Cisco Cisco IOS Software Release 12.4(4)T
8. Rationale
Document Organization
50
Version 1.0
8.2.3. Assurance Security Requirements Rationale
EAL4 Augmented was chosen to ensure a moderate level of security for protecting information in DoD
Mission-Critical Categories. Mission-Critical Categories of information is assumed, by nature, to have
a greater threat for disclosure and/or corruption by unauthorized parties by the assumption A.MODEXP.
Mission-Critical Categories. Mission-Critical Categories of information is assumed, by nature, to have
a greater threat for disclosure and/or corruption by unauthorized parties by the assumption A.MODEXP.
As an indirect dependency of vulnerability analysis, tools and techniques used to develop, analyze and
implement the TOE must be identified and documented. This is supported by the requirement
ALC_TAT.1. Since the threat to Mission-Critical Categories of information is greater, more detailed
product information is required as indicated by requirements ADV_HLD.2, ADV_IMP.1, and
ADV_LLD.1 in this Protection Profile. The chosen assurance level as supported by O.EAL is consistent
with the postulated threat environment. Specifically, that the threat of malicious attacks is not greater
than moderate, and the product will have undergone vulnerability analysis by the developer and
independent penetration testing by the evaluator.
implement the TOE must be identified and documented. This is supported by the requirement
ALC_TAT.1. Since the threat to Mission-Critical Categories of information is greater, more detailed
product information is required as indicated by requirements ADV_HLD.2, ADV_IMP.1, and
ADV_LLD.1 in this Protection Profile. The chosen assurance level as supported by O.EAL is consistent
with the postulated threat environment. Specifically, that the threat of malicious attacks is not greater
than moderate, and the product will have undergone vulnerability analysis by the developer and
independent penetration testing by the evaluator.
8.2.4. Mutually Supportive Security Requirements
The mutually supportive security requirements rationale is presented in section
The additional security functional requirement FMT_SMF.1 directly supports FMT_MOF.1(1) and
FMT_MOF.1(2) by providing a specific set of management functions with which to manage the security
configuration of the TOE.
FMT_MOF.1(2) by providing a specific set of management functions with which to manage the security
configuration of the TOE.
8.2.5. Strength of Function Claims
The TOE cryptographic components of the TOE are FIPS PUB 140-1 compliant, and therefore do not
require a claim of strength for cryptographic algorithms to be made.
require a claim of strength for cryptographic algorithms to be made.
Cisco Systems has completed FIPS PUB 140-2 validations for the 8xx family (Certificate #707),
18xx fixed card family (Certificate #702), 1841/2801 (Certificate #620), 2800 family
(Certificates #617,#619), 3800 family (Certificate #618), 7204VXR and 7301 (Certificate #673). The
FIPS validated versions of software do not match exactly with this evaluation. Cisco Systems asserts that
the versions of software included in this evaluation meet the requirements of FIPS PUB 140-2.
18xx fixed card family (Certificate #702), 1841/2801 (Certificate #620), 2800 family
(Certificates #617,#619), 3800 family (Certificate #618), 7204VXR and 7301 (Certificate #673). The
FIPS validated versions of software do not match exactly with this evaluation. Cisco Systems asserts that
the versions of software included in this evaluation meet the requirements of FIPS PUB 140-2.
The SFR FIA_UAU.5(1) is implemented by the TSF CONFIG.1 which utilizes probabilistic mechanisms
in order to accurately authenticate users via a username and password (CONFIG.1).
in order to accurately authenticate users via a username and password (CONFIG.1).
For the SFR FIA_UAU.5(1) the strength of function claim is SOF-medium. A strength of function claim
of SOF-medium is also made for IT Security Function CONFIG.1. A SOF claim is not required for
REMOTE.1 as it uses the TOE’s cryptographic algorithms.
of SOF-medium is also made for IT Security Function CONFIG.1. A SOF claim is not required for
REMOTE.1 as it uses the TOE’s cryptographic algorithms.
Identification and Authentication functions performed by the Windows 2000 platform also have a
strength of function claim of SOF-medium as specified in the section 8.2.6 of the Windows 2000
Security Target, Version 2.0, 18 October 2002. The Windows 2000 platform Identification and
Authentication functionality is in direct support of the SFR FAU_STG.1 and the TSF AUDIT.2 which
protect the audit data stored on the PFSS.
strength of function claim of SOF-medium as specified in the section 8.2.6 of the Windows 2000
Security Target, Version 2.0, 18 October 2002. The Windows 2000 platform Identification and
Authentication functionality is in direct support of the SFR FAU_STG.1 and the TSF AUDIT.2 which
protect the audit data stored on the PFSS.
The TOE claims a minimum strength of function of SOF-medium for the TOE security functional
requirements and the TOE as a whole.
requirements and the TOE as a whole.