Cisco Cisco IOS Software Release 12.4(4)T
3. TOE Security Environment
Document Organization
18
Version 1.0
3.2.3 Organization Security Policies
describes the organizational security policies relevant to the operation of the TOE.
T.AUDFUL
An unauthorized person may cause audit records
to be lost or prevent future records from being
recorded by taking actions to exhaust audit
storage capacity, thus masking an attackers
actions.
to be lost or prevent future records from being
recorded by taking actions to exhaust audit
storage capacity, thus masking an attackers
actions.
T.MODEXP
A skilled attacker with moderate attack potential
may attempt to bypass the TSF to gain access to
the TOE or the assets it protects.
may attempt to bypass the TSF to gain access to
the TOE or the assets it protects.
T.TUSAGE
The TOE may be inadvertently configured, used
and administered in a insecure manner by either
authorized or unauthorized persons
and administered in a insecure manner by either
authorized or unauthorized persons
Table 8
Threats Addressed by the TOE (continued)
Name
Description
Table 9
Organizational Security Policies
Name
Description
P.CRYPTO
Triple DES and AES encryption (as specified in
FIPS 46-3 [3]) must be used to protect remote
administration functions, and the associated
cryptographic module must comply, at a
minimum, with FIPS 140-1 (level 1).
FIPS 46-3 [3]) must be used to protect remote
administration functions, and the associated
cryptographic module must comply, at a
minimum, with FIPS 140-1 (level 1).