Cisco Cisco IOS Software Release 12.4(23)
8. Rationale
Document Organization
44
Security Target For Cisco IOS IPSec
FCS_COP.1 (2)
The TSF IPSEC.2 satisfies this requirement by providing a mechanism by which transmitted packets can
be digitally signed, and digital signatures can be verified.
be digitally signed, and digital signatures can be verified.
FDP_IFC.1
The TSFs IPSEC.3 and PACKETFILTER.1 satisfy this requirement by examining each packet flow and
applying the information flow control policy to it.
applying the information flow control policy to it.
FDP_IFF.1
The TSFs IPSEC.3 and PACKETFILTER.1 satisfy this requirement by implementing the crypto map
function, which permits or deny a packet flow based on its source and destination IP address, and the
packetfilter function which is applied to TOE interfaces to implements the information flow control SFP
which defines the rules for packet filtering.
function, which permits or deny a packet flow based on its source and destination IP address, and the
packetfilter function which is applied to TOE interfaces to implements the information flow control SFP
which defines the rules for packet filtering.
FDP_UCT.1
The TSF IPSEC.2 satisfies this requirement by providing encryption of the IP datagram as defined by
ESP, thus providing confidentiality.
ESP, thus providing confidentiality.
FDP_UIT.1
The TSF IPSEC.2 satisfies this requirement by providing ESP which signs an IP datagram providing
integrity.
integrity.
FIA_UAU.2
The TSF CONFIG.2 satisfies this requirement by requiring users to undergo authentication before access
to its management interfaces is granted.
to its management interfaces is granted.
FIA_UAU.5
The TSF CONFIG.2 satisfies this requirement by requiring a username and password for user
authentication, and just an “enable” password for privileged administrator authentication.
authentication, and just an “enable” password for privileged administrator authentication.
FIA_UID.2
The TSF CONFIG.2 satisfies this requirement by requiring users to undergo identification before access
to its management interfaces is granted.
to its management interfaces is granted.
FMT_MOF.1
The TSF CONFIG.2 satisfies this requirement by allowing only the privileged administrator the right to
manage the functions that implement the information flow control SFP.
manage the functions that implement the information flow control SFP.
FMT_MSA.1
The TSF CONFIG.2 satisfies this requirement by allowing only the privileged administrator the right to
manage the configuration that implements the information flow control SFP.
manage the configuration that implements the information flow control SFP.
FMT_MSA.2
The TSFs IPSEC.1 and KEYMGT.1 satisfy this requirement in generating only secure cryptographic
keys i.e. those that are not weak or semi-weak.
keys i.e. those that are not weak or semi-weak.
FMT_MSA.3
The TSF CONFIG.2 satisfies this requirement by ensuring that restrictive default values are allocated to
security attributes for the Information Flow Control SFP, and allowing the privileged administrator to
alter the values from the default.
security attributes for the Information Flow Control SFP, and allowing the privileged administrator to
alter the values from the default.