Cisco Cisco IOS Software Release 12.4(23)
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
5. IT Security Requirements
Document Organization
23
Security Target For Cisco IOS IPSec
5.1.20 - Management of TSF data (FMT_MTD.1)
The TSF shall restrict the ability to [
a.
query
b.
query, modify, delete and clear]
the [TSF configuration] to [
a.
administrator
b.
privileged administrator].
FMT_MTD.1.1
Application Note: the administrator can only query, whereas the privileged administrator can query
modify and delete the TSF configuration.
modify and delete the TSF configuration.
5.1.21Specification of Management Functions (FMT_SMF.1)
The TSF shall be capable of performing the following security management functions: [
a.
determine the behavior of, the configuration of functions that implement information flow control
SFP;
SFP;
b.
configure the cryptographic TSFs;
c.
configure audit management;
d.
view all audit information in a manner suitable for interpretation;
e.
query, modify and delete the TSF Configuration and its security attributes; and
f.
create, delete and modify usernames for use with the access control functions of IOS.
g.
configure system time attributes.
].
FMT_SMF.1.1
5.1.22 - Restrictions on security roles (FMT_SMR.2)
The TSF shall maintain the roles: [administrator and privileged administrator].
FMT_SMR.2.1
The TSF shall be able to associate users with roles.
FMT_SMR.2.2
The TSF shall ensure that the conditions [that a user has to be authenticated as an administrator before
they can be allowed to authenticate as a privileged administrator] are satisfied.
they can be allowed to authenticate as a privileged administrator] are satisfied.
FMT_SMR.2.3
5.1.23 - Assuming roles (FMT_SMR.3)
The TSF shall require an explicit request to assume the following roles: [privileged administrator].
FMT_SMR.3.1
5.1.24 - Reliable time stamps (FPT_STM.1)
The TSF shall be able to provide reliable time stamps for its own use.
FPT_STM.1.1
5.1.25 - Abstract machine testing (FPT_AMT.1)
The TSF shall run a suite of tests [during initial start-up] to demonstrate the correct operation of the
security assumptions provided by the abstract machine that underlies the TSF.
security assumptions provided by the abstract machine that underlies the TSF.
FPT_AMT.1