System information
Cisco Cat3K ST 6 June 2012
38
5.2.4.4 FIA_UAU.7: Protected authentication feedback
FIA_UAU.7.1 The TSF shall provide only
[no feedback, nor any locally visible
representation of the user-entered password] to the user while the
authentication is in progress.
5.2.4.5 FIA_UID.2 User identification before any action
FIA_UID.2.1 The TSF shall require each user to be successfully identified before
allowing any other TSF-mediated actions on behalf of that user.
5.2.5 Security management (FMT)
5.2.5.1 FMT_MOF.1 Management of Security Functions Behavior
FMT_MOF.1.1 The TSF shall restrict the ability to [determine the behavior of] the
functions [
• Audit trail (create, delete, review)
• Network traffic (information flow) rules (create, delete,
modify, and view)
• Routing tables (create, modify, delete)
• Session inactivity (set, modify threshold limits)
• Time determination (set, change date/timestamp)
• TSF self test (TOE and cryptographic module)] to
[privileged administrator, and semi-privileged
administrator with appropriate privileges].
5.2.5.2 FMT_MSA.2 Secure Security Attributes
FMT_MSA.2.1 The TSF shall ensure that only secure values are accepted for
[security attributes that are considered in the VLAN SFP,
VACL SFP, ACL SFP, and PRIVAC SFP].
5.2.5.3 FMT_MSA.3(1) Static Attribute Initialization (Traffic Flow)
FMT_MSA.3.1(1) The TSF shall enforce the [VLAN SFP, VACL SFP, and
ACL SFP], to provide [permissive] default values for security
attributes that are used to enforce the SFP.
FMT_MSA.3.2(1) The TSF shall allow the [privileged administrator, and semi-
privileged administrator with appropriate privileges] to
specify alternative initial values to override the default values
when an object or information is created.