{"id":359969,"date":"2024-10-20T01:28:40","date_gmt":"2024-10-20T01:28:40","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bsi-19-30400451-dc\/"},"modified":"2024-10-26T02:13:07","modified_gmt":"2024-10-26T02:13:07","slug":"bsi-19-30400451-dc","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bsi-19-30400451-dc\/","title":{"rendered":"BSI 19\/30400451 DC"},"content":{"rendered":"

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
22<\/td>\n1 Scope <\/td>\n<\/tr>\n
23<\/td>\n2 Normative References
2.1 Overview
2.2 Approved references
2.3 References under development
2.4 Other References <\/td>\n<\/tr>\n
27<\/td>\n3 Definitions and conventions
3.1 Overview
3.2 Definitions
Access Control
address identifier
Anti-replay
Ascending order
Authentication
Authentication Initiator
Authentication Protocol
Authentication Responder
Authentication Transaction
Authorization
Autonomous Switch
B_Port <\/td>\n<\/tr>\n
28<\/td>\nBridge
Certificate
Certificate Revocation List
Certification Authority
Child_SA
Client Switch
Compliance Element
Confidentiality
Cryptographic Integrity
Data Origin Authentication
E_Port
Encryption
entity
Ephemeral key <\/td>\n<\/tr>\n
29<\/td>\nESP_Header
Exchange
exchange
Fabric
F_Port
F_Port_Name
FC-SP Compliance
FC-SP Zoning
Fx_Port
IKE_SA
Integrity <\/td>\n<\/tr>\n
30<\/td>\nInternet Key Exchange
Key
Local Fx_Port
Log
Name_Identifier
Node
Node_Name
Nonce
N_Port
N_Port_Name <\/td>\n<\/tr>\n
31<\/td>\nNx_Port
Online Certificate Status Protocol
Password
Perfect Forward Secrecy
Printable ASCII characters
Private Key
Proposal
Public Key
RADIUS Server
Root Certificate
Secret
SA_Initiator
SA Management Protocol
SA Management Transaction <\/td>\n<\/tr>\n
32<\/td>\nSA Proposal
SA_Responder
Salt
Security Association
Security Association Database
Security Parameters Index
security relationship
Server Switch
Switch
Switch_Name
T10 Vendor ID
Well-known address
word
3.3 Editorial Conventions <\/td>\n<\/tr>\n
34<\/td>\n3.4 Abbreviations, acronyms, and symbols <\/td>\n<\/tr>\n
35<\/td>\n3.5 Keywords <\/td>\n<\/tr>\n
36<\/td>\n3.6 T10 Vendor ID
3.7 Sorting
3.7.1 Sorting alphabetic keys
3.7.2 Sorting numeric keys
3.8 Terminate Communication <\/td>\n<\/tr>\n
37<\/td>\n3.9 State Machine notation <\/td>\n<\/tr>\n
38<\/td>\n3.10 Using numbers in hash functions and concatenation functions <\/td>\n<\/tr>\n
39<\/td>\n4 Structure and Concepts
4.1 Overview
4.2 FC-SP-2 Compliance
4.3 Fabric Security Architecture
4.4 Authentication Infrastructure <\/td>\n<\/tr>\n
40<\/td>\n4.5 Authentication <\/td>\n<\/tr>\n
41<\/td>\n4.6 Security Associations
4.7 Cryptographic Integrity and Confidentiality
4.7.1 Overview <\/td>\n<\/tr>\n
42<\/td>\n4.7.2 ESP_Header Processing <\/td>\n<\/tr>\n
43<\/td>\n4.7.3 CT_Authentication Processing <\/td>\n<\/tr>\n
45<\/td>\n4.8 Authorization (Access Control)
