Cisco Cisco IOS Software Release 12.4(23)

The TOE functional security requirements are drawn from [CC] Part 2, with the exception of 
FAU_AUD.1, which is a bespoke security functional component, based on the [CC] Part 2 component 
FAU_GEN.1.

It was found to be necessary to include FAU_AUD.1 instead of FAU_GEN.1 as the requirements 
imposed by FAU_GEN.1 are not appropriate for the TOE. The TOE does not record the startup and 
shutdown of audit functions as the TOE has no facility to shutdown the audit functionality. Additionally, 
the TOE is designed to remain operational at all times, making the requirement for audit of startup and 
shutdown redundant.

Selections are enclosed in [square brackets], assignments are enclosed in [square brackets and 
underlined], refinements are in bold and/or strikethrough.

The TSF shall be able to generate an audit record of the following auditable events:

All auditable events for the [not specified] level of audit; and

[ Errors during IKE processing,
Errors during IPSEC processing,
When a packet matches a filtering rule, and
Errors during digital certificate processing ]

The TSF shall record within each audit record at least the following information: 

Date and time of the event, type of event, subject identity, and the outcome (success or failure) of 
the event; and

For each audit event type, based on the auditable event definitions of the functional components 
included in the PP/ST, [no other audit relevant information] 

FAU_AUD.1.2 

The TSF shall provide [authorized users] with the capability to read [all audit information] from the audit 
records.

FAU_SAR1.1

The TSF shall provide the audit records in a manner suitable for the user to interpret the 
information.

FAU_SAR.1.2