Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentASR 900 Series
21222324252627282930
Cisco Aggregation Services Router (ASR) 900 Series Security Target
Page 23 of 52
3 SECURITY PROBLEM DEFINITION
This chapter identifies the following:
Significant assumptions about the TOE’s operational environment.
IT related threats to the organization countered by the TOE.
Environmental threats requiring controls to provide sufficient protection.
Organizational security policies for the TOE as appropriate.
This document identifies assumptions as A.assumption with “assumption” specifying a unique
name. Threats are identified as T.threat with “threat” specifying a unique name. Organizational
Security Policies (OSPs) are identified as P.osp with “osp” specifying a unique name.
3.1 Assumptions
The specific conditions listed in the following subsections are assumed to exist in the TOE’s
environment. These assumptions include both practical realities in the development of the TOE
security requirements and the essential environmental conditions on the use of the TOE.
Table 13 TOE Assumptions
Assumption
Assumption Definition
A.NO_GENERAL_PURPOSE
It is assumed that there are no general-purpose computing capabilities (e.g.,
compilers or user applications) available on the TOE, other than those
services necessary for the operation, administration and support of the
TOE.
A.PHYSICAL
Physical security, commensurate with the value of the TOE and the data it
contains, is assumed to be provided by the environment.
A.TRUSTED_ADMIN
TOE Administrators are trusted to follow and apply all administrator
guidance in a trusted manner.
3.2 Threats
The following table lists the threats addressed by the TOE and the IT Environment. The
assumed level of expertise of the attacker for all the threats identified below is Enhanced-Basic.
Table 14 Threats
Threat
Threat Definition
T.ADMIN_ERROR
An administrator may unintentionally install or configure the TOE
incorrectly, resulting in ineffective security mechanisms.
T.TSF_FAILURE
Security mechanisms of the TOE may fail, leading to a compromise of
the TSF.
T.UNDETECTED_ACTIONS
Malicious remote users or external IT entities may take actions that
adversely affect the security of the TOE. These actions may remain
undetected and thus their effects cannot be effectively mitigated.