{"id":126893,"date":"2024-10-19T05:41:57","date_gmt":"2024-10-19T05:41:57","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-iso-iec-14165-4322022\/"},"modified":"2024-10-24T23:22:45","modified_gmt":"2024-10-24T23:22:45","slug":"bs-iso-iec-14165-4322022","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-iso-iec-14165-4322022\/","title":{"rendered":"BS ISO\/IEC 14165-432:2022"},"content":{"rendered":"<h4>PDF Catalog<\/h4>\n<table border=\"1px\" class=\"des-table\">\n<tr>\n<th>PDF Pages<\/th>\n<th>PDF Title<\/th>\n<\/tr>\n<tr>\n<td><b>2<b><\/td>\n<td>undefined  <\/td>\n<\/tr>\n<tr>\n<td><b>4<b><\/td>\n<td>Contents  <\/td>\n<\/tr>\n<tr>\n<td><b>17<b><\/td>\n<td>FOREWORD  <\/td>\n<\/tr>\n<tr>\n<td><b>19<b><\/td>\n<td>INTRODUCTION  <\/td>\n<\/tr>\n<tr>\n<td><b>20<b><\/td>\n<td>1 Scope  <\/td>\n<\/tr>\n<tr>\n<td><b>21<b><\/td>\n<td>2 Normative references  <\/td>\n<\/tr>\n<tr>\n<td><b>25<b><\/td>\n<td>3 Terms, definitions, symbols, abbreviated terms, and conventions <br \/> 3.1 Terms and definitions  <\/td>\n<\/tr>\n<tr>\n<td><b>32<b><\/td>\n<td>3.2 Symbols and abbreviated terms  <\/td>\n<\/tr>\n<tr>\n<td><b>33<b><\/td>\n<td>3.3 Editorial conventions <br \/> Tables <br \/> Table 1 \u2013 ISO and American conventions  <\/td>\n<\/tr>\n<tr>\n<td><b>34<b><\/td>\n<td>3.4 Keywords  <\/td>\n<\/tr>\n<tr>\n<td><b>35<b><\/td>\n<td>3.5 T10 Vendor ID <br \/> 3.6 Sorting  <\/td>\n<\/tr>\n<tr>\n<td><b>36<b><\/td>\n<td>3.7 Terminate communication  <\/td>\n<\/tr>\n<tr>\n<td><b>37<b><\/td>\n<td>3.8 State machine notation <br \/> 3.9 Using numbers in hash functions and concatenation functions <br \/> Figures <br \/> Figure 1 \u2013 State machine example  <\/td>\n<\/tr>\n<tr>\n<td><b>39<b><\/td>\n<td>4 Structure and Concepts <br \/> 4.1 Overview <br \/> 4.2 FC-SP-2 Compliance <br \/> 4.3 Fabric Security Architecture <br \/> 4.4 Authentication Infrastructure  <\/td>\n<\/tr>\n<tr>\n<td><b>40<b><\/td>\n<td>4.5 Authentication <br \/> Figure 2 \u2013 Relationship between Authentication Protocols and Security Associations  <\/td>\n<\/tr>\n<tr>\n<td><b>41<b><\/td>\n<td>4.6 Security Associations <br \/> 4.7 Cryptographic Integrity and Confidentiality <br \/> 4.7.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>42<b><\/td>\n<td>4.7.2 ESP_Header Processing <br \/> Figure 3 \u2013 Logical Model for Integrity and Confidentiality Protection with ESP_Header  <\/td>\n<\/tr>\n<tr>\n<td><b>43<b><\/td>\n<td>4.7.3 CT_Authentication Processing  <\/td>\n<\/tr>\n<tr>\n<td><b>44<b><\/td>\n<td>Figure 4 \u2013 Logical Model for Integrity and Confidentiality Protection with CT_Authentication  <\/td>\n<\/tr>\n<tr>\n<td><b>45<b><\/td>\n<td>4.8 Authorization (Access Control) <br \/> 4.8.1 Policy Definition <br \/> 4.8.2 Policy Enforcement  <\/td>\n<\/tr>\n<tr>\n<td><b>46<b><\/td>\n<td>4.8.3 Policy Distribution <br \/> 4.8.4 Policy Check <br \/> 4.9 Name Format <br \/> Table 2 \u2013 Name Format  <\/td>\n<\/tr>\n<tr>\n<td><b>47<b><\/td>\n<td>5 Authentication Protocols <br \/> 5.1 Overview <br \/> Figure 5 \u2013 A Generic Authentication Transaction  <\/td>\n<\/tr>\n<tr>\n<td><b>48<b><\/td>\n<td>5.2 Authentication Messages Structure <br \/> 5.2.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>49<b><\/td>\n<td>5.2.2 SW_ILS Authentication Messages <br \/> Table 3 \u2013 AUTH_ILS Message Format <br \/> Table 4 \u2013 AUTH_ILS Flags  <\/td>\n<\/tr>\n<tr>\n<td><b>50<b><\/td>\n<td>5.2.3 ELS Authentication Messages <br \/> Table 5 \u2013 B_AUTH_ILS Message Format <br \/> Table 6 \u2013 AUTH_ELS Message Format <br \/> Table 7 \u2013 AUTH_ELS Flags  <\/td>\n<\/tr>\n<tr>\n<td><b>51<b><\/td>\n<td>5.2.4 Fields Common to All AUTH Messages <br \/> Table 8 \u2013 AUTH Message Codes  <\/td>\n<\/tr>\n<tr>\n<td><b>52<b><\/td>\n<td>5.2.5 Vendor Specific Messages <br \/> 5.3 Authentication Messages Common to Authentication Protocols <br \/> 5.3.1 Overview <br \/> Table 9 \u2013 Vendor Specific Message Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>53<b><\/td>\n<td>5.3.2 AUTH_Negotiate Message <br \/> Table 10 \u2013 AUTH_Negotiate Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>54<b><\/td>\n<td>5.3.3 Names used in Authentication <br \/> Table 11 \u2013 Authentication Protocol Identifiers <br \/> Table 12 \u2013 AUTH_Negotiate Vendor Specific Protocol Parameters <br \/> Table 13 \u2013 Names used in Authentication  <\/td>\n<\/tr>\n<tr>\n<td><b>55<b><\/td>\n<td>5.3.4 Hash Functions <br \/> 5.3.5 Diffie-Hellman Groups <br \/> Table 14 \u2013 Hash Functions Identifiers <br \/> Table 15 \u2013 Diffie-Hellman Group Identifiers (part 1 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>56<b><\/td>\n<td>5.3.6 Accepting an AUTH_Negotiate Message <br \/> 5.3.7 AUTH_Reject Message <br \/> Table 15 \u2013 Diffie-Hellman Group Identifiers (part 2 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>57<b><\/td>\n<td>Figure 6 \u2013 Example of AUTH_Reject <br \/> Table 16 \u2013 AUTH_Reject Message Payload <br \/> Table 17 \u2013 AUTH_Reject Reason Codes  <\/td>\n<\/tr>\n<tr>\n<td><b>58<b><\/td>\n<td>Table 18 \u2013 AUTH_Reject Reason Code Explanations <br \/> Table 19 \u2013 Error Conditions (part 1 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>59<b><\/td>\n<td>5.3.8 AUTH_Done Message <br \/> Table 19 \u2013 Error Conditions (part 2 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>60<b><\/td>\n<td>5.4 DH-CHAP Protocol <br \/> 5.4.1 Protocol Operations <br \/> Figure 7 \u2013 A DH-CHAP Protocol Transaction Example  <\/td>\n<\/tr>\n<tr>\n<td><b>61<b><\/td>\n<td>Table 20 \u2013 Mathematical Notation for DH-CHAP  <\/td>\n<\/tr>\n<tr>\n<td><b>62<b><\/td>\n<td>5.4.2 