MozillaWiki

VE 04: Difference between revisions

Page Discussion

VE 04 (view source)

Revision as of 18:19, 27 July 2005

29,691 bytes removed ,  27 July 2005
no edit summary
No edit summary
 
No edit summary
Line 1: Line 1:
==SECTION 3: ROLES, SERVICES, AND AUTHENTICATION==
==SECTION 4: FINITE STATE MODEL==
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.01</FONT></B>The
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.04.01</FONT></B>The
cryptographic module shall support authorized roles for operators </FONT></FONT></FONT>
operation of the cryptographic module shall be specified using a </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>and
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>finite
corresponding services within each role.</FONT></FONT></FONT></P>
state (or equivalent) represented by a state transition diagram </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Note:
This assertion is not separately tested.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>and/or
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.02</FONT></B>If
a state transition table. (The state transition diagram and/or state </FONT></FONT></FONT>
the cryptographic module supports concurrent operators, then the </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>transition
shall internally maintain the separation of the roles assumed by </FONT></FONT></FONT>
table includes all operational and error states of the </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>each
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>cryptographic
operator and the corresponding services.</FONT></FONT></FONT></P>
module, the corresponding transitions from one state to </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>another,
==VE.03.02.01==
the input events that cause transitions from one state to </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.02.01</FONT></B>The
vendor documentation shall specify whether multiple concurrent </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>operators
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>another,
are allowed. The vendor shall describe the method by which </FONT></FONT></FONT>
and the output events resulting from transitions from one state </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>separation
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>to
of the authorized roles and services performed by each </FONT></FONT></FONT>
another.)</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.04.02</FONT></B>The
cryptographic module shall include the following operational and </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>operator
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>error
is achieved. The vendor documentation shall also describe </FONT></FONT></FONT>
states:</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Power
on/off states. States for primary, secondary, or backup power.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>These
states may distinguish between power sources being applied to </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>any
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>the
restrictions on concurrent operators (e.g., one operator in a </FONT></FONT></FONT>
cryptographic module.</FONT></FONT></FONT></P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Crypto
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>maintenance
officer states. States in which the crypto officer services are </FONT></FONT></FONT>
role and another in a user role simultaneously is not </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.17in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>performed
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.03</FONT></B>The
(e.g., cryptographic initialization and key management).</FONT></FONT></FONT></P>
cryptographic module shall support the following authorized roles </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Key/CSP
entry states. States for entering cryptographic keys and </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>for
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>CSPs
operators:</FONT></FONT></FONT></P>
into the cryptographic module.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>User
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>User
Role. The role assumed to perform general security services, </FONT></FONT></FONT>
states. States in which authorized users obtain security services, </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>including
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>perform
cryptographic operations and other Approved security </FONT></FONT></FONT>
cryptographic operations, or perform other Approved or </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>functions.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>non-Approved
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Crypto
functions.</FONT></FONT></FONT></P>
Officer Role: The role assumed to perform a set of </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Self-test
states. States in which the cryptographic module is </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>cryptographic
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>performing
initialization or management functions (e.g., module </FONT></FONT></FONT>
self-tests.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Error
states. States when the cryptographic module has encountered </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.18in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>an
==VE.03.03.01==
error (e.g., failed a self-test or attempted to encrypt when missing </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.03.01</FONT></B>In
the documentation required to satisfy VE03.06.01, the vendor shall </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>include
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>operational
at least one user role and one crypto-officer role.</FONT></FONT></FONT></P>
keys or CSPs). Error states may include &quot;hard&quot; errors that </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>indicate
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.04</FONT></B>If
an equipment malfunction and that may require maintenance, </FONT></FONT></FONT>
the cryptographic module allows operators to perform maintenance </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>services,
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>service
then the module shall support the following authorized role:</FONT></FONT></FONT></P>
or repair of the cryptographic module, or recoverable &quot;soft&quot;
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
</FONT></FONT></FONT>
Maintenance Role: The role assumed to perform physical maintenance
and/or logical maintenance services (e.g., hardware/software
diagnostics).</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.2in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.04.01==
<P ALIGN=LEFT STYLE="margin-top: 0.01in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.04.01</FONT></B>If
the module has a maintenance interface, the vendor documentation </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>shall
explicitly state a maintenance role is supported. The </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>documentation
shall completely specify the role by name and allowed </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>errors
that may require initialization or resetting of the module.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Note:
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.05</FONT></B>All
This assertion is tested as part of AS04.05.</FONT></FONT></FONT></P>
plaintext secret and private keys and unprotected CSPs shall be </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-top: 0.29in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.04.03</FONT></B>Recovery
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>zeroized
from error states shall be possible except for those caused by </FONT></FONT></FONT>
when entering or exiting the maintenance role.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.05.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.05.01</FONT></B>The
vendor documentation shall specify how the module's plaintext </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>secret
and private keys and other unprotected critical security </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>parameters,
as defined in Section 2.1 of FIPS PUB 140-2, are actively </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>zeroized
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>hard
when the maintenance role is entered or exited.</FONT></FONT></FONT></P>
