System information
Cisco Cat3K ST 6 June 2012
22
Threat Threat Definition
T.NOAUTH An unauthorized person may attempt to bypass the security of the TOE
so as to access and use security functions and/or non-security functions
provided by the TOE to disrupt operations of the TOE.
T.NOMGT The administrator is not able to manage the security functions of the
TOE, resulting in the potential for the TOE configuration to compromise
security objectives and policies.
T.UNAUTH_MGT_ACCESS An unauthorized user gains management access to the TOE and views or
changes the TOE security configuration.
T.TIME Evidence of a compromise or malfunction of the TOE may go unnoticed
or not be properly traceable if recorded events are not properly
sequenced through application of correct timestamps.
T.USER_DATA_REUSE User data that is temporarily retained by the TOE in the course of
processing network traffic could be inadvertently re-used in sending
network traffic to a destination other than intended by the sender of the
original network traffic.
3.3 Organizational Security Policies
An organizational security policy is a set of rules, practices, and procedures imposed by
an organization to address its security needs.
Table 6 Organizational Security Policies
Policy Name Policy Definition
P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions of use,
legal agreements, or any other appropriate information to which users
consent by accessing the TOE.