4.8.1 Policy Definition
4.8.2 Policy Enforcement <\/td>\n<\/tr>\n
46<\/td>\n4.8.3 Policy Distribution
4.8.4 Policy Check
4.9 Name Format <\/td>\n<\/tr>\n
47<\/td>\n5 Authentication Protocols
5.1 Overview <\/td>\n<\/tr>\n
48<\/td>\n5.2 Authentication Messages Structure
5.2.1 Overview <\/td>\n<\/tr>\n
49<\/td>\n5.2.2 SW_ILS Authentication Messages <\/td>\n<\/tr>\n
50<\/td>\n5.2.3 ELS Authentication Messages <\/td>\n<\/tr>\n
51<\/td>\n5.2.4 Fields Common to All AUTH Messages <\/td>\n<\/tr>\n
52<\/td>\n5.2.5 Vendor Specific Messages
5.3 Authentication Messages Common to Authentication Protocols
5.3.1 Overview <\/td>\n<\/tr>\n
53<\/td>\n5.3.2 AUTH_Negotiate Message <\/td>\n<\/tr>\n
54<\/td>\n5.3.3 Names used in Authentication <\/td>\n<\/tr>\n
55<\/td>\n5.3.4 Hash Functions
5.3.5 Diffie-Hellman Groups <\/td>\n<\/tr>\n
56<\/td>\n5.3.6 Accepting an AUTH_Negotiate Message
5.3.7 AUTH_Reject Message <\/td>\n<\/tr>\n
59<\/td>\n5.3.8 AUTH_Done Message <\/td>\n<\/tr>\n
60<\/td>\n5.4 DH-CHAP Protocol
5.4.1 Protocol Operations <\/td>\n<\/tr>\n
62<\/td>\n5.4.2 AUTH_Negotiate DH-CHAP Parameters
5.4.2.1 Overview
5.4.2.2 HashList Parameter <\/td>\n<\/tr>\n
63<\/td>\n5.4.2.3 DHgIDList Parameter
5.4.3 DHCHAP_Challenge Message <\/td>\n<\/tr>\n
64<\/td>\n5.4.4 DHCHAP_Reply Message <\/td>\n<\/tr>\n
66<\/td>\n5.4.5 DHCHAP_Success Message <\/td>\n<\/tr>\n
67<\/td>\n5.4.6 Key Generation for the Security Association Management Protocol
5.4.7 Reuse of Diffie-Hellman Exponential
5.4.8 DH-CHAP Security Considerations <\/td>\n<\/tr>\n
69<\/td>\n5.5 FCAP Protocol
5.5.1 Protocol Operations <\/td>\n<\/tr>\n
72<\/td>\n5.5.2 AUTH_Negotiate FCAP Parameters
5.5.2.1 Overview
5.5.2.2 HashList Parameter <\/td>\n<\/tr>\n
73<\/td>\n5.5.2.3 DHgIDList Parameter
5.5.3 FCAP_Request Message
5.5.3.1 Message Format <\/td>\n<\/tr>\n
74<\/td>\n5.5.3.2 FCAP Certificate Format <\/td>\n<\/tr>\n
76<\/td>\n5.5.3.3 FCAP Nonce Format
5.5.4 FCAP_Acknowledge Message
5.5.4.1 Message Format <\/td>\n<\/tr>\n
77<\/td>\n5.5.4.2 FCAP Signature Format <\/td>\n<\/tr>\n
78<\/td>\n5.5.5 FCAP_Confirm Message
5.5.6 Key Generation for the Security Association Management Protocol <\/td>\n<\/tr>\n
79<\/td>\n5.5.7 Reuse of Diffie-Hellman Exponential <\/td>\n<\/tr>\n
80<\/td>\n5.6 FCPAP Protocol
5.6.1 Protocol Operations <\/td>\n<\/tr>\n
83<\/td>\n5.6.2 AUTH_Negotiate FCPAP Parameters
5.6.2.1 Overview
5.6.2.2 HashList Parameter <\/td>\n<\/tr>\n
84<\/td>\n5.6.2.3 DHgIDList Parameter
5.6.3 FCPAP_Init Message <\/td>\n<\/tr>\n
85<\/td>\n5.6.4 FCPAP_Accept Message
5.6.5 FCPAP_Complete Message <\/td>\n<\/tr>\n
86<\/td>\n5.6.6 Key Generation for the Security Association Management Protocol
5.6.7 Reuse of Diffie-Hellman Exponential <\/td>\n<\/tr>\n
87<\/td>\n5.7 FCEAP Protocol
5.7.1 Protocol Operations
5.7.2 AUTH_Negotiate FCEAP Parameters <\/td>\n<\/tr>\n
