Ecurity, Bjectives for the, Nvironment – Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual
Page 19: It security objectives, Non-it security objectives, 2 security objectives for the environment
Security Target, Version 3.9
March 18, 2008
Nortel VPN Router v7.05 and Client Workstation v7.11
Page 19 of 67
© 2008 Nortel Networks
4.2 Security Objectives for the Environment
4.2.1 IT Security Objectives
The following IT security objectives are to be satisfied by the environment:
OE.TIME
The environment must provide reliable timestamps for the time-stamping of audit events.
OE.CERTIFICATE
The environment must provide the required certificate infrastructure so that the validity of
certificates can be verified. The certificate infrastructure must be properly and securely
maintained so that the status of certificates is accurately provided to the TOE.
OE.DOMSEP
The environment must maintain a security domain for the Nortel VPN Client software that
protects it from interference and tampering by untrusted subjects.
4.2.2 Non-IT Security Objectives
The following non-IT environment security objectives are to be satisfied without imposing technical requirements
on the TOE. That is, they will not require the implementation of functions in the TOE hardware and/or software.
Thus, they will be satisfied largely through application of procedural or administrative measures.
OE.PHYS-SEC
The TOE must be physically protected so that only TOE users who possess the appropriate
privileges have access.
OE.TRAINED
Those responsible for the TOE must train TOE users to establish and maintain sound security
policies and practices.
OE.DELIVERY
Those responsible for the TOE must ensure that it is delivered, installed, managed and
operated in accordance with documented delivery and installation/setup procedures.