AUTH_Negotiate DH-CHAP Parameters <br \/> Table 21 \u2013 AUTH_Negotiate DH-CHAP Protocol Parameters <br \/> Table 22 \u2013 AUTH_Negotiate DH-CHAP Parameter Format <br \/> Table 23 \u2013 AUTH_Negotiate DH-CHAP Parameter Tags  <\/td>\n<\/tr>\n<tr>\n<td><b>63<b><\/td>\n<td>5.4.3 DHCHAP_Challenge Message <br \/> Table 24 \u2013 DHCHAP_Challenge Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>64<b><\/td>\n<td>5.4.4 DHCHAP_Reply Message  <\/td>\n<\/tr>\n<tr>\n<td><b>65<b><\/td>\n<td>Table 25 \u2013 DHCHAP_Reply Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>66<b><\/td>\n<td>5.4.5 DHCHAP_Success Message <br \/> Table 26 \u2013 DHCHAP_Success Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>67<b><\/td>\n<td>5.4.6 Key Generation for the Security Association Management Protocol <br \/> 5.4.7 Reuse of Diffie-Hellman Exponential <br \/> 5.4.8 DH-CHAP Security Considerations  <\/td>\n<\/tr>\n<tr>\n<td><b>69<b><\/td>\n<td>5.5 FCAP Protocol <br \/> 5.5.1 Protocol Operations <br \/> Table 27 \u2013 Mathematical Notation for FCAP  <\/td>\n<\/tr>\n<tr>\n<td><b>70<b><\/td>\n<td>Figure 8 \u2013 A FCAP Protocol Transaction Example  <\/td>\n<\/tr>\n<tr>\n<td><b>72<b><\/td>\n<td>5.5.2 AUTH_Negotiate FCAP Parameters <br \/> Table 28 \u2013 AUTH_Negotiate FCAP Protocol Parameters <br \/> Table 29 \u2013 AUTH_Negotiate FCAP Parameter Format <br \/> Table 30 \u2013 AUTH_Negotiate FCAP Parameter Tags  <\/td>\n<\/tr>\n<tr>\n<td><b>73<b><\/td>\n<td>5.5.3 FCAP_Request Message <br \/> Table 31 \u2013 FCAP_Request Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>74<b><\/td>\n<td>Table 32 \u2013 FCAP Certificate Format <br \/> Table 33 \u2013 Certificate Formats <br \/> Table 34 \u2013 FCAP usage of X.509v3 Certificate fields (part 1 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>75<b><\/td>\n<td>Table 34 \u2013 FCAP usage of X.509v3 Certificate fields (part 2 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>76<b><\/td>\n<td>5.5.4 FCAP_Acknowledge Message <br \/> Table 35 \u2013 FCAP Nonce Format <br \/> Table 36 \u2013 Nonce Formats <br \/> Table 37 \u2013 FCAP_Acknowledge Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>77<b><\/td>\n<td>Table 38 \u2013 FCAP Signature Format <br \/> Table 39 \u2013 Signature Formats  <\/td>\n<\/tr>\n<tr>\n<td><b>78<b><\/td>\n<td>5.5.5 FCAP_Confirm Message <br \/> 5.5.6 Key Generation for the Security Association Management Protocol <br \/> Table 40 \u2013 FCAP_Confirm Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>79<b><\/td>\n<td>5.5.7 Reuse of Diffie-Hellman Exponential  <\/td>\n<\/tr>\n<tr>\n<td><b>80<b><\/td>\n<td>5.6 FCPAP Protocol <br \/> 5.6.1 Protocol Operations <br \/> Table 41 \u2013 Mathematical Notation for FCPAP  <\/td>\n<\/tr>\n<tr>\n<td><b>81<b><\/td>\n<td>Figure 9 \u2013 A FCPAP Protocol Transaction Example  <\/td>\n<\/tr>\n<tr>\n<td><b>83<b><\/td>\n<td>5.6.2 AUTH_Negotiate FCPAP Parameters <br \/> Table 42 \u2013 AUTH_Negotiate FCPAP Protocol Parameters <br \/> Table 43 \u2013 AUTH_Negotiate FCPAP Parameter Format <br \/> Table 44 \u2013 AUTH_Negotiate FCPAP Parameter Tags  <\/td>\n<\/tr>\n<tr>\n<td><b>84<b><\/td>\n<td>5.6.3 FCPAP_Init Message <br \/> Table 45 \u2013 FCPAP_Init Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>85<b><\/td>\n<td>5.6.4 FCPAP_Accept Message <br \/> 5.6.5 FCPAP_Complete Message <br \/> Table 46 \u2013 FCPAP_Accept Message Payload <br \/> Table 47 \u2013 FCPAP_Complete Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>86<b><\/td>\n<td>5.6.6 Key Generation for the Security Association Management Protocol <br \/> 5.6.7 Reuse of Diffie-Hellman Exponential  <\/td>\n<\/tr>\n<tr>\n<td><b>87<b><\/td>\n<td>5.7 FCEAP Protocol <br \/> 5.7.1 Protocol Operations <br \/> 5.7.2 AUTH_Negotiate FCEAP Parameters <br \/> Figure 10 \u2013 A FCEAP Protocol Transaction Example  <\/td>\n<\/tr>\n<tr>\n<td><b>88<b><\/td>\n<td>5.7.3 FCEAP_Request Message <br \/> 5.7.4 FCEAP_Response Message <br \/> Table 48 \u2013 FCEAP_Request Message Payload <br \/> Table 49 \u2013 FCEAP_Response Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>89<b><\/td>\n<td>5.7.5 FCEAP_Success Message <br \/> 5.7.6 FCEAP_Failure Message <br \/> Table 50 \u2013 FCEAP_Success Message Payload <br \/> Table 51 \u2013 FCEAP_Failure Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>90<b><\/td>\n<td>5.7.7 AUTH_Reject Use <br \/> 5.7.8 AUTH_ELS and AUTH_ILS Size Requirements <br \/> Figure 11 \u2013 A Failing FCEAP Protocol Transaction Example  <\/td>\n<\/tr>\n<tr>\n<td><b>91<b><\/td>\n<td>5.7.9 Supported EAP Methods <br \/> 5.7.10 Key Generation for the Security Association Management Protocol <br \/> Table 52 \u2013 Supported EAP Methods  <\/td>\n<\/tr>\n<tr>\n<td><b>92<b><\/td>\n<td>5.8 AUTH_ILS Specification <br \/> 5.8.