Cisco Cisco IOS Software Release 12.4(23)

5. IT Security Requirements

Document Organization

Security Target For Cisco IOS IPSec

5.1.20 - Management of TSF data (FMT_MTD.1)

The TSF shall restrict the ability to [

query

query, modify, delete and clear]

the [TSF configuration] to [

administrator

privileged administrator].

FMT_MTD.1.1

Application Note: the administrator can only query, whereas the privileged administrator can query
modify and delete the TSF configuration.

5.1.21Specification of Management Functions (FMT_SMF.1)

The TSF shall be capable of performing the following security management functions: [

determine the behavior of, the configuration of functions that implement information flow control
SFP;

configure the cryptographic TSFs;

configure audit management;

view all audit information in a manner suitable for interpretation;

query, modify and delete the TSF Configuration and its security attributes; and

create, delete and modify usernames for use with the access control functions of IOS.

configure system time attributes.

FMT_SMF.1.1

5.1.22 - Restrictions on security roles (FMT_SMR.2)

The TSF shall maintain the roles: [administrator and privileged administrator].

FMT_SMR.2.1

The TSF shall be able to associate users with roles.

FMT_SMR.2.2

The TSF shall ensure that the conditions [that a user has to be authenticated as an administrator before
they can be allowed to authenticate as a privileged administrator] are satisfied.

FMT_SMR.2.3

5.1.23 - Assuming roles (FMT_SMR.3)

The TSF shall require an explicit request to assume the following roles: [privileged administrator].

FMT_SMR.3.1

5.1.24 - Reliable time stamps (FPT_STM.1)

The TSF shall be able to provide reliable time stamps for its own use.

FPT_STM.1.1

5.1.25 - Abstract machine testing (FPT_AMT.1)

The TSF shall run a suite of tests [during initial start-up] to demonstrate the correct operation of the
security assumptions provided by the abstract machine that underlies the TSF.

FPT_AMT.1