Specifications

Cisco Aggregation Services Router (ASR) 901 Series Security Target
Page 45 of 50
TOE SFRs
How the SFR is Met
FPT_APW_EXT.2
encrypt all locally defined user passwords. In this manner, the TOE ensures that
plaintext user passwords will not be disclosed even to administrators. The
command is the password encryption aes command used in global configuration
mode. The TOE can also be configured to not display configured keys as part of
configuration files using the ‘hidekeys’ command.
The command service password-encryption applies encryption to all passwords,
including username passwords, authentication key passwords, the privileged
command password, console and virtual terminal line access passwords. This
ensures that plaintext user passwords will not be disclosed even to administrators.
The TOE stores all private keys in a secure directory that is not readily accessible to
administrators; hence no interface access. Additional, all pre-shared and symmetric
keys are stored in encrypted form to prevent access.
Refer to the Common Criteria Operational User Guidance and Preparative
Procedures for command description and usage information.
FPT_STM.1
The TOE provides a source of date and time information used in audit event
timestamps. The clock function is reliant on the system clock provided by the
underlying hardware. The TOE can optionally be set to receive clock updates
from an NTP server. This date and time is used as the time stamp that is applied
to TOE generated audit records and used to track inactivity of administrative
sessions.
FPT_TUD_EXT.1
Authorized Administrator can query the software version running on the TOE, and
can initiate updates to (replacements of) software images. When software updates
are made available by Cisco, an administrator can obtain, verify the integrity of,
and install those updates. The updates can be downloaded from the
software.Cisco.com. The TOE image files are digitally signed so their integrity
can be verified during the boot process, and an image that fails an integrity check
will not be loaded.
FPT_TST_EXT.1
As a FIPS 140-2 validated product, the TOE runs a suite of self-tests during initial
start-up to verify its correct operation. If any of the tests fail, the Authorized
Administrator will have to log into the CLI to determine which test failed and why.
During the system bootup process (power on or reboot), all the Power on Startup
Test (POST) components for all the cryptographic modules perform the POST for
the corresponding component (hardware or software). Refer to the FIPS Security
Policy for available options and management of the cryptographic self-test.
The Software Integrity Test is run automatically whenever the IOS system images is
loaded and confirms through use of digital signature verification that the image file
that’s about to be loaded was properly signed and has maintained its integrity since
being signed. The system image is digitally signed by Cisco prior to being made
available for download from CCO.