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>93<b><\/td>\n<td>5.8.2 AUTH_ILS Request Sequence <br \/> Figure 12 \u2013 FC-2 AUTH_ILS Mapping Example for the E_Port to E_Port Case  <\/td>\n<\/tr>\n<tr>\n<td><b>94<b><\/td>\n<td>5.8.3 AUTH_ILS Reply Sequence <br \/> 5.9 B_AUTH_ILS Specification <br \/> 5.9.1 Overview <br \/> Table 53 \u2013 AUTH_ILS SW_RJT Reasons <br \/> Table 54 \u2013 AUTH_ILS SW_ACC Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>95<b><\/td>\n<td>Figure 13 \u2013 Usage of B_AUTH_ILS  <\/td>\n<\/tr>\n<tr>\n<td><b>96<b><\/td>\n<td>5.9.2 B_AUTH_ILS Request Sequence <br \/> Figure 14 \u2013 FC-2 B_AUTH_ILS Mapping Example  <\/td>\n<\/tr>\n<tr>\n<td><b>97<b><\/td>\n<td>5.9.3 B_AUTH_ILS Reply Sequence <br \/> 5.10 AUTH_ELS Specification <br \/> 5.10.1 Overview <br \/> Table 55 \u2013 B_AUTH_ILS SW_RJT Reasons <br \/> Table 56 \u2013 B_AUTH_ILS SW_ACC Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>99<b><\/td>\n<td>5.10.2 AUTH_ELS Request Sequence <br \/> Figure 15 \u2013 FC-2 AUTH_ELS Mapping Example for the Nx_Port to Nx_Port Case  <\/td>\n<\/tr>\n<tr>\n<td><b>100<b><\/td>\n<td>5.10.3 AUTH_ELS Reply Sequence <br \/> 5.10.4 AUTH_ELS Fragmentation <br \/> Table 57 \u2013 AUTH_ELS LS_RJT Reasons <br \/> Table 58 \u2013 AUTH_ELS LS_ACC Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>101<b><\/td>\n<td>Figure 16 \u2013 AUTH_ELS Fragmentation Process  <\/td>\n<\/tr>\n<tr>\n<td><b>102<b><\/td>\n<td>Figure 17 \u2013 Use of the Sequence Number Bit Example  <\/td>\n<\/tr>\n<tr>\n<td><b>103<b><\/td>\n<td>Figure 18 \u2013 FC-2 Authentication Mapping with AUTH_ELS Fragmentation Example  <\/td>\n<\/tr>\n<tr>\n<td><b>104<b><\/td>\n<td>5.10.5 Authentication and Login <br \/> Table 59 \u2013 Security Bit Applicability <br \/> Table 60 \u2013 Security Bit usage with FLOGI  <\/td>\n<\/tr>\n<tr>\n<td><b>105<b><\/td>\n<td>5.11 Re-Authentication <br \/> Table 61 \u2013 Security Bit usage with PLOGI <br \/> Table 62 \u2013 Login LS_RJT Reasons  <\/td>\n<\/tr>\n<tr>\n<td><b>106<b><\/td>\n<td>5.12 Timeouts  <\/td>\n<\/tr>\n<tr>\n<td><b>107<b><\/td>\n<td>6 Security Association Management Protocol <br \/> 6.1 Overview <br \/> 6.1.1 General <br \/> Figure 19 \u2013 An SA Management Transaction Example  <\/td>\n<\/tr>\n<tr>\n<td><b>108<b><\/td>\n<td>Table 63 \u2013 IKE Payloads Summary  <\/td>\n<\/tr>\n<tr>\n<td><b>109<b><\/td>\n<td>6.1.2 IKE_SA_Init Overview <br \/> 6.1.3 IKE_Auth Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>110<b><\/td>\n<td>6.1.4 IKE_Create_Child_SA Overview <br \/> 6.2 SA Management Messages <br \/> 6.2.1 General Structure  <\/td>\n<\/tr>\n<tr>\n<td><b>111<b><\/td>\n<td>6.2.2 IKE_Header Payload <br \/> Table 64 \u2013 IKE_Header Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>112<b><\/td>\n<td>6.2.3 Chaining Header <br \/> Table 65 \u2013 IKE Flags <br \/> Table 66 \u2013 Chaining Header Format  <\/td>\n<\/tr>\n<tr>\n<td><b>113<b><\/td>\n<td>Table 67 \u2013 IKE Payload Type Values  <\/td>\n<\/tr>\n<tr>\n<td><b>114<b><\/td>\n<td>6.2.4 AUTH_Reject Message Use <br \/> 6.3 IKE_SA_Init Message <br \/> 6.3.1 Overview <br \/> Table 68 \u2013 Chaining Flags  <\/td>\n<\/tr>\n<tr>\n<td><b>115<b><\/td>\n<td>6.3.2 Security_Association Payload <br \/> Figure 20 \u2013 An IKE_SA_Init exchange <br \/> Table 69 \u2013 IKE_SA_Init Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>117<b><\/td>\n<td>Table 70 \u2013 Examples of Proposals  <\/td>\n<\/tr>\n<tr>\n<td><b>118<b><\/td>\n<td>Table 71 \u2013 Security_Association Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>119<b><\/td>\n<td>Table 72 \u2013 Security Protocol Identifiers <br \/> Table 73 \u2013 Transforms Definition  <\/td>\n<\/tr>\n<tr>\n<td><b>120<b><\/td>\n<td>Table 74 \u2013 Transform Type Values  <\/td>\n<\/tr>\n<tr>\n<td><b>121<b><\/td>\n<td>Table 75 \u2013 Encryption Algorithms Transform_IDs (Transform Type 1) <br \/> Table 76 \u2013 Pseudo-random Functions Transform_IDs (Transform Type 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>122<b><\/td>\n<td>Table 77 \u2013 Integrity Algorithms Transform_IDs (Transform Type 3) <br \/> Table 78 \u2013 Diffie-Hellman Group Transform_IDs (Transform Type 4)  <\/td>\n<\/tr>\n<tr>\n<td><b>123<b><\/td>\n<td>Table 79 \u2013 Mandatory Transform Types <br \/> Table 80 \u2013 Mandatory and Recommended Transform_IDs (part 1 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>124<b><\/td>\n<td>Table 80 \u2013 Mandatory and Recommended Transform_IDs (part 2 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>125<b><\/td>\n<td>Table 81 \u2013 Transform Attributes Definition <br \/> Table 82 \u2013 Attribute Type Values  <\/td>\n<\/tr>\n<tr>\n<td><b>126<b><\/td>\n<td>6.3.3 Key_Exchange Payload <br \/> 6.3.4 Nonce Payload <br \/> 6.4 IKE_Auth Message <br \/> 6.4.1 Overview <br \/> Table 83 \u2013 Key_Exchange Payload Format <br \/> Table 84 \u2013 Nonce Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>127<b><\/td>\n<td>Figure 21 \u2013 An IKE_Auth exchange <br \/> Table 85 \u2013 IKE_Auth Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>128<b><\/td>\n<td>6.4.2 Encrypted Payload <br \/> Table 86 \u2013 IKE Payloads Contained in the IKE_Auth Message <br \/> Table 87 \u2013 Encrypted Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>129<b><\/td>\n<td>6.4.3 Identification Payload <br \/> Table 88 \u2013 Identification Payload Format <br \/> Table 89 \u2013 Type Identifiers  <\/td>\n<\/tr>\n<tr>\n<td><b>130<b><\/td>\n<td>6.4.4 Authentication Payload <br \/> 6.4.5 Traffic Selector Payload <br \/> Table 90 \u2013 Authentication Payload Format <br \/> Table 91 \u2013 Authentication Methods <br \/> Table 92 \u2013 Traffic Selector Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>131<b><\/td>\n<td>Table 93 \u2013 Traffic Selector Definition <br \/> Table 94 \u2013 TS Type Identifiers  <\/td>\n<\/tr>\n<tr>\n<td><b>132<b><\/td>\n<td>6.4.6 Certificate Payload <br \/> Table 95 \u2013 Certificate Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>133<b><\/td>\n<td>6.4.7 Certificate Request Payload <br \/> Table 96 \u2013 Certificate Encodings  <\/td>\n<\/tr>\n<tr>\n<td><b>134<b><\/td>\n<td>Table 97 \u2013 Certificate Request Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>135<b><\/td>\n<td>6.5 IKE_Create_Child_SA Message <br \/> Figure 22 \u2013 An IKE_Create_Child_SA exchange  <\/td>\n<\/tr>\n<tr>\n<td><b>136<b><\/td>\n<td>6.6 IKE_Informational Message <br \/> 6.6.1 