System information
Cisco Cat3K ST 6 June 2012
39
5.2.5.4 FMT_MSA.3(2) Static Attribute Initialization (Access Control)
FMT_MSA.3.1(2) The TSF shall enforce the [PRIVAC SFP], to provide
[restrictive] default values for security attributes that are used
to enforce the SFP.
FMT_MSA.3.2(2) The TSF shall allow the [privileged administrator] to specify
alternative initial values to override the default values when an
object or information is created.
5.2.5.5 FMT_MTD.1: Management of TSF data
FMT_MTD.1.1 The TSF shall restrict the ability to [modify] the [all TOE data] to
[privileged administrator, and semi-privileged administrator
with appropriate privileges].
5.2.5.6 FMT_SMF.1: Specification of Management Functions
FMT_SMF.1.1 The TSF shall be capable of performing the following management
functions: [
• Ability to manage the cryptographic functionality
• Ability to manage the audit logs and functions
• Ability to manage information flow control attributes
• Ability to manage routing tables
• Ability to manage security attributes belonging to
individual users
• Ability to manage the default values of the security
attributes
• Ability to manage the warning banner message and
content
• Ability to manage the time limits of session inactivity].
5.2.5.7 FMT_SMR.1: Security roles
FMT_SMR.1.1 The TSF shall maintain the following roles administrative
privilege levels and non-administrative access [0,
1(administrator), 15 (privileged administrator), custom levels
2-14 (semi-privileged administrator), non-administrative
access (neighbor routers)].
FMT_SMR.1.2 The TSF shall be able to associate users with roles administrative
privilege levels and non-administrative access.
Application note: The term “authorized administrator” is used in this ST to refer
to any user which has been granted rights equivalent to a privileged administrator
or semi-privileged administrator.