Specifications

Cisco Aggregation Services Router (ASR) 901 Series Security Target

Page 37 of 50

6 TOE SUMMARY SPECIFICATION

6.1 TOE Security Functional Requirement Measures

This chapter identifies and describes how the Security Functional Requirements identified above

are met by the TOE.

Table 19 How TOE SFRs Measures

TOE SFRs

How the SFR is Met

FAU_GEN.1

The TOE generates an audit record whenever an audited event occurs. The types

of events that cause audit records to be generated include identification and

authentication related events, and administrative events (the specific events and

the contents of each audit record are listed in the table within the FAU_GEN.1

SFR, “Auditable Events Table”). Each of the events is specified in the audit

record is in enough detail to identify the user for which the event is associated

(e.g. user identity, MAC address, IP address), when the event occurred, where the

event occurred, the outcome of the event, and the type of event that occurred.

Additionally, the startup and shutdown of the audit functionality is audited.

The audit trail consist of the individual audit records; one audit record for each

event that occurred. The audit record can contain up to 80 characters and a

percent sign (%), which follows the time-stamp information. As noted above, the

information includes [at least] all of the required information. Additional

information can be configured and included if desired. Refer to the Common

Criteria Operational User Guidance and Preparative Procedures for command

description and usage information.

The logging buffer size can be configured from a range of 4096 (default) up to

2147483647 bytes. It is noted, not make the buffer size too large because the

switch could run out of memory for other tasks. Use the show memory privileged

EXEC command to view the free processor memory on the switch. However, this

value is the maximum available, and the buffer size should not be set to this

amount. Refer to the Common Criteria Operational User Guidance and

Preparative Procedures for command description and usage information.

The log buffer is circular, so newer messages overwrite older messages after the

buffer is full. Administrators are instructed to monitor the log buffer using the

show logging privileged EXEC command to view the audit records. The first

message displayed is the oldest message in the buffer. There are other associated

commands to clear the buffer, to set the logging level, etc. Refer to the Common

Criteria Operational User Guidance and Preparative Procedures for command

description and usage information.

The logs can be saved to flash memory so records are not lost in case of failures or

restarts. Refer to the Common Criteria Operational User Guidance and

Preparative Procedures for command description and usage information.

The administrator can set the level of the audit records to be displayed on the

console or sent to the syslog server. For instance all emergency, alerts, critical,

errors, and warning message can be sent to the console alerting the administrator

that some action needs to be taken as these types of messages mean that the