Overview <br \/> Table 98 \u2013 IKE_Create_Child_SA Message Payload <br \/> Table 99 \u2013 IKE Payloads Contained in the IKE_Create_Child_SA Message  <\/td>\n<\/tr>\n<tr>\n<td><b>137<b><\/td>\n<td>Figure 23 \u2013 An IKE_Informational exchange <br \/> Table 100 \u2013 IKE_Informational Message Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>138<b><\/td>\n<td>6.6.2 Notify Payload <br \/> Table 101 \u2013 IKE Payloads Contained in the IKE_Informational Message <br \/> Table 102 \u2013 Notify Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>139<b><\/td>\n<td>Table 103 \u2013 Notify Message Types &#8211; Errors (part 1 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>140<b><\/td>\n<td>Table 103 \u2013 Notify Message Types &#8211; Errors (part 2 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>141<b><\/td>\n<td>6.6.3 Delete Payload <br \/> Table 104 \u2013 Notify Message Types &#8211; Status  <\/td>\n<\/tr>\n<tr>\n<td><b>142<b><\/td>\n<td>6.6.4 Vendor_ID Payload <br \/> Table 105 \u2013 Delete Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>143<b><\/td>\n<td>6.7 Interaction with the Authentication Protocols <br \/> 6.7.1 Overview <br \/> 6.7.2 Concatenation of Authentication and SA Management Transactions <br \/> Table 106 \u2013 Vendor_ID Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>145<b><\/td>\n<td>6.7.3 SA Management Transaction as Authentication Transaction <br \/> Figure 24 \u2013 Concatenation of Authentication and SA Management Transactions  <\/td>\n<\/tr>\n<tr>\n<td><b>146<b><\/td>\n<td>6.8 IKEv2 Protocol Details <br \/> 6.8.1 Use of Retransmission Timers <br \/> 6.8.2 Use of Sequence Numbers for Message_IDs <br \/> Figure 25 \u2013 An IKEv2-AUTH Transaction  <\/td>\n<\/tr>\n<tr>\n<td><b>147<b><\/td>\n<td>6.8.3 Overlapping Requests <br \/> 6.8.4 State Synchronization and Connection Timeouts <br \/> 6.8.5 Cookies and Anti-Clogging Protection <br \/> 6.8.6 Cryptographic Algorithms Negotiation <br \/> 6.8.7 Rekeying <br \/> 6.8.8 Traffic Selector Negotiation  <\/td>\n<\/tr>\n<tr>\n<td><b>148<b><\/td>\n<td>6.8.9 Nonces <br \/> 6.8.10 Reuse of Diffie-Hellman Exponential <br \/> 6.8.11 Generating Keying Material <br \/> 6.8.12 Generating Keying Material for the IKE_SA <br \/> 6.8.13 Authentication of the IKE_SA  <\/td>\n<\/tr>\n<tr>\n<td><b>149<b><\/td>\n<td>6.8.14 Generating Keying Material for Child_SAs <br \/> 6.8.15 Rekeying IKE_SAs using the IKE_Create_Child_SA exchange <br \/> 6.8.16 IKE_Informational Messages outside of an IKE_SA <br \/> 6.8.17 Error Handling <br \/> 6.8.18 Conformance Requirements  <\/td>\n<\/tr>\n<tr>\n<td><b>150<b><\/td>\n<td>6.8.19 Rekeying IKE_SAs when Refreshing Authentication  <\/td>\n<\/tr>\n<tr>\n<td><b>151<b><\/td>\n<td>7 Fabric Policies <br \/> 7.1 Policies Definition <br \/> 7.1.1 Overview <br \/> Figure 26 \u2013 Policy Data Structures  <\/td>\n<\/tr>\n<tr>\n<td><b>152<b><\/td>\n<td>Table 107 \u2013 Policy Objects  <\/td>\n<\/tr>\n<tr>\n<td><b>153<b><\/td>\n<td>7.1.2 Names used to define Policies <br \/> Table 108 \u2013 Names used to define Policies  <\/td>\n<\/tr>\n<tr>\n<td><b>155<b><\/td>\n<td>7.1.3 Policy Summary Object <br \/> Table 109 \u2013 Policy Summary Object Format <br \/> Table 110 \u2013 Object Flags  <\/td>\n<\/tr>\n<tr>\n<td><b>156<b><\/td>\n<td>7.1.4 Switch Membership List Object <br \/> Table 111 \u2013 Hash Field Format <br \/> Table 112 \u2013 Hash Formats  <\/td>\n<\/tr>\n<tr>\n<td><b>157<b><\/td>\n<td>Table 113 \u2013 Switch Membership List Object Format <br \/> Table 114 \u2013 Object Flags  <\/td>\n<\/tr>\n<tr>\n<td><b>158<b><\/td>\n<td>Table 115 \u2013 Switch Entry Field Format <br \/> Table 116 \u2013 Basic Switch Attributes Format <br \/> Table 117 \u2013 Switch Flags  <\/td>\n<\/tr>\n<tr>\n<td><b>160<b><\/td>\n<td>Table 118 \u2013 Policy Data Role <br \/> Table 119 \u2013 Authentication Behavior  <\/td>\n<\/tr>\n<tr>\n<td><b>161<b><\/td>\n<td>7.1.5 Node Membership List Object <br \/> Table 120 \u2013 Node Membership List Object Format  <\/td>\n<\/tr>\n<tr>\n<td><b>162<b><\/td>\n<td>Table 121 \u2013 Node Entry Field Format <br \/> Table 122 \u2013 Basic Node Attribute Format <br \/> Table 123 \u2013 Node Flags  <\/td>\n<\/tr>\n<tr>\n<td><b>163<b><\/td>\n<td>Table 124 \u2013 Common Transport Access Specifier Format <br \/> Table 125 \u2013 CT Access Descriptor Format <br \/> Table 126 \u2013 CT Access Flags  <\/td>\n<\/tr>\n<tr>\n<td><b>164<b><\/td>\n<td>Table 127 \u2013 Examples of Common Transport Access Specifiers  <\/td>\n<\/tr>\n<tr>\n<td><b>165<b><\/td>\n<td>7.1.6 Switch Connectivity Object <br \/> Table 128 \u2013 Switch Connectivity Object Format  <\/td>\n<\/tr>\n<tr>\n<td><b>166<b><\/td>\n<td>7.1.7 IP Management List Object <br \/> Table 129 \u2013 Port Connectivity Entry Format  <\/td>\n<\/tr>\n<tr>\n<td><b>167<b><\/td>\n<td>Table 130 \u2013 IP Management List Object Format <br \/> Table 131 \u2013 IP Management Entry Format  <\/td>\n<\/tr>\n<tr>\n<td><b>168<b><\/td>\n<td>Table 132 \u2013 Basic IP Management Attributes Format <br \/> Table 133 \u2013 IP Management Flags <br \/> Table 134 \u2013 Well Known Protocols Access Specifier Format <br \/> Table 135 \u2013 WKP Access Descriptor Format  <\/td>\n<\/tr>\n<tr>\n<td><b>169<b><\/td>\n<td>Table 136 \u2013 WKP Access Flags  <\/td>\n<\/tr>\n<tr>\n<td><b>170<b><\/td>\n<td>7.1.8 Attribute Object <br \/> Table 137 \u2013 Examples of Well Known Protocols Access Specifiers  <\/td>\n<\/tr>\n<tr>\n<td><b>171<b><\/td>\n<td>Table 138 \u2013 Attribute Object Format <br \/> Table 139 \u2013 Attribute Entry Format <br \/> Table 140 \u2013 Attribute Formats  <\/td>\n<\/tr>\n<tr>\n<td><b>172<b><\/td>\n<td>7.2 Policies Enforcement <br \/> 7.2.1 Overview <br \/> 7.2.2 Switch-to-Switch Connections <br \/> Table 141 \u2013 Notation for Policy Enforcement  <\/td>\n<\/tr>\n<tr>\n<td><b>173<b><\/td>\n<td>7.2.3 Switch-to-Node Connections  <\/td>\n<\/tr>\n<tr>\n<td><b>174<b><\/td>\n<td>7.2.4 In-Band Management Access to a Switch  <\/td>\n<\/tr>\n<tr>\n<td><b>175<b><\/td>\n<td>7.2.5 IP Management Access to a Switch  <\/td>\n<\/tr>\n<tr>\n<td><b>176<b><\/td>\n<td>7.2.6 Direct Management Access to a Switch  <\/td>\n<\/tr>\n<tr>\n<td><b>177<b><\/td>\n<td>7.2.7 Authentication Enforcement <br \/> 7.3 Policies Management <br \/> 7.3.1 Management Interface  <\/td>\n<\/tr>\n<tr>\n<td><b>178<b><\/td>\n<td>Figure 27 \u2013 Policy Management Model <br \/> Table 142 \u2013 Security Policy Server \u2013 Request Command Codes (part 1 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>179<b><\/td>\n<td>7.3.2 Fabric Distribution <br \/> Table 142 \u2013 Security Policy Server \u2013 Request Command Codes (part 2 of 2) <br \/> Table 143 \u2013 ESFC Operations for Fabric Policies <br \/> Table 144 \u2013 ESFC Payload for Operation \u2018Activate Policy Summary\u2019  <\/td>\n<\/tr>\n<tr>\n<td><b>180<b><\/td>\n<td>Table 145 \u2013 ESFC Payload for Operation \u2018Deactivate Policy Summary\u2019 <br \/> Table 146 \u2013 ESFC Payload for Operation \u2018Add Policy Object\u2019  <\/td>\n<\/tr>\n<tr>\n<td><b>181<b><\/td>\n<td>Table 147 \u2013 ESFC Payload for Operation \u2018Remove Policy Object\u2019 <br \/> Table 148 \u2013 ESFC Payload for Operation \u2018Remove All Non-Active Policy Objects\u2019  <\/td>\n<\/tr>\n<tr>\n<td><b>182<b><\/td>\n<td>7.3.3 Relationship between Security Policy Server Requests and Fabric Actions <br \/> 7.3.4 Policy Objects Support <br \/> Table 149 \u2013 Security Policy Server CT Requests and Fabric Actions  <\/td>\n<\/tr>\n<tr>\n<td><b>183<b><\/td>\n<td>Table 150 \u2013 GPOS Request CT_IU <br \/> Table 151 \u2013 Accept CT_IU to a GPOS Request  <\/td>\n<\/tr>\n<tr>\n<td><b>184<b><\/td>\n<td>Table 152 \u2013 Fabric Policy Objects Support Flags <br \/> Table 153 \u2013 Switch Policy Objects Support Entry Format  <\/td>\n<\/tr>\n<tr>\n<td><b>185<b><\/td>\n<td>Table 154 \u2013 Switch Policy Objects Support Flags <br \/> Table 155 \u2013 ESS Security Policy Server Capability Object Format  <\/td>\n<\/tr>\n<tr>\n<td><b>186<b><\/td>\n<td>7.3.5 Optional Data <br \/> Table 156 \u2013 Optional Data Field Format <br \/> Table 157 \u2013 Security Object Format <br \/> Table 158 \u2013 Security Object Tags  <\/td>\n<\/tr>\n<tr>\n<td><b>187<b><\/td>\n<td>7.3.6 Detailed Management Specification <br \/> Table 159 \u2013 Vendor Specific Security Object Payload Format <br \/> Table 160 \u2013 GPS Request CT_IU <br \/> Table 161 \u2013 Accept CT_IU to a GPS Request  <\/td>\n<\/tr>\n<tr>\n<td><b>188<b><\/td>\n<td>Table 162 \u2013 APS Request CT_IU <br \/> Table 163 \u2013 Accept CT_IU to an APS Request  <\/td>\n<\/tr>\n<tr>\n<td><b>189<b><\/td>\n<td>Table 164 \u2013 DPS Request CT_IU <br \/> Table 165 \u2013 Accept CT_IU to a DPS Request <br \/> Table 166 \u2013 GPO Request CT_IU  <\/td>\n<\/tr>\n<tr>\n<td><b>190<b><\/td>\n<td>Table 167 \u2013 Accept CT_IU to a GPO Request <br \/> Table 168 \u2013 GALN Request CT_IU  <\/td>\n<\/tr>\n<tr>\n<td><b>191<b><\/td>\n<td>Table 169 \u2013 Accept CT_IU to a GALN Request <br \/> Table 170 \u2013 GAAO Request CT_IU  <\/td>\n<\/tr>\n<tr>\n<td><b>192<b><\/td>\n<td>Table 171 \u2013 Accept CT_IU to a GAAO Request <br \/> Table 172 \u2013 APO Request CT_IU  <\/td>\n<\/tr>\n<tr>\n<td><b>193<b><\/td>\n<td>Table 173 \u2013 Accept CT_IU to an APO Request <br \/> Table 174 \u2013 RPO Request CT_IU  <\/td>\n<\/tr>\n<tr>\n<td><b>194<b><\/td>\n<td>Table 175 \u2013 Accept CT_IU to a RPO Request <br \/> Table 176 \u2013 RANA Request CT_IU  <\/td>\n<\/tr>\n<tr>\n<td><b>195<b><\/td>\n<td>7.4 Policies Check <br \/> 7.4.1 Overview <br \/> 7.4.2 CPS Request Sequence <br \/> Table 177 \u2013 Accept CT_IU to a RANA Request <br \/> Table 178 \u2013 Check Policy Summary SW_ILS Request Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>196<b><\/td>\n<td>7.4.3 CPS Reply Sequence <br \/> 7.5 Policy Summation ELSs <br \/> 7.5.1 Overview <br \/> 7.5.2 Fabric Change Notification Specification <br \/> Table 179 \u2013 Check Policy Summary SW_RJT Reasons <br \/> Table 180 \u2013 Check Policy Summary SW_ACC Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>197<b><\/td>\n<td>7.6 Zoning Policies <br \/> 7.6.1 Overview <br \/> 7.6.2 Management Requests  <\/td>\n<\/tr>\n<tr>\n<td><b>198<b><\/td>\n<td>Table 181 \u2013 Fabric Enhanced Zoning Support Flags Additions <br \/> Table 183 \u2013 Fabric Enhanced Zoning Request Flags Additions  <\/td>\n<\/tr>\n<tr>\n<td><b>199<b><\/td>\n<td>Table 184 \u2013 SPCMIT Request Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>200<b><\/td>\n<td>7.6.3 Fabric Operations <br \/> Table 185 \u2013 SPCMIT Accept Payload <br \/> Table 186 \u2013 ESS Zone Server Support Flags Additions  <\/td>\n<\/tr>\n<tr>\n<td><b>201<b><\/td>\n<td>Table 187 \u2013 Zoning Check Protocol SW_ILS Request Payload <br \/> Table 188 \u2013 Zoning Check Protocol SW_RJT Reasons  <\/td>\n<\/tr>\n<tr>\n<td><b>202<b><\/td>\n<td>Table 189 \u2013 Zoning Check Protocol SW_ACC Payload <br \/> Table 190 \u2013 Additional SFC Operation Request Codes  <\/td>\n<\/tr>\n<tr>\n<td><b>203<b><\/td>\n<td>Table 191 \u2013 Payload for the Operation Request \u2018FC-SP Activate Zone Set Enhanced\u2019  <\/td>\n<\/tr>\n<tr>\n<td><b>204<b><\/td>\n<td>Table 192 \u2013 Payload for the