Specifications
Cisco Aggregation Services Router (ASR) 900 Series Security Target
Page 30 of 52
SFR
Auditable Event
Additional Audit Record Contents
FPT_STM.1
Changes to the time.
The old and new values for the time.
Origin of the attempt (e.g., IP
address).
FPT_TUD_EXT.1
Initiation of update.
No additional information.
FPT_TST_EXT.1
None.
None.
FTA_SSL_EXT.1
Any attempts at unlocking of an
interactive session.
No additional information.
FTA_SSL.3
The termination of a remote session
by the session locking mechanism.
No additional information.
FTA_SSL.4
The termination of an interactive
session.
No additional information.
FTA_TAB.1
None.
None.
FTP_ITC.1
Initiation of the trusted channel.
Termination of the trusted channel.
Failure of the trusted channel
functions.
Identification of the initiator and
target of failed trusted channels
establishment attempt
FTP_TRP.1
Initiation of the trusted channel.
Termination of the trusted channel.
Failures of the trusted path functions.
Identification of the claimed user
identity.
5.2.1.2 FAU_GEN.2 User Identity Association
FAU_GEN.2.1 For audit events resulting from actions of identified users, the TSF shall be able
to associate each auditable event with the identity of the user that caused the event.
5.2.1.3 FAU_STG_EXT.1 External Audit Trail Storage
FAU_STG_EXT.1.1 The TSF shall be able to [transmit the generated audit data to an external
IT entity] using a trusted channel implementing the [IPsec] protocol.
5.2.2 Cryptographic Support (FCS)
5.2.2.1 FCS_CKM.1 Cryptographic Key Generation (for asymmetric keys)
FCS_CKM.1.1 Refinement: The TSF shall generate asymmetric cryptographic keys used for
key establishment in accordance with
[NIST Special Publication 800-56B, “Recommendation for Pair-Wise Key Establishment
Schemes Using Integer Factorization Cryptography” for RSA-based key establishment schemes]
and specified cryptographic key sizes equivalent to, or greater than, a symmetric key strength of