Specifications

ManualsBrandsCisco ManualsComputer equipmentA9014CFD

Cisco Aggregation Services Router (ASR) 901 Series Security Target

Page 38 of 50

TOE SFRs

How the SFR is Met

functionality of the switch is affected. All notifications and information type

message can be sent to the syslog server, whereas message is only for information;

switch functionality is not affected.

To configure the TOE to send audit records to a syslog server, the ‘set logging

server’ command is used. A maximum of three syslog servers can be configured.

Refer to the Common Criteria Operational User Guidance and Preparative

Procedures for command description and usage information. The audit records are

transmitted using IPsec tunnel to the syslog server. If the communications to the

syslog server is lost, the TOE generates an audit record and all permit traffic is

denied until the communications is re-established.

The FIPS crypto tests performed during startup, the messages are displayed only

on the console. Once the box is up and operational and the crypto self-test

command is entered, then the messages would be displayed on the console and

will also be logged. For the TSF self-test, successful completion of the self-test is

indicated by reaching the log-on prompt. If there are issues, the applicable audit

record is generated and displayed on the console.

Auditable Event

Rationale

All use of the user

identification and

authentication

mechanism.

Events will be generated for

attempted identification/

authentication, and the

username attempting to

authenticate and the origin of

the attempt will be included in

the log record.

All use of the

authentication

mechanism.

Events will be generated for

attempted identification/

authentication, and the

username attempting to

authenticate will be included in

the log record, along with the

origin or source of the attempt.

Failure on invoking

cryptographic

functionality to include,

asymmetric key

generation, key

zeroization, cryptographic

signature, cryptographic

hashing, keyed-hash

message authentication

and Random Bit

Generation

The audit record will include the

default required information for

each of the failures when

triggered, no additional required

Detection of replay attacks

Attempts of replaying data

previously transmitted and

terminated at the TOE are logged,

along with the origin or source of

the attempt.