Cisco Cisco IOS Software Release 12.4(23)

The Threat agents against the TOE are attackers with expertise, resources, and motivation that combines 
to be a low attack potential. 

TOE addresses threats listed in 

 describes the organizational security policies relevant to the operation of the TOE.

The organizational security policy, P.Connectivity, is required because it determines how packet flows 
between trusted networks can be transmitted over an untrusted network. Each instance of the TOE 
implements a portion of P.Connectivity, which must be matched to, and consistent with, other instances 
of the TOE for the TOE security functions to be effective. 

T.Attack

An attacker (whether an insider or outsider) may 
gain access to the TOE and compromise its 
security functions by altering its configuration.

T.Untrusted-Path

An attacker may attempt to disclose, modify, or 
insert data within packet flows transmitted and 
received by the TOE over an untrusted network.

If such an attack was successful, the 
confidentiality, integrity, and authenticity of 
packet flows transmitted and received over an 
untrusted path would be compromised.

P.Connectivity

The organizational security policy will 

Specify whether networks connected to the 
TOE are trusted or untrusted

Define which packet flows are to be protected 
by the TOE

Associate each protected packet flow with a 
peer TOE that will decrypt/encrypt the flow