88<\/td>\n5.7.3 FCEAP_Request Message
5.7.4 FCEAP_Response Message <\/td>\n<\/tr>\n
89<\/td>\n5.7.5 FCEAP_Success Message
5.7.6 FCEAP_Failure Message <\/td>\n<\/tr>\n
90<\/td>\n5.7.7 AUTH_Reject Use
5.7.8 AUTH_ELS and AUTH_ILS Size Requirements <\/td>\n<\/tr>\n
91<\/td>\n5.7.9 Supported EAP Methods
5.7.10 Key Generation for the Security Association Management Protocol <\/td>\n<\/tr>\n
92<\/td>\n5.8 AUTH_ILS Specification
5.8.1 Overview <\/td>\n<\/tr>\n
93<\/td>\n5.8.2 AUTH_ILS Request Sequence <\/td>\n<\/tr>\n
94<\/td>\n5.8.3 AUTH_ILS Reply Sequence
5.9 B_AUTH_ILS Specification
5.9.1 Overview <\/td>\n<\/tr>\n
96<\/td>\n5.9.2 B_AUTH_ILS Request Sequence <\/td>\n<\/tr>\n
97<\/td>\n5.9.3 B_AUTH_ILS Reply Sequence
5.10 AUTH_ELS Specification
5.10.1 Overview <\/td>\n<\/tr>\n
99<\/td>\n5.10.2 AUTH_ELS Request Sequence <\/td>\n<\/tr>\n
100<\/td>\n5.10.3 AUTH_ELS Reply Sequence
5.10.4 AUTH_ELS Fragmentation <\/td>\n<\/tr>\n
105<\/td>\n5.10.5 Authentication and Login <\/td>\n<\/tr>\n
106<\/td>\n5.11 Re-Authentication <\/td>\n<\/tr>\n
107<\/td>\n5.12 Timeouts <\/td>\n<\/tr>\n
108<\/td>\n6 Security Association Management Protocol
6.1 Introduction
6.1.1 General Overview <\/td>\n<\/tr>\n
111<\/td>\n6.1.2 IKE_SA_Init Overview
6.1.3 IKE_Auth Overview <\/td>\n<\/tr>\n
112<\/td>\n6.1.4 IKE_Create_Child_SA Overview
6.2 SA Management Messages
6.2.1 General Structure <\/td>\n<\/tr>\n
113<\/td>\n6.2.2 IKE_Header Payload <\/td>\n<\/tr>\n
114<\/td>\n6.2.3 Chaining Header <\/td>\n<\/tr>\n
116<\/td>\n6.2.4 AUTH_Reject Message Use
6.3 IKE_SA_Init Message
6.3.1 Overview <\/td>\n<\/tr>\n
117<\/td>\n6.3.2 Security_Association Payload
6.3.2.1 Negotiation of Security Association Parameters <\/td>\n<\/tr>\n
118<\/td>\n6.3.2.2 Payload Structure <\/td>\n<\/tr>\n
122<\/td>\n6.3.2.3 Transform Types <\/td>\n<\/tr>\n
125<\/td>\n6.3.2.4 Mandatory Transform_IDs <\/td>\n<\/tr>\n
126<\/td>\n6.3.2.5 Transform Attributes <\/td>\n<\/tr>\n
128<\/td>\n6.3.3 Key_Exchange Payload
6.3.4 Nonce Payload
6.4 IKE_Auth Message
6.4.1 Overview <\/td>\n<\/tr>\n
130<\/td>\n6.4.2 Encrypted Payload <\/td>\n<\/tr>\n
131<\/td>\n6.4.3 Identification Payload <\/td>\n<\/tr>\n
132<\/td>\n6.4.4 Authentication Payload
6.4.5 Traffic Selector Payload <\/td>\n<\/tr>\n
134<\/td>\n6.4.6 Certificate Payload <\/td>\n<\/tr>\n
135<\/td>\n6.4.7 Certificate Request Payload <\/td>\n<\/tr>\n
137<\/td>\n6.5 IKE_Create_Child_SA Message <\/td>\n<\/tr>\n
138<\/td>\n6.6 IKE_Informational Message
6.6.1 Overview <\/td>\n<\/tr>\n
140<\/td>\n6.6.2 Notify Payload <\/td>\n<\/tr>\n
143<\/td>\n6.6.3 Delete Payload <\/td>\n<\/tr>\n
144<\/td>\n6.6.4 Vendor_ID Payload <\/td>\n<\/tr>\n
145<\/td>\n6.7 Interaction with the Authentication Protocols
6.7.1 Overview
6.7.2 Concatenation of Authentication and SA Management Transactions <\/td>\n<\/tr>\n