errors that require maintenance, service, or repair of the </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-top: 0.25in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.06</FONT></B>Documentation
shall specify all authorized roles supported by the </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>cryptographic
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>cryptographic
module.</FONT></FONT></FONT></P>
module.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.06.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.06.01</FONT></B>Vendor
documentation shall specify each distinct authorized role, </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>including
its name and the services that are performed in the role.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.07</FONT></B>Services
shall refer to all of the services, operations, or functions that </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>can
be performed by the cryptographic module.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Note:
This assertion is not separately tested.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.2in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.08</FONT></B>Service
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.04.04</FONT></B>If
inputs shall consist of all data or control inputs to the </FONT></FONT></FONT>
the cryptographic module contains a maintenance role, then a </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>cryptographic
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>maintenance
module that initiate or obtain specific services, </FONT></FONT></FONT>
state shall be included.</FONT></FONT></FONT></P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>operations,
or functions. </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.09</FONT></B>Service
outputs shall consist of all data and status outputs that result </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>from
services, operations, or functions initiated or obtained by service </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>inputs.
</FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.2in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.10</FONT></B>Each
service input shall result in a service output.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Note:
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Note:
This assertion is not separately tested.</FONT></FONT></FONT></P>
This assertion is tested as part of AS04.05.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.11</FONT></B>The
cryptographic module shall provide the following services to </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>operators:</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Show
Status. Output the current status of the cryptographic module.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Perform
Self-Tests. Initiate and run the self-tests as specified in </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Section
4.9.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>Perform
Approved Security Function. Perform at least one Approved</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.18in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.11.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.11.01</FONT></B>The
vendor documentation shall describe the output of the current </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>status
of the module and the initiation and running of user callable </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>self-tests,
along with other services as specified by VE03.14.01 and </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.12</FONT></B>If
a cryptographic module implements a bypass capability, where </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>services
are provided without cryptographic processing (e.g., </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>transferring
plaintext through the module without encryption), then two </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>independent
internal actions shall be required to activate the capability </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>to
prevent the inadvertent bypass of plaintext data due to a single
error </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>(e.g.,
two different software or hardware flags are set, one of which </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.17in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.12.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.12.01</FONT></B>If
the module implements a bypass capability, the vendor </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>documentation
shall describe the bypass service as specified in </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>AS03.12.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.12.02==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.12.02</FONT></B>The
finite state model and other vendor documentation shall indicate, </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>for
all transitions into an exclusive or alternating bypass state, two </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>independent
internal actions that are required to transition into each </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.13</FONT></B>If
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.04.05</FONT></B>Documentation
the cryptographic module implements a bypass capability, where </FONT></FONT></FONT>
shall include a representation of the finite state (or </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>services
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>equivalent)
are provided without cryptographic processing (e.g., </FONT></FONT></FONT>
using a state transition diagram and/or state transition table </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>transferring
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>that
plaintext through the module without encryption), then the </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module
shall show status to indicate whether </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>1)
the bypass capability is not activated, and the module is exclusively
</FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>providing
services with cryptographic processing (e.g., the plaintext is </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>encrypted),</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>2)
the bypass capability is activated and the module is exclusively
providing services without cryptographic processing (e.g., plaintext
data is not encrypted), or</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>3)
the bypass capability is alternately activated and deactivated and
the</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module
is providing some services with cryptographic processing and </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>some
services without cryptographic processing (e.g., for modules with </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>multiple
communication channels, plaintext data is or is not encrypted </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>depending
on each channel configuration).</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.13.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.13.01</FONT></B>The
vendor documentation for the &quot;Show Status&quot; service shall
indicate </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>bypass
status.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.14</FONT></B>Documentation
shall specify:</FONT></FONT></FONT></P>
shall specify:</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
the services, operations, or functions provided by the cryptographic </FONT></FONT></FONT>
all operational and error states of the cryptographic module,</FONT></FONT></FONT></P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module,
the corresponding transitions from one state to another,</FONT></FONT></FONT></P>
both Approved and non-Approved, and</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
for each service provided by the module, the service inputs, </FONT></FONT></FONT>
the input events, including data inputs and control inputs, that
</P>
cause </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>corresponding
service outputs, and the authorized role(s) in which the </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>service
can be performed.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.17in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.14.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.14.01</FONT></B>The
vendor documentation shall describe each service including </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>purpose
