Cisco Cat4K NDPP ST
11 March 2014
EDCS-1228241
34
Assumption
Assumption Definition
those services necessary for the operation,
administration and support of the TOE.
A.PHYSICAL
Physical security, commensurate with the value of
the TOE and the data it contains, is assumed to be
provided by the environment.
A.TRUSTED_ADMIN
TOE Administrators are trusted to follow and
apply all administrator guidance in a trusted
manner.
3.5 Threats
The following table lists the threats addressed by the TOE and the IT Environment. The
assumed level of expertise of the attacker for all the threats identified below is Basic.
Table 11 Threats
Threat
Threat Definition
T.ADMIN_ERROR
An administrator may unintentionally install or
configure the TOE incorrectly, resulting in
ineffective security mechanisms.
T.RESOURCE_EXHAUSTION A process or user may deny access to TOE services
by exhausting critical resources on the TOE.
T.TSF_FAILURE
Security mechanisms of the TOE may fail, leading
to a compromise of the TSF.
T.UNDETECTED_ACTIONS
Malicious remote users or external IT entities may
take actions that adversely affect the security of the
TOE. These actions may remain undetected and
thus their effects cannot be effectively mitigated.
T.UNAUTHORIZED_ACCESS A user may gain unauthorized access to the TOE
data and TOE executable code. A malicious user,
process, or external IT entity may masquerade as an
authorized entity in order to gain unauthorized
access to data or TOE resources. A malicious user,
process, or external IT entity may misrepresent
itself as the TOE to obtain identification and
authentication data.
T.UNAUTHORIZED_UPDATE A malicious party attempts to supply the end user
with an update to the product that may compromise
the security features of the TOE.
T.USER_DATA_REUSE
User data may be inadvertently sent to a destination
not intended by the original sender.