147<\/td>\n6.7.3 SA Management Transaction as Authentication Transaction <\/td>\n<\/tr>\n
148<\/td>\n6.8 IKEv2 Protocol Details
6.8.1 Use of Retransmission Timers
6.8.2 Use of Sequence Numbers for Message_IDs <\/td>\n<\/tr>\n
149<\/td>\n6.8.3 Overlapping Requests
6.8.4 State Synchronization and Connection Timeouts
6.8.5 Cookies and Anti-Clogging Protection
6.8.6 Cryptographic Algorithms Negotiation
6.8.7 Rekeying
6.8.8 Traffic Selector Negotiation <\/td>\n<\/tr>\n
150<\/td>\n6.8.9 Nonces
6.8.10 Reuse of Diffie-Hellman Exponential
6.8.11 Generating Keying Material
6.8.12 Generating Keying Material for the IKE_SA
6.8.13 Authentication of the IKE_SA <\/td>\n<\/tr>\n
151<\/td>\n6.8.14 Generating Keying Material for Child_SAs
6.8.15 Rekeying IKE_SAs using the IKE_Create_Child_SA exchange
6.8.16 IKE_Informational Messages outside of an IKE_SA
6.8.17 Error Handling
6.8.18 Conformance Requirements <\/td>\n<\/tr>\n
152<\/td>\n6.8.19 Rekeying IKE_SAs when Refreshing Authentication <\/td>\n<\/tr>\n
153<\/td>\n7 Fabric Policies
7.1 Policies Definition
7.1.1 Overview <\/td>\n<\/tr>\n
155<\/td>\n7.1.2 Names used to define Policies <\/td>\n<\/tr>\n
157<\/td>\n7.1.3 Policy Summary Object
7.1.3.1 Format <\/td>\n<\/tr>\n
158<\/td>\n7.1.3.2 Ordering Requirements
7.1.4 Switch Membership List Object
7.1.4.1 Format <\/td>\n<\/tr>\n
163<\/td>\n7.1.4.2 Ordering Requirements
7.1.5 Node Membership List Object
7.1.5.1 Format <\/td>\n<\/tr>\n
166<\/td>\n7.1.5.2 Ordering Requirements <\/td>\n<\/tr>\n
167<\/td>\n7.1.6 Switch Connectivity Object
7.1.6.1 Format <\/td>\n<\/tr>\n
168<\/td>\n7.1.6.2 Ordering Requirements
7.1.7 IP Management List Object
7.1.7.1 Format <\/td>\n<\/tr>\n
172<\/td>\n7.1.7.2 Ordering Requirements
7.1.8 Attribute Object
7.1.8.1 Format <\/td>\n<\/tr>\n
174<\/td>\n7.1.8.2 Ordering Requirements
7.2 Policies Enforcement
7.2.1 Overview
7.2.2 Switch-to-Switch Connections <\/td>\n<\/tr>\n
175<\/td>\n7.2.3 Switch-to-Node Connections <\/td>\n<\/tr>\n
176<\/td>\n7.2.4 In-Band Management Access to a Switch <\/td>\n<\/tr>\n
177<\/td>\n7.2.5 IP Management Access to a Switch <\/td>\n<\/tr>\n
178<\/td>\n7.2.6 Direct Management Access to a Switch <\/td>\n<\/tr>\n
179<\/td>\n7.2.7 Authentication Enforcement
7.3 Policies Management
7.3.1 Management Interface <\/td>\n<\/tr>\n
181<\/td>\n7.3.2 Fabric Distribution <\/td>\n<\/tr>\n
184<\/td>\n7.3.3 Relationship between Security Policy Server Requests and Fabric Actions
7.3.4 Policy Objects Support
7.3.4.1 Get Policy Objects Support (GPOS) <\/td>\n<\/tr>\n
187<\/td>\n7.3.4.2 ESS Security Policy Server Capability Object <\/td>\n<\/tr>\n
188<\/td>\n7.3.5 Optional Data
7.3.5.1 Overview <\/td>\n<\/tr>\n
189<\/td>\n7.3.5.2 Vendor Specific Security Object
7.3.6 Detailed Management Specification
7.3.6.1 Get Policy Summary (GPS) <\/td>\n<\/tr>\n
190<\/td>\n7.3.6.2 Activate Policy Summary (APS)
