Cisco Cisco IOS Software Release 12.4(4)T
5. IT Security Requirements
Document Organization
25
Version 1.0
5.1.9. FMT_MSA.1 Management of security attributes (2)
FMT_MSA.1.1 (2) - The TSF shall enforce the [UNAUTHENTICATED_SFP] to restrict the ability to
delete and [create] the security attributes [information flow rules described in FDP_IFF.1(1)] to [the
privileged administrator].
delete and [create] the security attributes [information flow rules described in FDP_IFF.1(1)] to [the
privileged administrator].
5.1.10. FMT_MSA.3 Static attribute initialization
FMT_MSA.3.1 - The TSF shall enforce the [UNAUTHENTICATED_SFP] to provide restrictive default
values for information flow security attributes that are used to enforce the SFP.
values for information flow security attributes that are used to enforce the SFP.
FMT_MSA.3.2 - The TSF shall allow the [privileged administrator] to specify alternative initial values
to override the default values when an object or information is created.
to override the default values when an object or information is created.
5.1.11. FMT_MTD.1 Management of TSF data (1)
FMT_MTD.1.1(1) - The TSF shall restrict the ability to query, modify, delete, [and assign] the [user
attributes defined in FIA_ATD.1.1] to [the privileged administrator].
attributes defined in FIA_ATD.1.1] to [the privileged administrator].
5.1.12. FMT_MTD.1 Management of TSF data (2)
FMT_MTD.1.1(2) - The TSF shall restrict the ability to [set] the [time and date used to form the
timestamps in FPT_STM.1.1] to [the privileged administrator].
timestamps in FPT_STM.1.1] to [the privileged administrator].
5.1.13. FMT_MTD.2 Management of limits on TSF data
FMT_MTD.2.1 - The TSF shall restrict the specification of the limits for [the number of authentication
failures] to [the privileged administrator].
failures] to [the privileged administrator].
FMT_MTD.2.2 - The TSF shall take the following actions, if the TSF data are at, or exceed, the indicated
limits: [actions specified in FIA_AFL.1.2].
limits: [actions specified in FIA_AFL.1.2].
5.1.13. FDP_RIP.1 Subset residual information protection
FDP_RIP.1.1 - The TSF shall ensure that any previous information content of a resource is made
unavailable upon the allocation of the resource to the following objects: [resources that are used by the
subjects of the TOE to communicate through the TOE to other subjects].
unavailable upon the allocation of the resource to the following objects: [resources that are used by the
subjects of the TOE to communicate through the TOE to other subjects].
5.1.15. FCS_COP.1 Cryptographic operation
FCS_COP.1.1 - The TSF shall perform [encryption of remote authorized administrator sessions] in
accordance with a specified cryptographic algorithm: [Triple Data Encryption Standard (DES) as
specified in FIPS PUB 46-3 and implementing any mode of operation specified in FIPS PUB 46-3 with
Keying Option 1 (K1, K2, K3 are independent keys)] and cryptographic key sizes [that are 192 binary
digits in length and Advanced Encryption Standard (AES) as specified in FIPS PUB 197 and
cryptographic key sizes [that are 128 binary digits in length] that meet the following: [FIPS PUB 46-3
with Keying Option 1 and FIPS PUB 140-1 (Level 1)].
accordance with a specified cryptographic algorithm: [Triple Data Encryption Standard (DES) as
specified in FIPS PUB 46-3 and implementing any mode of operation specified in FIPS PUB 46-3 with
Keying Option 1 (K1, K2, K3 are independent keys)] and cryptographic key sizes [that are 192 binary
digits in length and Advanced Encryption Standard (AES) as specified in FIPS PUB 197 and
cryptographic key sizes [that are 128 binary digits in length] that meet the following: [FIPS PUB 46-3
with Keying Option 1 and FIPS PUB 140-1 (Level 1)].