Specifications

Cisco Aggregation Services Router (ASR) 901 Series Security Target

Page 32 of 50

FIA_PSK_EXT.1.3 The TSF shall condition the text-based pre-shared keys by using [AES] and

be able to [accept bit-based pre-shared keys].

5.2.4.3 FIA_UIA_EXT.1 User Identification and Authentication

FIA_UIA_EXT.1.1 The TSF shall allow the following actions prior to requiring the non-TOE

entity to initiate the identification and authentication process:

 Display the warning banner in accordance with FTA_TAB.1;

 [no other services].

FIA_UIA_EXT.1.2 The TSF shall require each administrative user to be successfully

identified and authenticated before allowing any other TSF-mediated action on behalf of that

administrative user.

5.2.4.4 FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism

FIA_UAU_EXT.2.1 The TSF shall provide a local password-based authentication mechanism,

[none] to perform administrative user authentication.

5.2.4.5 FIA_UAU.7 Protected Authentication Feedback

FIA_UAU.7.1 The TSF shall provide only obscured feedback to the administrative user while

the authentication is in progress at the local console.

5.2.5 Security management (FMT)

5.2.5.1 FMT_MTD.1 Management of TSF Data (for general TSF data)

FMT_MTD.1.1 The TSF shall restrict the ability to manage the TSF data to the Security

Administrators.

5.2.5.2 FMT_SMF.1 Specification of Management Functions

FMT_SMF.1.1 The TSF shall be capable of performing the following management functions:

 Ability to administer the TOE locally and remotely;

 Ability to update the TOE, and to verify the updates using [digital signature] capability

prior to installing those updates;

o [Ability to configure the cryptographic functionality].