7.3.6.3 Deactivate Policy Summary (DPS) <\/td>\n<\/tr>\n
191<\/td>\n7.3.6.4 Get Policy Object (GPO) <\/td>\n<\/tr>\n
192<\/td>\n7.3.6.5 Get All Lists Names (GALN) <\/td>\n<\/tr>\n
193<\/td>\n7.3.6.6 Get All Attribute Objects Names (GAAO) <\/td>\n<\/tr>\n
194<\/td>\n7.3.6.7 Add Policy Object (APO) <\/td>\n<\/tr>\n
195<\/td>\n7.3.6.8 Remove Policy Object (RPO) <\/td>\n<\/tr>\n
196<\/td>\n7.3.6.9 Remove All Non-Active Policy Objects (RANA) <\/td>\n<\/tr>\n
197<\/td>\n7.4 Policies Check
7.4.1 Overview
7.4.2 CPS Request Sequence <\/td>\n<\/tr>\n
198<\/td>\n7.4.3 CPS Reply Sequence
7.5 Policy Summation ELSs
7.5.1 Overview
7.5.2 Fabric Change Notification Specification <\/td>\n<\/tr>\n
199<\/td>\n7.6 Zoning Policies
7.6.1 Overview
7.6.2 Management Requests
7.6.2.1 Overview <\/td>\n<\/tr>\n
200<\/td>\n7.6.2.2 Get Fabric Enhanced Zoning Support (GFEZ) Additions
7.6.2.3 Set Fabric Enhanced Zoning Support (SFEZ) Additions <\/td>\n<\/tr>\n
201<\/td>\n7.6.2.4 SP Commit Zone Changes (SPCMIT) <\/td>\n<\/tr>\n
202<\/td>\n7.6.3 Fabric Operations
7.6.3.1 Overview
7.6.3.2 ESS Enhanced Zone Server Capability Object Additions
7.6.3.3 The Zoning Check Protocol
7.6.3.3.1 Overview <\/td>\n<\/tr>\n
203<\/td>\n7.6.3.3.2 ZCP Request Sequence
7.6.3.3.3 ZCP Reply Sequence <\/td>\n<\/tr>\n
204<\/td>\n7.6.3.4 Additional SFC Operation Request Codes
7.6.3.4.1 Overview <\/td>\n<\/tr>\n
205<\/td>\n7.6.3.4.2 Operation Request \u2018FC-SP Activate Zone Set Enhanced\u2019 <\/td>\n<\/tr>\n
206<\/td>\n7.6.3.4.3 Operation Request \u2018FC-SP Deactivate Zone Set Enhanced\u2019
7.6.3.4.4 Operation Request \u2018FC-SP Distribute Zone Set Database\u2019 <\/td>\n<\/tr>\n
207<\/td>\n7.6.3.4.5 Operation Request \u2018FC-SP Activate Zone Set by Name\u2019
7.6.3.4.6 Operation Request \u2018FC-SP Set Zoning Policies\u2019
7.6.3.5 Fabric Behavior to Handle the CT SFEZ Request <\/td>\n<\/tr>\n
208<\/td>\n7.6.4 Zoning Ordering Rules
7.6.4.1 Active Zone Set
7.6.4.2 Zone Set Database <\/td>\n<\/tr>\n
209<\/td>\n7.6.5 The Client-Server Protocol
7.6.5.1 Overview
7.6.5.2 Zone Information Request (ZIR)
7.6.5.2.1 Overview <\/td>\n<\/tr>\n
210<\/td>\n7.6.5.2.2 ZIR Request Sequence
7.6.5.2.3 ZIR Reply Sequence <\/td>\n<\/tr>\n
212<\/td>\n8 Combinations of Security Protocols
8.1 Entity Authentication Overview
8.2 Terminology <\/td>\n<\/tr>\n
213<\/td>\n8.3 Scope of Security Relationships
8.3.1 N_Port_ID Virtualization
8.3.2 Nx_Port Entity to a Fabric Entity <\/td>\n<\/tr>\n
214<\/td>\n8.3.3 Nx_Port Entity to Nx_Port Entity
8.4 Entity Authentication Model <\/td>\n<\/tr>\n
216<\/td>\n8.5 Abstract Services for Entity Authentication
8.5.1 Overview
8.5.2 Authentication Service
8.5.2.1 Authentication Request
8.5.2.2 Abandon Authentication Request
8.5.2.3 Reauthentication
8.5.2.4 Spurious Traffic <\/td>\n<\/tr>\n
217<\/td>\n8.5.3 Security Service
8.5.3.1 Maintain Security Policy
8.5.3.2 Clear Security Relationships
8.5.3.3 IKEv2 Dead Peer
8.5.4 FC-2 Service
8.5.4.1 Maintain ELS Buffer Condition Requirements
8.5.4.2 N_Port_ID Assignment Request
8.5.4.3 N_Port Login Request
8.5.4.4 Negotiate ELS Buffer Conditions Request
8.5.4.5 Explicit Logout Request <\/td>\n<\/tr>\n
218<\/td>\n8.5.4.6 Implicit Logout Request
8.5.4.7 Terminate All Communication Request
8.5.4.8 Link Initialization Request
8.5.4.9 Disable Request <\/td>\n<\/tr>\n
219<\/td>\n8.5.4.10 PLOGI Arrival
8.5.4.11 Login Complete
8.5.4.12 N_Port_ID Assignment Complete
8.5.4.13 Explicit Logout Complete
8.5.4.14 Port Logout
8.5.4.15 Fabric Logout
8.5.4.16 Link Parameter Change <\/td>\n<\/tr>\n
220<\/td>\n8.5.4.17 Security Change
8.5.4.18 Security Enforcement <\/td>\n<\/tr>\n
222<\/td>\n8.6 Nx_Port to Fabric Authentication (NFA) State Machine
8.6.1 Overview <\/td>\n<\/tr>\n
223<\/td>\n8.6.2 NFA States <\/td>\n<\/tr>\n
224<\/td>\n8.6.3 NFA Events
8.6.4 NFA Transitions
8.6.4.1 All:S1 <\/td>\n<\/tr>\n
225<\/td>\n8.6.4.2 All:S2
8.6.4.3 All:S6 <\/td>\n<\/tr>\n
226<\/td>\n8.6.4.4 S1:S2
8.6.4.5 S2:S1 <\/td>\n<\/tr>\n
227<\/td>\n8.6.4.6 S2:S3
8.6.4.7 S2:S4
8.6.4.8 S2:S5 <\/td>\n<\/tr>\n
228<\/td>\n8.6.4.9 S3:S4
8.6.4.10 S3:S6
8.6.4.11 S4:S1 <\/td>\n<\/tr>\n
229<\/td>\n8.6.4.12 S4:S5
8.6.4.13 S4:S6
8.6.4.14 S5:S1
8.6.4.15 S5:S5 <\/td>\n<\/tr>\n
230<\/td>\n8.6.4.16 S5:S6
8.7 Fabric from Nx_Port Authentication (FNA) State Machine
8.7.1 Overview <\/td>\n<\/tr>\n
231<\/td>\n8.7.2 FNA States <\/td>\n<\/tr>\n
232<\/td>\n8.7.3 FNA Events
8.7.4 FNA Transitions
8.7.4.1 All:S1 <\/td>\n<\/tr>\n
233<\/td>\n8.7.4.2 All:S2 <\/td>\n<\/tr>\n
234<\/td>\n8.7.4.3 All:S6
8.7.4.4 S2:S1 <\/td>\n<\/tr>\n
235<\/td>\n8.7.4.5 S2:S2
8.7.4.6 S2:S3 <\/td>\n<\/tr>\n
236<\/td>\n8.7.4.7 S2:S4
8.7.4.8 S2:S5 <\/td>\n<\/tr>\n
237<\/td>\n8.7.4.9 S3:S4
8.7.4.10 S3:S6
8.7.4.11 S4:S1 <\/td>\n<\/tr>\n
238<\/td>\n8.7.4.12 S4:S2
8.7.4.13 S4:S5
8.7.4.14 S4:S6
8.7.4.15 S5:S1 <\/td>\n<\/tr>\n
239<\/td>\n8.7.4.16 S5:S2
8.7.4.17 S5:S5
8.7.4.18 S5:S6 <\/td>\n<\/tr>\n
240<\/td>\n8.8 Nx_Port to Nx_Port Authentication (NNA) State Machine
8.8.1 Overview <\/td>\n<\/tr>\n
241<\/td>\n8.8.2 NNA States <\/td>\n<\/tr>\n
242<\/td>\n8.8.3 NNA Events
8.8.4 NNA Transitions
8.8.4.1 All:S1 <\/td>\n<\/tr>\n
243<\/td>\n8.8.4.2 All:S2 <\/td>\n<\/tr>\n
244<\/td>\n8.8.4.3 All:S6
8.8.4.4 S1:S1
8.8.4.5 S1:S2
8.8.4.6 S2:S1 <\/td>\n<\/tr>\n
245<\/td>\n8.8.4.7 S2:S3 <\/td>\n<\/tr>\n
246<\/td>\n8.8.4.8 S2:S4
8.8.4.9 S2:S5
8.8.4.10 S3:S4 <\/td>\n<\/tr>\n
247<\/td>\n8.8.4.11 S3:S6
8.8.4.12 S4:S1
8.8.4.13 S4:S5
8.8.4.14 S4:S6 <\/td>\n<\/tr>\n
248<\/td>\n8.8.4.15 S5:S1
8.8.4.16 S5:S5
8.8.4.17 S5:S6 <\/td>\n<\/tr>\n
249<\/td>\n8.9 Additional Security State Machines
8.9.1 E_Port to E_Port Security Checks
8.9.1.1 Overview
8.9.1.2 States <\/td>\n<\/tr>\n
