Cisco Cisco IOS Software Release 12.4(4)T
8. Rationale
Document Organization
48
Version 1.0
FIA_AFL.1
The TSF CONFIG.1 satisfies this requirement by detecting unsuccessful authentication attempts, and
locking a user from authenticated access to the TOE when the number of consecutive unsuccessful
authentication attempts reaches a limit set by an authorized administrator. The account then requires
unlocking by an authorized administrator before the user can be authenticated.
locking a user from authenticated access to the TOE when the number of consecutive unsuccessful
authentication attempts reaches a limit set by an authorized administrator. The account then requires
unlocking by an authorized administrator before the user can be authenticated.
FMT_MTD.2
The TSF CONFIG.1 satisfies this requirement by allowing an authorized administrator to set the
threshold of unsuccessful authentication attempts required before a user account is locked. The TSF then
enforces the requirements of FIA_AFL.1 should this occur.
threshold of unsuccessful authentication attempts required before a user account is locked. The TSF then
enforces the requirements of FIA_AFL.1 should this occur.
FMT_SMR.1
The TSF CONFIG.1 satisfies this requirement by maintaining the role of authorized administrator. The
TSF is able to associate users with this role.
TSF is able to associate users with this role.
FMT_MOF.1(1)
The TSF CONFIG.1 satisfies this requirement by allowing only the authorized administrators the right
to manage the operation and single use authentication functions of the TOE.
to manage the operation and single use authentication functions of the TOE.
FMT_MOF.1(2)
The TSF CONFIG.1 satisfies this requirement by allowing only the authorized administrators the right
to manage the configuration of the TOE security functions including those that implement the
UNAUTHENTICATED_SFP.
to manage the configuration of the TOE security functions including those that implement the
UNAUTHENTICATED_SFP.
FMT_MSA.1(1)
The TSF CONFIG.1 satisfies this requirement by allowing only the authorized administrators the right
to manage the configuration that enforces the UNAUTHENTICATED_SFP.
to manage the configuration that enforces the UNAUTHENTICATED_SFP.
FMT_MSA.1(2)
The TSF CONFIG.1 satisfies this requirement by allowing only the authorized administrators the right
to manage the configuration that enforces the UNAUTHENTICATED_SFP.
to manage the configuration that enforces the UNAUTHENTICATED_SFP.
FMT_MSA.3
The TSF CONFIG.1 satisfies this requirement by ensuring that restrictive default values are allocated to
security attributes for the UNAUTHENTICATED_SFP, and allowing the authorized administrator to
alter the values from the default.
security attributes for the UNAUTHENTICATED_SFP, and allowing the authorized administrator to
alter the values from the default.
FIA_ATD.1
The TSF CONFIG.1 satisfies this requirement by maintaining all required security attributes belonging
to individual users.
to individual users.
FMT_MTD.1(1)
The TSF CONFIG.1 satisfies this requirement by only allowing the authorized administrator to alter the
TSF configuration.
TSF configuration.
FMT_MTD.1(2)
The TSFs CONFIG.1 and CONFIG.2 satisfy this requirement by only allowing the authorized
administrator to alter the system time.
administrator to alter the system time.