System information
Cisco Cat3K ST 6 June 2012
35
which in turn correlates to the TOE interface that
received the packet;
• and the destination IP address in the information
(packet), correlates to connected network in the
routing table].
FDP_IFF.1.3(2) The TSF shall enforce the [none].
FDP_IFF.1.4(2) The TSF shall explicitly authorize an information flow based on
the following rules: [none].
FDP_IFF.1.5(2) The TSF shall explicitly deny an information flow based on the
following rules: [
a) The TOE shall reject requests for information flow when
any of the information security attribute values are
unambiguously denied by the information flow security
policy rules (ingress or egress ACLs) created by the
authorized administrator;
b) The TOE shall reject requests for information flow when
the information arrives on a TOE interface, and the
source IP in the information(packet) does not correlate
with the routing table to the ingress interface;
c) The TOE shall reject requests for access or services
where the source IP address is on a broadcast network;
d) The TOE shall reject requests for access or services
where the source IP address is on the loopback network.
e) The TOE shall drop requests in which the information
received by the TOE does not correspond to an entry in
the routing table].
5.2.3.7 FDP_IFC.1(3) Subset Information Flow Control – VACL
FDP_IFC.1.1(3) The TSF shall enforce the [VACL SFP] on: [
a) Controlled subjects: VLANs configured on the TOE;
b) Controlled information: Ethernet frames (with or
without IP packet headers)
c) Operation: forward, drop, capture (i.e. forward and
copy), or redirect the frames].
5.2.3.8 FDP_IFF.1(3) Simple Security Attributes - VACL
FDP_IFF.1.1(3) The TSF shall enforce the [VACL SFP] based on the following
types of subject and information security attributes: [