250<\/td>\n8.9.1.3 Transitions
8.9.2 B_Port Security Checks
8.9.3 Switch Security Checks with Virtual Fabrics
8.9.3.1 Overview <\/td>\n<\/tr>\n
251<\/td>\n8.9.3.2 States
8.9.3.3 Transitions <\/td>\n<\/tr>\n
252<\/td>\n8.9.4 N_Port Security Checks with Virtual Fabrics
8.10 Impact on Other Standards <\/td>\n<\/tr>\n
254<\/td>\nAnnex A: FC-SP-2 Compliance Summary (normative)
A.1 Compliance Elements
A.1.1 Overview <\/td>\n<\/tr>\n
255<\/td>\nA.1.2 FC-SP-2 Compliance
A.1.3 Conventions <\/td>\n<\/tr>\n
256<\/td>\nA.2 Authentication Compliance Elements
A.2.1 AUTH-A <\/td>\n<\/tr>\n
257<\/td>\nA.2.2 AUTH-B1 <\/td>\n<\/tr>\n
258<\/td>\nA.2.3 AUTH-B2 <\/td>\n<\/tr>\n
259<\/td>\nA.2.4 AUTH-B3 <\/td>\n<\/tr>\n
260<\/td>\nA.3 SA Management Compliance Elements
A.3.1 Algorithms Support <\/td>\n<\/tr>\n
262<\/td>\nA.3.2 SA-A <\/td>\n<\/tr>\n
263<\/td>\nA.3.3 SA-B <\/td>\n<\/tr>\n
266<\/td>\nA.3.4 SA-C1 <\/td>\n<\/tr>\n
268<\/td>\nA.3.5 SA-C2 <\/td>\n<\/tr>\n
270<\/td>\nA.3.6 SA-C3 <\/td>\n<\/tr>\n
272<\/td>\nA.4 Policy Compliance Elements
A.4.1 POL-A1 <\/td>\n<\/tr>\n
273<\/td>\nA.4.2 POL-A2 <\/td>\n<\/tr>\n
274<\/td>\nA.4.3 POL-A3 <\/td>\n<\/tr>\n
275<\/td>\nA.4.4 POL-B3 <\/td>\n<\/tr>\n
278<\/td>\nAnnex B: KMIP Profile for FC-SP-2 EAP-GPSK (Normative)
B.1 Scope
B.2 Overview
B.3 KMIP profile specification
B.3.1 FC-SP-2 EAP-GPSK Profile
B.3.2 FC-SP-2 EAP-GPSK Authentication Suite
B.3.2.1 Protocol <\/td>\n<\/tr>\n
279<\/td>\nB.3.2.2 Client Authenticity
B.3.2.3 Client Identity
B.3.2.4 Object Creator
B.3.2.5 Access Policy <\/td>\n<\/tr>\n
280<\/td>\nB.3.3 FC-SP-2 EAP\/GPSK Key Foundry and Server Conformance Clause <\/td>\n<\/tr>\n
282<\/td>\nAnnex C: Random Number Generation and Secret Storage (informative)
C.1 Random Number Generator
C.2 Secret Storage <\/td>\n<\/tr>\n
283<\/td>\nAnnex D: RADIUS Deployment (informative)
D.1 Overview
D.2 RADIUS Servers
D.2.1 Overview <\/td>\n<\/tr>\n
284<\/td>\nD.2.2 Digest Algorithm
D.3 RADIUS Messages
D.3.1 Message Types <\/td>\n<\/tr>\n
285<\/td>\nD.3.2 Radius Attributes
D.3.2.1 User-Name <\/td>\n<\/tr>\n
287<\/td>\nD.3.2.2 CHAP-Password
D.3.2.3 CHAP-Challenge <\/td>\n<\/tr>\n
288<\/td>\nD.4 RADIUS Authentication
D.4.1 RADIUS Authentication Method <\/td>\n<\/tr>\n
289<\/td>\nD.4.2 RADIUS Authentication with NULL DH algorithm <\/td>\n<\/tr>\n
291<\/td>\nD.4.3 Bidirectional Authentication with RADIUS <\/td>\n<\/tr>\n
292<\/td>\nD.4.4 RADIUS Authentication with DH option <\/td>\n<\/tr>\n
294<\/td>\nAnnex E: Examples of Proposals Negotiation for the SA Management Protocol (informative) <\/td>\n<\/tr>\n
295<\/td>\nAnnex F: Guidelines for Mapping Access Control Requirements to Fabric Policies (informative) <\/td>\n<\/tr>\n
296<\/td>\nAnnex G: Pre FC-SP-2 Fabric Policy Implementations (informative)
G.1 Overview
G.2 Fabric Management Policy Set
