Specifications
Cisco Aggregation Services Router (ASR) 901 Series Security Target
Page 34 of 50
5.2.7 TOE Access (FTA)
5.2.7.1 FTA_SSL_EXT.1 TSF-initiated Session Locking
FTA_SSL_EXT.1.1 The TSF shall, for local interactive sessions, [
ï‚· terminate the session]
after a Security Administrator-specified time period of inactivity.
5.2.7.2 FTA_SSL.3 TSF-initiated Termination
FTA_SSL.3.1 Refinement: The TSF shall terminate a remote interactive session after a
[Security Administrator-configurable time interval of session inactivity].
5.2.7.3 FTA_SSL.4 User-initiated Termination
FTA_SSL.4.1 The TSF shall allow Administrator-initiated termination of the Administrator’s
own interactive session.
5.2.7.4 FTA_TAB.1 Default TOE Access Banners
FTA_TAB.1.1 Refinement: Before establishing an administrative user session the TSF shall
display a Security Administrator-specified advisory notice and consent warning message
regarding use of the TOE.
5.2.1 Trusted Path/Channels (FTP)
5.2.1.1 FTP_ITC.1 Inter-TSF trusted channel
FTP_ITC.1.1 Refinement: The TSF shall use [IPsec] to provide a trusted communication
channel between itself and authorized IT entities supporting the following capabilities: audit
server, [authentication server] that is logically distinct from other communication channels and
provides assured identification of its end points and protection of the channel data from
disclosure and detection of modification of the channel data.
FTP_ITC.1.2 The TSF shall permit the TSF, or the authorized IT entities to initiate
communication via the trusted channel.
FTP_ ITC.1.3 The TSF shall initiate communication via the trusted channel for [remote
authentication with RADIUS and TACACS+ servers (over IPsec), audit storage with syslog
server (over IPsec) and time synchronization with NTP server (over IPsec)].