Operation Request \u2018FC-SP Deactivate Zone Set Enhanced\u2019 <br \/> Table 193 \u2013 Payload for the Operation Request \u2018FC-SP Distribute Zone Set Database\u2019  <\/td>\n<\/tr>\n<tr>\n<td><b>205<b><\/td>\n<td>Table 194 \u2013 Payload for the Operation Request \u2018FC-SP Activate Zone Set by Name\u2019 <br \/> Table 195 \u2013 Payload for the Operation Request \u2018FC-SP Set Zoning Policies\u2019  <\/td>\n<\/tr>\n<tr>\n<td><b>206<b><\/td>\n<td>7.6.4 Zoning Ordering Rules  <\/td>\n<\/tr>\n<tr>\n<td><b>207<b><\/td>\n<td>7.6.5 The Client-Server Protocol  <\/td>\n<\/tr>\n<tr>\n<td><b>208<b><\/td>\n<td>Table 196 \u2013 Zone Information Request SW_ILS Request Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>209<b><\/td>\n<td>Table 197 \u2013 Zone Information Request SW_RJT Reasons <br \/> Table 198 \u2013 Zone Information Request SW_ACC Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>210<b><\/td>\n<td>8 Combinations of Security Protocols <br \/> 8.1 Entity Authentication Overview <br \/> 8.2 Terminology  <\/td>\n<\/tr>\n<tr>\n<td><b>211<b><\/td>\n<td>8.3 Scope of Security Relationships <br \/> 8.3.1 N_Port_ID Virtualization <br \/> 8.3.2 Nx_Port Entity to a Fabric Entity <br \/> Figure 28 \u2013 Entity Authentication Standard Perspective  <\/td>\n<\/tr>\n<tr>\n<td><b>212<b><\/td>\n<td>8.3.3 Nx_Port Entity to Nx_Port Entity <br \/> 8.4 Entity Authentication Model  <\/td>\n<\/tr>\n<tr>\n<td><b>213<b><\/td>\n<td>Figure 29 \u2013 Entity Authentication Model for an Nx_Port (Informative)  <\/td>\n<\/tr>\n<tr>\n<td><b>214<b><\/td>\n<td>8.5 Abstract Services for Entity Authentication <br \/> 8.5.1 Overview <br \/> 8.5.2 Authentication Service  <\/td>\n<\/tr>\n<tr>\n<td><b>215<b><\/td>\n<td>8.5.3 Security Service <br \/> 8.5.4 FC-2 Service  <\/td>\n<\/tr>\n<tr>\n<td><b>220<b><\/td>\n<td>8.6 Nx_Port to Fabric Authentication (NFA) State Machine <br \/> 8.6.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>221<b><\/td>\n<td>8.6.2 NFA States <br \/> Figure 30 \u2013 NFA State Machine  <\/td>\n<\/tr>\n<tr>\n<td><b>222<b><\/td>\n<td>8.6.3 NFA Events <br \/> 8.6.4 NFA Transitions  <\/td>\n<\/tr>\n<tr>\n<td><b>228<b><\/td>\n<td>8.7 Fabric from Nx_Port Authentication (FNA) State Machine <br \/> 8.7.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>229<b><\/td>\n<td>8.7.2 FNA States <br \/> Figure 31 \u2013 FNA State Machine  <\/td>\n<\/tr>\n<tr>\n<td><b>230<b><\/td>\n<td>8.7.3 FNA Events <br \/> 8.7.4 FNA Transitions  <\/td>\n<\/tr>\n<tr>\n<td><b>238<b><\/td>\n<td>8.8 Nx_Port to Nx_Port Authentication (NNA) State Machine <br \/> 8.8.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>239<b><\/td>\n<td>8.8.2 NNA States <br \/> Figure 32 \u2013 NNA State Machine  <\/td>\n<\/tr>\n<tr>\n<td><b>240<b><\/td>\n<td>8.8.3 NNA Events <br \/> 8.8.4 NNA Transitions  <\/td>\n<\/tr>\n<tr>\n<td><b>247<b><\/td>\n<td>8.9 Additional Security State Machines <br \/> 8.9.1 E_Port to E_Port Security Checks <br \/> Figure 33 \u2013 State P17:Security Checks  <\/td>\n<\/tr>\n<tr>\n<td><b>248<b><\/td>\n<td>8.9.2 B_Port Security Checks <br \/> 8.9.3 Switch Security Checks with Virtual Fabrics  <\/td>\n<\/tr>\n<tr>\n<td><b>249<b><\/td>\n<td>Figure 34 \u2013 State P24(k):Security Checks  <\/td>\n<\/tr>\n<tr>\n<td><b>250<b><\/td>\n<td>8.9.4 N_Port Security Checks with Virtual Fabrics <br \/> 8.10 Impact on Other Standards  <\/td>\n<\/tr>\n<tr>\n<td><b>251<b><\/td>\n<td>Annex A: FC-SP-2 Compliance Summary (normative) <br \/> A.1 Compliance Elements <br \/> A.1.1 Overview <br \/> Table A.1 \u2013 FC-SP-2 Authentication Compliance Elements <br \/> Table A.2 \u2013 FC-SP-2 SA Management Compliance Elements <br \/> Table A.3 \u2013 FC-SP-2 Policy Compliance Elements  <\/td>\n<\/tr>\n<tr>\n<td><b>252<b><\/td>\n<td>A.1.2 FC-SP-2 Compliance <br \/> A.1.3 Conventions <br \/> Table A.4 \u2013 Feature Set table terms and definitions <br \/> Table A.5 \u2013 Feature Set table key abbreviations  <\/td>\n<\/tr>\n<tr>\n<td><b>253<b><\/td>\n<td>A.2 Authentication Compliance Elements <br \/> A.2.1 AUTH-A <br \/> Table A.6 \u2013 Authentication Protocols Support for AUTH-A <br \/> Table A.7 \u2013 AUTH Messages Support for AUTH-A <br \/> Table A.8 \u2013 Hash Functions Support for AUTH-A <br \/> Table A.9 \u2013 DH Groups Support for AUTH-A  <\/td>\n<\/tr>\n<tr>\n<td><b>254<b><\/td>\n<td>A.2.2 AUTH-B1 <br \/> Table A.10 \u2013 Authentication Protocols Support for AUTH-B1 <br \/> Table A.11 \u2013 AUTH Messages Support for AUTH-B1 <br \/> Table A.12 \u2013 Hash Functions Support for AUTH-B1 <br \/> Table A.13 \u2013 DH Groups Support for AUTH-B1  <\/td>\n<\/tr>\n<tr>\n<td><b>255<b><\/td>\n<td>A.2.3 AUTH-B2 <br \/> Table A.14 \u2013 Authentication Protocols Support for AUTH-B2 <br \/> Table A.15 \u2013 AUTH Messages Support for AUTH-B2 <br \/> Table A.16 \u2013 Hash Functions Support for AUTH-B2 <br \/> Table A.17 \u2013 DH Groups Support for AUTH-B2  <\/td>\n<\/tr>\n<tr>\n<td><b>256<b><\/td>\n<td>A.2.4 AUTH-B3 <br \/> Table A.18 \u2013 Authentication Protocols Support for AUTH-B3 <br \/> Table A.19 \u2013 AUTH Messages Support for AUTH-B3 <br \/> Table A.20 \u2013 Hash Functions Support for AUTH-B3 <br \/> Table A.21 \u2013 DH Groups Support for AUTH-B3  <\/td>\n<\/tr>\n<tr>\n<td><b>257<b><\/td>\n<td>A.3 SA Management Compliance Elements <br \/> A.3.1 Algorithms Support <br \/> Table A.22 \u2013 Security Protocols Support <br \/> Table A.23 \u2013 Encryption Algorithms Support <br \/> Table A.24 \u2013 Pseudo Random Functions Support  <\/td>\n<\/tr>\n<tr>\n<td><b>258<b><\/td>\n<td>Table A.25 \u2013 Integrity Algorithms Support <br \/> Table