System information
Cisco Cat3K ST 6 June 2012
37
VACLs (but can be checked via ACLs defined in
FDP_IFF.1(2))].
FDP_IFF.1.5(3) The TSF shall explicitly deny an information flow based on the
following rules: [the source MAC address is explicitly denied
in a specified VLAN through use of the ‘mac-address-table
static’ command with the keyword ‘drop’].
5.2.3.9 FDP_RIP.2: Full residual information protection
FDP_RIP.2.1 The TSF shall ensure that any previous information content of a
resource is made unavailable upon the [allocation of the resource
to] all objects.
5.2.4 Identification and authentication (FIA)
5.2.4.1 FIA_ATD.1: User attribute definition
FIA_ATD.1.1 The TSF shall maintain the following list of security attributes
belonging to individual users: [
• Interactive (human) users:
o user identity;
o privilege levels; and
o password
• Neighbor Routers:
o IP address; and
o password].
5.2.4.2 FIA_UAU.2: User identification before any action
FIA_UAU.2.1 The TSF shall require each user to be successfully authenticated
before allowing any other TSF-mediated actions on behalf of that
user.
5.2.4.3 FIA_UAU.5: Password-based authentication mechanism
FIA_UAU.5.1 The TSF shall provide [local password-based authentication,
remote password-based authentication via RADIUS and
TACACS+, and neighbor router authentication] to support user
authentication.
FIA_UAU.5.2 The TSF shall authenticate any user's claimed identity according to
the [administratively-defined sequence in which authentication
mechanisms should be used].