Cisco Cisco IOS Software Release 12.4(23)

Descargar
Página de 54
 
8. Rationale
  Document Organization
45
Security Target For Cisco IOS IPSec
FMT_MTD.1
The TSF CONFIG.2 satisfies this requirement by only allowing the privileged administrator to alter the 
TSF configuration
FMT_SMF.1
The TSFs CONFIG.1, CONFIG.2 and CONFIG.3 satisfy this requirement as these TSFs provide all the 
means with which to interact with the security configuration of the TOE. 
FMT_SMR.2
The TSF CONFIG.2 satisfies this requirement by maintaining administrator and privileged administrator 
roles and ensuring that a user is authenticated as an administrator before allowing them to authenticate 
as a privileged administrator by using the “enable” password.
FMT_SMR.3
The TSF CONFIG.2 satisfies this requirement by requiring the user to explicitly request using the 
“enable” command to assume the role of privileged administrator.
FPT_AMT.1
The TSF CONFIG.2 satisfies this requirement by initiating a suite of tests upon startup to ensure proper 
operation of the underlying abstract machine which underlies the TOE.
FPT_STM.1
The TSF CONFIG.1 satisfies this requirement by monitoring the network time and using the timestamp 
in audit records.
FPT_TST.1
The TSF CONFIG.2 satisfies this requirement by initiating a suite of tests upon startup to ensure proper 
operation of the TOE functions.
FTA_TSE.1
The TSF PACKETFILTER.1 satisfies this requirement by examining each packet and discarding those 
which do not match the access control list it holds. 
FTP_ITC.1
The TSFs IPSEC.1, IPSEC.2 and IPSEC.3 satisfy this requirement by authenticating IPSec peers using 
pre-shared keys, RSA keys or digital certificates and establishing a trusted channel (called Security 
Associations) for the communication of information with assured identification of end-points; using ESP 
on IP datagrams to provide confidentiality, authentication, integrity and non-repudiation of sender; and 
maintaining a cryptographic map which ensures that packet flow source, destination and transmission 
parameters are controlled
8.2.3 SFR Dependency Rationale
 shows that the security target has been satisfied SFR’s with dependencies.