Specifications

ManualsBrandsCisco ManualsComputer equipmentASR 900 Series

Cisco Aggregation Services Router (ASR) 900 Series Security Target

Page 41 of 52

TOE SFRs

How the SFR is Met

Changes to the time.

Changes to the time are logged,

including the old and new

values for the time along with

the origin of the attempt

Updates

An audit record will be

generated on the initiation of

updates (software/firmware)

Failure to establish

and/or

establishment/failure of

an IPsec session

Attempts to establish an IPsec

session or the failure of an

established IPsec is logged.

Attempts at unlocking

interactive sessions

Any attempt to unlock an

inactive sessions is logged

Termination of a remote

session by locking the

session

When a session is locked, the

session is terminated, thus

generating an audit record

Indication that TSF self-

test was completed.

During boot-up, if the self-test

fails, the failure is logged.

Trusted channels

The initiation, termination, and

failure related to trusted

channel sessions with the

remote administration console,

syslog server, remote

authentication server and if

connected the NTP server. The

initiator and the target of the

trusted channel is identified

and included in the audit

record.

FAU_GEN.2

The TOE shall ensure that each auditable event is associated with the user that

triggered the event and as a result, they are traceable to a specific user. For

example, a human user, user identity or related session ID would be included in

the audit record. For an IT entity or device, the IP address, MAC address, host

name, or other configured identification is presented. Refer to the Common

Criteria Operational User Guidance and Preparative Procedures for command

description and usage information.

FAU_STG_EXT.1

The TOE is configured to export syslog records to a specified, external syslog

server. The TOE also stores a limited set of audit records locally on the TOE, and

continues to do so if the communication with the syslog server goes down.

The TOE protects communications with an external syslog server via IPsec. The

TOE transmits its audit events to all configured syslog servers at the same time

logs are written to the local log buffer and to the console.

The TOE is capable of detecting when the IPsec connection fails. If the IPsec

connection fails, the TOE will buffer the audit records on the TOE when it