Cisco Cat4K NDPP ST
11 March 2014
EDCS-1228241
82
Table 22: Threat/Policies/TOE Objectives Rationale
Objective
Rationale
Security Objectives Drawn from NDPP
O.PROTECTED_COMMUNICATIONS
This security objective is necessary to counter
the threat: T.UNAUTHORIZED_ACCESS
and T.UNAUTHORIZED_UPDATE to
ensure the communications with the TOE is
not compromised.
O.VERIFIABLE_UPDATES
This security objective is necessary to counter
the threat T.UNAUTHORIZED_UPDATE to
ensure the end user has not installed a
malicious update, thinking that it was
legitimate.
O.SYSTEM_MONITORING
This security objective is necessary to counter
the T.UNDETECTED_ACTIONS to ensure
activity is monitored so the security of the
TOE is not compromised.
O.DISPLAY_BANNER
This security objective is necessary to address
the Organization Security Policy
P.ACCESS_BANNER to ensure an advisory
notice and consent warning message
regarding unauthorized use of the TOE is
displayed before the session is established.
O.TOE_ADMINISTRATION
This security objective is necessary to counter
the T.ADMIN_ERROR that ensures actions
performed on the TOE are logged so that
indications of a failure or compromise of a
TOE security mechanism are known and
corrective actions can be taken.
O.RESIDUAL_INFORMATION_CLEA
RING
This security objective is necessary to counter
the threat T.USER_DATA_REUSE so that
data traversing the TOE could inadvertently
be sent to a user other than that intended by
the sender of the original network traffic.
O.RESOURCE_AVAILABILITY
This security objective is necessary to counter
the threat: T.RESOURCE_EXHAUSTION to
mitigate a denial of service, thus ensuring
resources are available.
O.SESSION_LOCK
This security objective is necessary to counter
the threat: T.UNAUTHORIZED_ACCESS to