G.2.1 Fabric Management Policy Set Overview
G.2.2 FMPS Hierarchy Model
G.2.3 Policy Description <\/td>\n<\/tr>\n
297<\/td>\nG.2.4 Policy Distribution
G.2.5 Signature, Version Stamp, and Timestamp <\/td>\n<\/tr>\n
298<\/td>\nG.2.6 FMPS Object Structure
G.2.7 Fabric Initialization And Fabric Join Procedures
G.2.7.1 Overview <\/td>\n<\/tr>\n
299<\/td>\nG.2.7.2 Protocol Requirements
G.2.7.3 Fabric Initialization Process <\/td>\n<\/tr>\n
300<\/td>\nG.2.7.4 Fabric Join
G.2.7.5 Full Database Distribution During Initialization and Joining Process
G.2.7.6 Database Distribution Request from an administrator
G.2.8 FMPS Payload Format
G.2.8.1 General Download Request Format <\/td>\n<\/tr>\n
303<\/td>\nG.2.8.2 Certificate Download Request
G.2.8.3 Security Policy Download Request
G.2.8.4 Security Policy Set Object <\/td>\n<\/tr>\n
304<\/td>\nG.2.8.5 Security Policy Object <\/td>\n<\/tr>\n
305<\/td>\nG.2.8.6 Policy Member Object <\/td>\n<\/tr>\n
306<\/td>\nG.2.8.7 Zone Set Object Structure
G.2.8.8 General Download Accept Format <\/td>\n<\/tr>\n
307<\/td>\nG.3 Fabric Binding
G.3.1 Fabric Binding Overview <\/td>\n<\/tr>\n
308<\/td>\nG.3.2 Joining Switches
G.3.3 Managing User-Initiated Change Requests
G.3.4 Fabric Binding Objects
G.3.4.1 Fabric Binding Membership List Entry
G.3.5 Fabric Binding Commands <\/td>\n<\/tr>\n
309<\/td>\nG.3.6 Exchange Fabric Membership Data (EFMD)
G.3.6.1 Overview
G.3.6.2 EFMD Request Payload <\/td>\n<\/tr>\n
310<\/td>\nG.3.6.3 Fabric Membership Data Exchange Rules <\/td>\n<\/tr>\n
311<\/td>\nG.3.6.4 EFMD Accept Payload
G.3.7 Exchange Security Attributes (ESA)
G.3.7.1 Overview <\/td>\n<\/tr>\n
312<\/td>\nG.3.7.2 ESA Request Payload
G.3.7.3 Enforced Security Attribute Object
G.3.7.4 Use of Enforced Security Attribute and Required Security Attribute Mask <\/td>\n<\/tr>\n
313<\/td>\nG.3.7.5 Extended Security Attribute Object
G.3.7.6 Use of Extended Security Attribute and Required Extended Security Attribute Mask
G.3.7.7 ESA Accept Payload
G.3.8 Query Security Attributes (QSA) Version 1
G.3.8.1 Overview <\/td>\n<\/tr>\n
314<\/td>\nG.3.8.2 QSA Version 1 Request Payload
G.3.8.3 QSA Version 1 Accept Payload <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

BS EN IEC 14165-432. Information technology. Fibre channel. Security protocols. 2 (FC-SP-2)<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2019<\/td>\n315<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":359979,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-359969","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/359969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/359979"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=359969"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=359969"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=359969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}