Cisco Cisco IOS Software Release 12.4(23)

FMT_MSA.1 and FMT_MTD.1 support all other SFRs by restricting the ability to change certain 
management functions to authorized users, ensuring other users cannot de-activate these SFRs.

FMT_MSA.2 and FMT_MSA.3 limit the acceptable values for secure data, protecting the SFRs 
dependent on those values from being de-activated.

FPT_AMT.1 and FPT_TST.1 provides for start up and user initiated testing to ensure the security 
functions are operational, thus checking for de-activation.

FIA_UID.2 and FIA_UAU.2 support other functions that allow the user access to the assets by restricting 
the actions the user can take before being authorized.

FTA_TSE.1 supports other functions by allowing the TOE to block the establishment of a user session.

FMT_SMF.1 provides for the necessary management functions with which to configure all security 
functions of the TOE.

FAU_AUD.1 and FAU_SAR.1 support other functions by providing logging functions that allow 
misconfiguration and attacks to be detected.

FPT_AMT.1 supports other functions by providing a reliable timestamp for logging messages. 

FMT_SMF.1 provides for the necessary management functions with which to configure all security 
functions of the TOE

The National Cryptographic Authority of each CC scheme is the approving authority on strength of 
cryptographic algorithms. Under these arrangements, the developers can make no claim of strength for 
cryptographic algorithms. Therefore the explicit strength of function claims for the FCS class of SFR’s 
have been addressed. This also applies to the IT Security Functions IPSEC.1, IPSEC.2, and KEYMGT.1.

For SFR FIA_UAU.5 the strength of function claim is SOF-basic. A Strength of Function claim of 
SOF-basic is also made for IT Security Function CONFIG.2.