A.26 \u2013 SA Management DH Groups Support  <\/td>\n<\/tr>\n<tr>\n<td><b>259<b><\/td>\n<td>A.3.2 SA-A <br \/> Table A.27 \u2013 SA Management Protocol Support for SA-A <br \/> Table A.28 \u2013 AUTH Messages Support for SA-A <br \/> Table A.29 \u2013 IKEv2 Payloads Support for SA-A  <\/td>\n<\/tr>\n<tr>\n<td><b>260<b><\/td>\n<td>A.3.3 SA-B <br \/> Table A.29 \u2013 IKEv2 Payloads Support for SA-A <br \/> Table A.30 \u2013 SA Management Protocol Support for SA-B  <\/td>\n<\/tr>\n<tr>\n<td><b>261<b><\/td>\n<td>Table A.31 \u2013 AUTH Messages Support for SA-B <br \/> Table A.32 \u2013 Authentication Hash Functions Support for SA-B <br \/> Table A.33 \u2013 Authentication DH Groups Support for SA-B <br \/> Table A.34 \u2013 IKEv2 Payloads Support for SA-B (part 1 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>262<b><\/td>\n<td>Table A.34 \u2013 IKEv2 Payloads Support for SA-B (part 2 of 2)  <\/td>\n<\/tr>\n<tr>\n<td><b>263<b><\/td>\n<td>A.3.4 SA-C1 <br \/> Table A.35 \u2013 SA Management Protocol Support for SA-C1 <br \/> Table A.36 \u2013 AUTH Messages Support for SA-C1 <br \/> Table A.37 \u2013 Authentication Hash Functions Support for SA-C1  <\/td>\n<\/tr>\n<tr>\n<td><b>264<b><\/td>\n<td>Table A.38 \u2013 Authentication DH Groups Support for SA-C1 <br \/> Table A.39 \u2013 IKEv2 Payloads Support for SA-C1  <\/td>\n<\/tr>\n<tr>\n<td><b>265<b><\/td>\n<td>A.3.5 SA-C2 <br \/> Table A.40 \u2013 SA Management Protocol Support for SA-C2 <br \/> Table A.41 \u2013 AUTH Messages Support for SA-C2 <br \/> Table A.42 \u2013 Authentication Hash Functions Support for SA-C2  <\/td>\n<\/tr>\n<tr>\n<td><b>266<b><\/td>\n<td>Table A.43 \u2013 Authentication DH Groups Support for SA-C2 <br \/> Table A.44 \u2013 IKEv2 Payloads Support for SA-C2  <\/td>\n<\/tr>\n<tr>\n<td><b>267<b><\/td>\n<td>A.3.6 SA-C3 <br \/> Table A.45 \u2013 SA Management Protocol Support for SA-C3 <br \/> Table A.46 \u2013 AUTH Messages Support for SA-C3 <br \/> Table A.47 \u2013 Authentication Hash Functions Support for SA-C3  <\/td>\n<\/tr>\n<tr>\n<td><b>268<b><\/td>\n<td>Table A.48 \u2013 Authentication DH Groups Support for SA-C3 <br \/> Table A.49 \u2013 IKEv2 Payloads Support for SA-C3  <\/td>\n<\/tr>\n<tr>\n<td><b>269<b><\/td>\n<td>A.4 Policy Compliance Elements <br \/> A.4.1 POL-A1 <br \/> Table A.50 \u2013 Protocols Support for POL-A1 <br \/> Table A.51 \u2013 Policy Objects Support for POL-A1 <br \/> Table A.52 \u2013 Switch Flags Support for POL-A1  <\/td>\n<\/tr>\n<tr>\n<td><b>270<b><\/td>\n<td>A.4.2 POL-A2 <br \/> Table A.53 \u2013 Security Policy Server Support for POL-A1 <br \/> Table A.54 \u2013 EUFC Operations Support for POL-A1 <br \/> Table A.55 \u2013 Protocols Support for POL-A2  <\/td>\n<\/tr>\n<tr>\n<td><b>271<b><\/td>\n<td>A.4.3 POL-A3 <br \/> Table A.56 \u2013 Policy Objects Support for POL-A2 <br \/> Table A.57 \u2013 Security Policy Server Support for POL-A2 <br \/> Table A.58 \u2013 EUFC Operations Support for POL-A2 <br \/> Table A.59 \u2013 Protocols Support for POL-A3  <\/td>\n<\/tr>\n<tr>\n<td><b>272<b><\/td>\n<td>A.4.4 POL-B3 <br \/> Table A.60 \u2013 Protocols Support for POL-B3 <br \/> Table A.61 \u2013 Policy Objects Support for POL-B3 <br \/> Table A.62 \u2013 Switch Flags Support for POL-B3  <\/td>\n<\/tr>\n<tr>\n<td><b>273<b><\/td>\n<td>Table A.63 \u2013 Security Policy Server Support for POL-B3 <br \/> Table A.64 \u2013 EUFC Operations Support for POL-B3  <\/td>\n<\/tr>\n<tr>\n<td><b>274<b><\/td>\n<td>Annex B: KMIP Profile for FC-SP-2 EAP-GPSK (Normative) <br \/> B.1 Overview <br \/> B.2 General <br \/> B.3 KMIP profile specification <br \/> B.3.1 FC-SP-2 EAP-GPSK Profile <br \/> B.3.2 FC-SP-2 EAP-GPSK Authentication Suite <br \/> B.3.2.1 Protocol  <\/td>\n<\/tr>\n<tr>\n<td><b>275<b><\/td>\n<td>B.3.2.2 Client Authenticity <br \/> B.3.2.3 Client Identity <br \/> B.3.2.4 Object Creator <br \/> B.3.2.5 Access Policy  <\/td>\n<\/tr>\n<tr>\n<td><b>276<b><\/td>\n<td>B.3.3 FC-SP-2 EAP\/GPSK Key Foundry and Server Conformance Clause  <\/td>\n<\/tr>\n<tr>\n<td><b>278<b><\/td>\n<td>Annex C: Random Number Generation and Secret Storage (informative) <br \/> C.1 Random Number Generator <br \/> C.2 Secret Storage  <\/td>\n<\/tr>\n<tr>\n<td><b>279<b><\/td>\n<td>Annex D: RADIUS Deployment (informative) <br \/> D.1 Overview <br \/> D.2 RADIUS Servers <br \/> D.2.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>280<b><\/td>\n<td>D.2.2 Digest Algorithm <br \/> D.3 RADIUS Messages <br \/> D.3.1 Message Types <br \/> Table D.1 \u2013 RADIUS Message Format <br \/> Table D.2 \u2013 RADIUS Message Codes  <\/td>\n<\/tr>\n<tr>\n<td><b>281<b><\/td>\n<td>D.3.2 Radius Attributes <br \/> D.3.2.1 User-Name <br \/> Table D.3 \u2013 User-Name Attribute  <\/td>\n<\/tr>\n<tr>\n<td><b>282<b><\/td>\n<td>Table D.4 \u2013 Binary to UTF-8 Transformation  <\/td>\n<\/tr>\n<tr>\n<td><b>283<b><\/td>\n<td>D.3.2.2 CHAP-Password <br \/> D.3.2.3 CHAP-Challenge <br \/> Table D.5 \u2013 CHAP-Password Attribute  <\/td>\n<\/tr>\n<tr>\n<td><b>284<b><\/td>\n<td>D.4 RADIUS Authentication <br \/> D.4.1 RADIUS Authentication Method <br \/> Table D.6 \u2013 CHAP-Challenge Attribute  <\/td>\n<\/tr>\n<tr>\n<td><b>285<b><\/td>\n<td>D.4.2 RADIUS Authentication with NULL DH algorithm <br \/> Table D.7 \u2013 Mathematical Notation for RADIUS Authentication  <\/td>\n<\/tr>\n<tr>\n<td><b>286<b><\/td>\n<td>Figure D.1 \u2013 Unidirectional Authentication with RADIUS  <\/td>\n<\/tr>\n<tr>\n<td><b>287<b><\/td>\n<td>D.4.3 Bidirectional Authentication with RADIUS <br \/> Figure D.2 \u2013 Bidirectional Authentication with RADIUS  <\/td>\n<\/tr>\n<tr>\n<td><b>288<b><\/td>\n<td>D.4.4 