Specifications
Security Target Version 1.0 9/29/2014
81
8.1.1.1 P.ACCESS_BANNER
The TOE shall display an initial banner describing restrictions of use, legal agreements, or any other
appropriate information to which users consent by accessing the TOE.
This Organizational Policy is satisfied by ensuring that:
• O.DISPLAY_BANNER: Satisfies this policy by ensuring that the TOE displays an Authorized
Administrator configurable banner that provides all users with a warning about the unauthorized use of the
TOE.
8.1.1.2 P.ACCOUNTABILITY
The authorized users of the TOE shall be held accountable for their actions within the TOE.
This Organizational Policy is satisfied by ensuring that:
• O.ROBUST_TOE_ACCESS: Supports this policy by requiring the TOE to identify and authenticate all
administrators prior to allowing any TOE access or any TOE mediated access on behalf of those
administrators.
• O.SYSTEM_MONITORING: Supports this policy by providing the administrator with the capability of
configuring the audit mechanism to record the actions of a specific user, or review the audit trail based on
the identity of the user.
• O.TIME_STAMPS: Plays a role in supporting this policy by requiring the TOE to provide a reliable time
stamp. This will be used when audit records are generated, allowing administrators to tie auditable actions
to the time those actions took place, perhaps on disparate systems. This ability aids in proving
accountability for users whose actions cause those audit records to be generated.
8.1.1.3 P.ADMIN_ACCESS
Administrators shall be able to administer the TOE both locally and remotely through protected
communications channels.
This Organizational Policy is satisfied by ensuring that:
• O.CRYPTOGRAPHIC_FUNCTIONS: Contributes to mitigating this threat by providing the underlying
cryptographic functionality required by other protection mechanisms.
• O.PROTECTED_COMMUNICATIONS: Contributes to mitigating this threat by ensuring protection of the
communication between the TOE and authorized administrator while transmitting data.
• O.TOE_ADMINISTRATION: Supports this policy by requiring the TOE to provide mechanisms (e.g.,
local authentication, remote authentication, means to configure and manage the TOE both remotely and
locally) that allow remote and local administration of the TOE.
8.1.1.4 P.COMPATIBILITY
The TOE must meet Request for Comments (RFC) requirements for implemented protocols to facilitate
inter-operation with other network equipment (e.g., certificate authority, NTP server) using the same
protocols.
This Organizational Policy is satisfied by ensuring that:
• O.PROTOCOLS: Satisfies this policy by requiring that standardized protocols are implemented in the TOE
to ensure interoperability among IT entities using the same protocols.
8.1.1.5 P.EXTERNAL_SERVERS
The TOE must support standardized (RFCs) protocols for communication with a centralized audit server
and a RADIUS authentication server.
This Organizational Policy is satisfied by ensuring that:
• O.PROTOCOLS: Satisfies the policy by ensuring that the TOE can communicate with an external audit
server and RADIUS authentication server, even when auditing and authentication are also provided locally.