System information
Cisco Cat3K ST 6 June 2012
32
• CLI Commands
o Privilege Level– The privilege level that an
Authenticated Administrator must be
assigned in order to execute command(s))
o Password ( if password has been set for a
command or command set)].
FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an
operation among controlled subjects and controlled objects is
allowed: [
• Authenticated Administrators whose privilege
level includes the command, or has the command
password].
FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to
objects based on the following additional rules:
[Authenticated Administrators whose privilege level is set
to level 15].
FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects
based on the [none].
5.2.3.3 FDP_IFC.1(1) Subset Information Flow Control – VLAN
FDP_IFC.1.1(1) The TSF shall enforce the [VLAN SFP] on: [
a) Controlled subjects: Layer 2 ports (i.e. ports configured as
switch ports);
b) Controlled information: Ethernet Frames;
c) operation: permit or deny OSI Layer 2 (Data Link
Layer) communication].
5.2.3.4 FDP_IFF.1(1) Simple Security Attributes – VLAN
FDP_IFF.1.1(1) The TSF shall enforce the [VLAN SFP] based on the following
types of subject and information security attributes: [
a) security attributes of controlled subjects:
• Receiving/transmitting Layer 2 port identifier
(e.g. slot/port)
• VLAN assigned to the port
• PVLAN assigned to the port
b) security attributes of controlled inforamtion:
• VLAN tag in an Ethernet Frame Header].