Cisco Cisco IOS Software Release 12.4(23)
8. Rationale
Document Organization
40
Security Target For Cisco IOS IPSec
O.NOREPLAY
Provide a means to detect if an eavesdropper has
copied a packet flow and retransmitting it to the
TOE.
Provide a means to detect if an eavesdropper has
copied a packet flow and retransmitting it to the
TOE.
The SFRs [FCO_NRO.2, FDP_IFC.1, FDP_IFF.1,
FTP_ITC.1] are sufficient to satisfy the objective
because:
FTP_ITC.1] are sufficient to satisfy the objective
because:
•
The FTP_ITC.1 SFR establishes a trust
relationship with a remote trusted IT product
(such as another instance of the TOE)
relationship with a remote trusted IT product
(such as another instance of the TOE)
•
Packet flows received by the TOE are marked
using the FCO_NRO.2 SFR with a sequence
number that is uniquely associated with a
remote trusted IT product
using the FCO_NRO.2 SFR with a sequence
number that is uniquely associated with a
remote trusted IT product
•
The information flow control SFP and the
scope of control of the policies that form the
identified information flow control portion of
the TSP are identified and defined by the
FDP_IFC.1 SFR
scope of control of the policies that form the
identified information flow control portion of
the TSP are identified and defined by the
FDP_IFC.1 SFR
•
The FDP_IFF.1 SFR is used to identify which
remote trusted IT product is providing
integrity verification for which packet flow,
and which packet flow is to be protected
when transmitted to a remote trusted IT
product
remote trusted IT product is providing
integrity verification for which packet flow,
and which packet flow is to be protected
when transmitted to a remote trusted IT
product
Table 19
SFR Sufficiency (continued)
Objectives
Requirements