Cisco Cisco IOS Software Release 12.4(4)T
5. IT Security Requirements
Document Organization
23
Version 1.0
5.1.5. FIA_UAU.5 Multiple authentication mechanisms (1)
FIA_UAU.5.1 - The TSF shall provide [a password mechanism] to support user authentication.
FIA_UAU.5.2 - The TSF shall authenticate any user's claimed identity according to the [following
multiple authentication mechanism rules:
multiple authentication mechanism rules:
a.
single-use authentication mechanism shall be used for authorized administrators to access the TOE
remotely such that successful authentication must be achieved before allowing any other
TSF-mediated actions on behalf of that authorized administrator.
remotely such that successful authentication must be achieved before allowing any other
TSF-mediated actions on behalf of that authorized administrator.
b.
single-use authentication mechanism shall be used for authorized external IT entities accessing the
TOE such that successful authentication must be achieved before allowing any other TSF-mediated
actions on behalf of that authorized external IT entity.
TOE such that successful authentication must be achieved before allowing any other TSF-mediated
actions on behalf of that authorized external IT entity.
1
c.
reusable password mechanism shall be used for authorized administrators to access the TOE via a
directly connected terminal such that successful authentication must be achieved before allowing
any other TSF-mediated actions on behalf of that authorized administrator].
directly connected terminal such that successful authentication must be achieved before allowing
any other TSF-mediated actions on behalf of that authorized administrator].
5.1.6. FDP_IFC.1 Subset information flow control
FDP_IFC.1.1 - The TSF shall enforce the [UNAUTHENTICATED_SFP] on the following:
a.
[subjects: unauthenticated external IT entities that send and receive information through the TOE to
one another
one another
b.
information: traffic sent through the TOE from one subject to another
c.
operation: pass information]
5.1.7. FDP_IFF.1 Simple security attributes
FDP_IFF.1.1 - The TSF shall enforce the [UNAUTHENTICATED_SFP] based on the following types
of subject and information security attributes:
of subject and information security attributes:
1.
[subject security attributes:
•
Presumed address
•
No additional attributes
2.
Information security attributes:
•
presumed address of source subject
•
presumed address of destination subject
•
transport layer protocol
•
TOE interface on which traffic arrives and departs
•
Service
•
No additional attributes]
1. Parts a and b of FIA_UAU5.2(1) is performed by the TOE environment and hence have been removed from
FIAA_UAU.5.2(1) and included in the environmental iteration of this requirement (FIA_UAU.5.2(2)).