Cisco Cat4K NDPP ST
11 March 2014
EDCS-1228241
72
TOE SFRs
How the SFR is Met
management, though must be in privilege EXEC mode to perform
the function. When the System Administrator (level 15) attempts
to change their own password, the TOE will enforce the password
expiration policy at which time the System Administrator (level
15) will be required to enter their current password prior to
entering a new password. See the Cisco Catalyst 4500 Series
Switches (4503-E, 4506-E, 4507R+E, 4510R+E, 4500X and
4500X-F) Running IOS-XE 3.5.2E Common Criteria Operational
User Guidance and Preparative Procedures for details and
configuration settings.
FIA_UAU.7
When a user enters their password at the local console, the TOE
displays only ‘*’ characters so that the user password is obscured.
For remote session authentication, the TOE does not echo any
characters as they are entered.
FMT_MTD.1
The TOE provides the ability for authorized administrators to
access TOE data, such as audit data, configuration data, security
attributes, information flow rules, routing tables, and session
thresholds. Each of the predefined and administratively
configured privilege level has a specified set of permissions that
will grant them some level of access to the TOE data, though with
some privilege levels, the access is limited. The TOE performs
role-based authorization, using TOE platform authorization
mechanisms, to grant access to the semi-privileged and privileged
roles. The term “authorized administrator” is used in this ST to
refer to any user which has been assigned to a privilege level that
is permitted to perform the relevant action; therefore has the
appropriate privileges to perform the requested functions.
FMT_SMF.1
The TOE provides all the capabilities necessary to securely
manage the TOE. The administrative user can connect to the
TOE using the CLI to perform these functions via SSHv2, a
terminal server, or at the local console. Refer to the Guidance
documentation for configuration syntax, commands, and
information related to each of these functions.
The management functionality provided by the TOE include the
following administrative functions:
Ability to manage the cryptographic functionality -
allows the authorized administrator the ability to identify
and configure the algorithms used to provide protection
of the data, such as generating the RSA keys to enable
SSHv2, configuration of routing protocols, and if used
the configuration of remote authentication
Ability to manage the audit logs and functions - allows
the authorized administrator to configure the audit logs,
view the audit logs, and to clear the audit logs