Cisco Cat4K NDPP ST
11 March 2014
EDCS-1228241
87
Objective
Rationale
FCS_COP.1(3) meet this objective by ensuring the
update was downloaded via secure communications, is
from a trusted source, and the update can be verified
by cryptographic mechanisms prior to installation.
O.SYSTEM_MONITORING
The SFRs, FAU_GEN.1, FAU_GEN.2,
FAU_STG_EXT.1, FAU_STG_EXT.3, FPT_STM.1
meet this objective by auditing actions on the TOE.
The audit records identify the user associated with the
action/event, whether the action/event was successful
or failed, the type of action/event, and the date/time the
action/event occurred. The audit logs are transmitted
securely to a remote syslog server. If connectivity to
the remote syslog server is lost, the TOE will block
new permit actions.
O.DISPLAY_BANNER
The SFR, FTA_TAB.1 meets this objective by
displaying an advisory notice and consent warning
message regarding unauthorized use of the TOE.
O.TOE_ADMINISTRATION
The SFRs, FIA_UIA_EXT.1, FIA_UAU_EXT.5,
FIA_UAU.6, FIA_UAU.7, FMT_MTD.1,
FMT_SMF.1, FMT_SFR.1, FPT_PTD.1(1),
FTA_SSL_EXT.1, FTA_SSL.3 meet this objective by
ensuring the TOE supports a password-based
authentication mechanism with password complexity
enforcement such as, strong passwords, password life-
time constraints, providing current password when
changing the password, obscured password feedback
when logging in, and passwords are not stored in
plaintext.
O.RESIDUAL_INFORMATION_
CLEARING
The SFR, FDP_RIP.2 meets this objective by ensuring
no left over user data from the previous transmission is
included in the network traffic.
O.RESOURCE_AVAILABILITY The SFR, FRU_RSA.1 meets this objective by limiting
the number of amount of exhaustible resources, such
the number of concurrent administrative sessions.
O.SESSION_LOCK
The SFRs, FTA_SSL_EXT.1, FTA_SSL.3 meet this
objective by terminating a session due to
meeting/exceeding the inactivity time limit.
O.TSF_SELF_TEST
The SFR, FPT_TST_EXT.1 meets this objective by
performing self-test to ensure the TOE is operating
correctly and all functions are available and enforced.