Cisco Cat4K NDPP ST
11 March 2014
EDCS-1228241
70
TOE SFRs
How the SFR is Met
allowed to flow for a given IPsec SA using the following
command, ‘crypto ipsec security-association lifetime’ as specified
for the evaluated configuration. The default amount is 2560KB,
which is the minimum configurable value. The maximum
configurable value is 4GB. However, the TOE is to be
configured to use a range between 100-200 MB as specified in the
SFR.
Other configuration options include rDSA algorithm for
implementing peer authentication as noted above, pre-shared keys
for authenticating IPsec connections can be 22 characters and be
composed of any combination of upper and lower case letters,
numbers, and special characters using the‘crypto isakmp key’ key
command and may be proposed by each of the peers negotiating
the IKE establishment. The TOE also supports both rekey and
response to rekeyed by the peer for phase 2 (IPSec) SA and the
approved configuration would have only HMAC-SHA1
configured within their IKE policy; no other hash functions will
then be considered. The TOE also supports Diffie-Hellman
Group 14 (2048-bit keys) in support of IKE Key Establishment.
FDP_RIP.2
The TOE ensures that packets transmitted from the TOE do not
contain residual information from previous packets. Packets that
are not the required length use zeros for padding. Residual data is
never transmitted from the TOE. Once packet handling is
completed its content is overwritten before memory buffer which
previously contained the packet is reused. This applies to both
data plane traffic and administrative session traffic.
FIA_PMG_EXT.1
The TOE supports the local definition of users with
corresponding passwords. The passwords can be composed of any
combination of upper and lower case letters, numbers, and special
characters (that include: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”,
“(“, and “)”. Minimum password length is settable by the
Authorized Administrator, and support passwords of 8 characters
or greater. Password composition rules specifying the types and
number of required characters that comprise the password are
settable by the Authorized Administrator. Passwords have a
maximum lifetime, configurable by the Authorized
Administrator. New passwords must contain a minimum of 4
character changes from the previous password.
FIA_UIA_EXT.1
The TOE requires all users to be successfully identified and
authenticated before allowing any TSF mediated actions to be
performed. Administrative access to the TOE is facilitated
through the TOE’s CLI. The TOE mediates all administrative
actions through the CLI. Once a potential administrative user
attempts to access the CLI of the TOE through either a directly