Cisco Cat4K NDPP ST
11 March 2014
EDCS-1228241
62
TOE SFRs
How the SFR is Met
and failure related to trusted
channel sessions with
peer/neighbor routers and or
the remote administration
console
FAU_GEN.2
The TOE shall ensure that each auditable event is associated with
the user that triggered the event and as a result, they are traceable
to a specific user. For example, a human user, user identity or
related session ID would be included in the audit record. For an
IT entity or device, the IP address, MAC address, host name, or
other configured identification is presented. Refer to the
Guidance documentation for configuration syntax and
information.
FAU_STG_EXT.1
and
FAU_STG_EXT.3
The TOE is configured to export syslog records to a specified,
external syslog server. The TOE protects communications with an
external syslog server via IPsec. If the IPsec connection fails, the
TOE will store audit records on the TOE when it discovers it can
no longer communicate with its configured syslog server.
FCS_CKM.1
The TOE implements a random number generator for RSA key
establishment schemes (conformant to NIST SP 800-56B). The
TOE is also compliant to ANSI X9.80 (3 January 2000), “Prime
Number Generation, Primality Testing, and Primality
Certificates” using random integers with deterministic tests.
Furthermore, the TOE does not implement elliptic-curve-based
key establishment schemes.
FCS_CKM_EXT.4
9
The TOE meets all requirements specified in FIPS 140-2 for
destruction of keys and Critical Security Parameters (CSPs) in
that none of the symmetric keys, pre-shared keys, or private keys
are stored in plaintext form. This requirement applies to the
secret keys used for symmetric encryption, private keys, and
CSPs used to generate key (list them); which are zeroized
immediately after use, or on system shutdown, etc.
The cryptographic module securely administers both
cryptographic keys and other critical security parameters such as
passwords. The tamper evidence seals provide physical protection
for all keys. All keys are also protected by the password-
protection required by the privileged administrator role login, and
can be zeroized by the privileged administrator. All zeroization
consists of overwriting the memory that stored the key. Keys are
9
Note, the following information may be deemed sensitive and may be removed prior to publically posting
this Security Target.