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>transitions
and function.</FONT></FONT></FONT></P>
from one state to another, and</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.14.02==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.14.02</FONT></B>The
vendor documentation shall specify for each service, the service </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>inputs,
corresponding service outputs, and the authorized role or roles </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>in
which the service can be performed. Service inputs shall consist of </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>all
data or control inputs to the module that initiate or obtain specific
</FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>services,
operations, or functions. Service outputs shall consist of all </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>data
and status outputs that result from services, operations or functions</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>initiated
or obtained by service inputs.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.18in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.15</FONT></B>Documentation
shall specify any services provided by the cryptographic</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module
for which the operator is not required to assume an authorized </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>role,
and how these services do not modify, disclose, or substitute </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>cryptographic
keys and CSPs, or otherwise affect the security of the </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.25in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.15.01==
<P ALIGN=LEFT STYLE="margin-top: 0.2in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.15.01</FONT></B>The
vendor documentation shall describe each service, including its </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>purpose
and function.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.15.02==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.15.02</FONT></B>The
vendor documentation shall specify, for each service, the service </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>inputs
and corresponding service outputs. Service inputs shall consist </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>of
all data or control inputs to the module that initiate or obtain
specific </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>services,
operations, or functions. Service outputs shall consist of all </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>data
and status outputs that result from the services, operations, or </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>functions
initiated or obtained by service inputs.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.17in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.21</FONT></B>When
the cryptographic module is powered off and subsequently </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>powered
on, the results of previous authentications shall not be retained</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>and
the module shall require the operator to be re-authenticated.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.21.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.21.01</FONT></B>The
vendor documentation shall describe how the results of previous </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>authentications
are cleared when the module is powered off.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.23</FONT></B>If
the cryptographic module does not contain the authentication data </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>required
to authenticate the operator for the first time the module is </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>accessed,
then other authorized methods (e.g., procedural controls or </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>use
of factory-set or default authentication data) shall be used to
control</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>access
to the module and initialize the authentication mechanisms.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.17in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.23.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.23.01</FONT></B>The
vendor documentation shall specify means to control access to the </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module
before it is initialized.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.09in; margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.29</FONT></B>Documentation
shall specify:</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
the authentication mechanisms supported by the cryptographic </FONT></FONT></FONT>
the output events, including internal module conditions, data </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module,</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>outputs,
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
and status outputs resulting from transitions from one state to </FONT></FONT></FONT>
the types of authentication data required by the module to </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>implement
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
the supported authentication mechanisms,</FONT></FONT></FONT></P>
==VE.04.05.01==
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.04.05.01</FONT></B>The
the authorized methods used to control access to the module for the </FONT></FONT></FONT>
vendor shall provide a description of the finite state model. This </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>first
time and initialize the authentication mechanisms, and</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>*
the strength of the authentication mechanisms supported by the </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.2in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.01in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS.03.30</FONT></B>If
authentication mechanisms are not supported by the cryptographic </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module,
the module shall require that one or more roles either be </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>implicitly
or explicitly selected by the operator.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.30.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.30.01</FONT></B>The
vendor shall document the type of authentication performed for the</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>module.
The vendor shall document the mechanisms used to perform </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>description
shall contain the identification and description of all states of</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>the
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>the
implicit or explicit selection of a role or set of roles and the </FONT></FONT></FONT>
module, and a description of all corresponding state transitions. </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>authentication
of the operator to assume the role(s).</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.25in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
==VE.03.30.02==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.30.02</FONT></B>The
vendor provided nonproprietary security policy shall provide a </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>description
of the roles, either implicit or explicit, that the operator can </FONT></FONT></FONT>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>assume.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>The
==VE.03.30.03==
descriptions of the state transitions shall include internal module </FONT></FONT></FONT>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.03.30.03</FONT></B>The
vendor provided non-proprietary security policy shall provide </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>instructions
<P ALIGN=LEFT STYLE="margin-top: 0.08in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>conditions,
for the operator to assume either the implicit or explicit </FONT></FONT></FONT>
data inputs and control inputs that cause transitions from </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>roles.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>one
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR>
state to another, data outputs and status outputs resulting from </FONT></FONT></FONT>
</P>
</P>
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>transitions
from one state to another.</FONT></FONT></FONT></P>
Glen
219

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/11134"