1 Concatenation

Key Derivation

Function (Approved

Alternative 1)

None.

None.

Yes

N/A

5.9.2 ASN.1 Key

Derivation Function

(Approved Alternative

2)

None.

None.

Yes

N/A

6 RSA Key Pairs

N/A, no shall

statements

None.

Yes

N/A

6.1 General

Requirements

None.

“a key pair used for schemes

specified in this

recommendation should not

be used for any schemes not

specified herein”

Yes

N/A

6.2 Criteria for RSA

Key Pairs for Key

Establishment

N/A, no shall

statements

None.

Yes

N/A

6.2.1 Definition of a

Key Pair

None.

None.

Yes

N/A

1 2 ... 51 52 53 54 55 56 57 58 59 60 61

Comentarios a estos manuales

Sin comentarios