RADIUS Authentication with DH option  <\/td>\n<\/tr>\n<tr>\n<td><b>289<b><\/td>\n<td>Figure D.3 \u2013 DH-CHAP Authentication with RADIUS  <\/td>\n<\/tr>\n<tr>\n<td><b>290<b><\/td>\n<td>Annex E: Examples of Proposals Negotiation for the SA Management Protocol (informative)  <\/td>\n<\/tr>\n<tr>\n<td><b>291<b><\/td>\n<td>Annex F: Guidelines for Mapping Access Control Requirements to Fabric Policies (informative)  <\/td>\n<\/tr>\n<tr>\n<td><b>292<b><\/td>\n<td>Annex G: Pre FC-SP-2 Fabric Policy Implementations (informative) <br \/> G.1 Overview <br \/> G.2 Fabric Management Policy Set <br \/> G.2.1 Fabric Management Policy Set Overview <br \/> G.2.2 FMPS Hierarchy Model <br \/> G.2.3 Policy Description  <\/td>\n<\/tr>\n<tr>\n<td><b>293<b><\/td>\n<td>G.2.4 Policy Distribution <br \/> G.2.5 Signature, Version Stamp, and Timestamp  <\/td>\n<\/tr>\n<tr>\n<td><b>294<b><\/td>\n<td>G.2.6 FMPS Object Structure <br \/> G.2.7 Fabric Initialization And Fabric Join Procedures <br \/> G.2.7.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>295<b><\/td>\n<td>G.2.7.2 Protocol Requirements <br \/> G.2.7.3 Fabric Initialization Process  <\/td>\n<\/tr>\n<tr>\n<td><b>296<b><\/td>\n<td>G.2.7.4 Fabric Join <br \/> G.2.7.5 Full Database Distribution During Initialization and Joining Process <br \/> G.2.7.6 Database Distribution Request from an administrator  <\/td>\n<\/tr>\n<tr>\n<td><b>297<b><\/td>\n<td>G.2.8 FMPS Payload Format <br \/> G.2.8.1 General Download Request Format  <\/td>\n<\/tr>\n<tr>\n<td><b>298<b><\/td>\n<td>Table G.1 \u2013 Security Request Payload <br \/> Table G.2 \u2013 Security Command Code  <\/td>\n<\/tr>\n<tr>\n<td><b>299<b><\/td>\n<td>G.2.8.2 Certificate Download Request <br \/> Table G.3 \u2013 Version Stamp Format <br \/> Table G.4 \u2013 Certificate Download Object  <\/td>\n<\/tr>\n<tr>\n<td><b>300<b><\/td>\n<td>G.2.8.3 Security Policy Download Request <br \/> G.2.8.4 Security Policy Set Object <br \/> Table G.5 \u2013 Security Policy Set Object  <\/td>\n<\/tr>\n<tr>\n<td><b>301<b><\/td>\n<td>G.2.8.5 Security Policy Object <br \/> Table G.6 \u2013 Security Policy Object <br \/> Table G.7 \u2013 Type Value  <\/td>\n<\/tr>\n<tr>\n<td><b>302<b><\/td>\n<td>G.2.8.6 Policy Member Object <br \/> Table G.8 \u2013 Policy Type Value <br \/> Table G.9 \u2013 Policy Member Object  <\/td>\n<\/tr>\n<tr>\n<td><b>303<b><\/td>\n<td>G.2.8.7 Zone Set Object Structure <br \/> G.2.8.8 General Download Accept Format <br \/> Table G.10 \u2013 Member Type Value <br \/> Table G.11 \u2013 Download Accept Payload Format  <\/td>\n<\/tr>\n<tr>\n<td><b>304<b><\/td>\n<td>G.3 Fabric Binding <br \/> G.3.1 Fabric Binding Overview <br \/> Table G.12 \u2013 Request Response Code values <br \/> Table G.13 \u2013 Request Reason Code values  <\/td>\n<\/tr>\n<tr>\n<td><b>305<b><\/td>\n<td>G.3.2 Joining Switches <br \/> G.3.3 Managing User-Initiated Change Requests <br \/> G.3.4 Fabric Binding Objects <br \/> G.3.4.1 Fabric Binding Membership List Entry <br \/> G.3.5 Fabric Binding Commands <br \/> Table G.14 \u2013 Fabric Binding Membership List Entry  <\/td>\n<\/tr>\n<tr>\n<td><b>306<b><\/td>\n<td>G.3.6 Exchange Fabric Membership Data (EFMD) <br \/> G.3.6.1 Overview <br \/> G.3.6.2 EFMD Request Payload <br \/> Table G.15 \u2013 Fabric Configuration Data Requests <br \/> Table G.16 \u2013 EFMD Request Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>307<b><\/td>\n<td>G.3.6.3 Fabric Membership Data Exchange Rules <br \/> Table G.17 \u2013 Operation Field Values <br \/> Table G.18 \u2013 Fabric Binding Operation Membership Data  <\/td>\n<\/tr>\n<tr>\n<td><b>308<b><\/td>\n<td>G.3.6.4 EFMD Accept Payload <br \/> G.3.7 Exchange Security Attributes (ESA) <br \/> G.3.7.1 Overview <br \/> Table G.19 \u2013 EFMD Accept Payload <br \/> Table G.20 \u2013 EFMD Reason Codes Additions  <\/td>\n<\/tr>\n<tr>\n<td><b>309<b><\/td>\n<td>G.3.7.2 ESA Request Payload <br \/> G.3.7.3 Enforced Security Attribute Object <br \/> G.3.7.4 Use of Enforced Security Attribute and Required Security Attribute Mask <br \/> Table G.21 \u2013 ESA Request Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>310<b><\/td>\n<td>G.3.7.5 Extended Security Attribute Object <br \/> G.3.7.6 Use of Extended Security Attribute and Required Extended Security Attribute Mask <br \/> G.3.7.7 ESA Accept Payload <br \/> G.3.8 Query Security Attributes (QSA) Version 1 <br \/> G.3.8.1 Overview <br \/> Table G.22 \u2013 ESA Accept Payload  <\/td>\n<\/tr>\n<tr>\n<td><b>311<b><\/td>\n<td>G.3.8.2 QSA Version 1 Request Payload <br \/> G.3.8.3 QSA Version 1 Accept Payload <br \/> Table G.23 \u2013 QSA Request Payload  <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p><b>Information technology. Fibre channel &#8211; Security Protocols. 2 (FC-SP-2)<\/b><\/p>\n<table class=\"shortdes-table\" style=\"width: 100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td>Published By<\/td>\n<td>Publication Date<\/td>\n<td>Number of Pages<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/pdfstandards.shop\/product-category\/publishers\/bsi\/\"><b>BSI<\/b><\/a><\/td>\n<td>2024<\/td>\n<td>312<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":126894,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-126893","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/126893","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/126894"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=126893"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=126893"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=126893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}