System information
Cisco Cat3K ST 6 June 2012
31
FCS_SSH_EXT.1.5 The TSF shall ensure that, as described in RFC 4253, packets
greater than 35,000 bytes in an SSH transport connection are
dropped.
FCS_SSH_EXT.1.6 The TSF shall ensure that the SSH transport implementation
uses the following encryption algorithms AES-CBC-128,
AES-CBC-256.
FCS_SSH_EXT.1.7 The TSF shall ensure that the SSH transport implementation
uses SSH_RSA and [no other public key algorithms,] as its
public key algorithm(s).
FCS_SSH_EXT.1.8 The TSF shall ensure that data integrity algorithms used in
the SSH transport connection is hmac-sha1, hmac-sha1-96,
hmac-md5.
FCS_SSH_EXT.1.9 The TSF shall ensure that diffie-hellman-group14-sha1 is the
only allowed key exchange method used for the SSH
protocol.
5.2.3 User data protection (FDP)
5.2.3.1 FDP_ACC.2 Complete access control (PRIVAC)
FDP_ACC.2.1 The TSF shall enforce the [Privileged Based Access
Control SFP] on [Subjects: Authenticated
Administrators; Objects: CLI Commands] and all
operations among subjects and objects covered by the SFP.
FDP_ACC.2.2 The TSF shall ensure that all operations between any subject
controlled by the TSF and any object controlled by the TSF
are covered by an access control SFP.
5.2.3.2 FDP_ACF.1 Security attribute based access control (PRIVAC)
FDP_ACF.1.1 The TSF shall enforce the [Privileged Based Access
Control SFP] to objects based on the following: [
Subject security attributes:
• Authenticated Administrators:
o User Identity (identity of the
administrator)
o Privilege Levels – (the set of privilege levels
assigned to the Authenticated
Administrator.
Object security attributes: