Specifications
Cisco Aggregation Services Router (ASR) 901 Series Security Target
Page 46 of 50
TOE SFRs
How the SFR is Met
FTA_SSL_EXT.1 and
FTA_SSL.3
An Authorized Administrator can configure maximum inactivity times
individually for both local and remote administrative sessions through the use of
the “session-timeout” setting applied to the console and virtual terminal (vty)
lines.
The configuration of the vty lines sets the configuration for the remote console
access. The line console settings are not immediately activated for the current
session. The current line console session must be exited. When the user logs
back in, the inactivity timer will be activated for the new session. If a local user
session is inactive for a configured period of time, the session will be locked and
will require re-authentication to unlock the session. If a remote user session is
inactive for a configured period of time, the session will be terminated and will
require authentication to establish a new session.
Administratively configurable timeouts are also available for the EXEC level
access (access above level 1) through use of the “exec-timeout” setting.
FTA_SSL.4
An Authorized Administrator is able to exit out of both local and remote
administrative sessions.
FTA_TAB.1
Authorized administrators define a custom login banner that will be displayed at
the CLI (local and remote) prior to allowing Authorized Administrator access
through those interfaces.
FTP_ITC.1
The TOE protects communications with authorized IT entities with IPsec. This
protects the data from disclosure by encryption and by checksums that verify that
data has not been modified.
FTP_TRP.1
All remote administrative communications take place over a secure encrypted
SSHv2 session. The SSHv2 session is encrypted using AES encryption. The
remote users are able to initiate SSHv2 communications with the TOE.