System information

Cisco Cat3K ST 6 June 2012

6 TOE SUMMARY SPECIFICATION

6.1 TOE Security Functional Requirement Measures

This section identifies and describes how the Security Functional Requirements identified

above are met by the TOE.

Table 14: How TOE SFRs are Met

TOE SFRs How the SFR is Met

FAU_GEN.1 The TOE generates an audit record whenever an audited event occurs. The

types of events that cause audit records to be generated include events related to

the enforcement of information flow policies, identification and authentication

related events, and administrative events (the specific events and the contents of

each audit record are listed in the table within the FAU_GEN.1 SFR, “Auditable

Events Table”). Each of the events is specified in the audit record is in enough

detail to identify the user for which the event is associated (e.g. user identity,

MAC address, IP address), when the event occurred, where the event occurred,

the outcome of the event, and the type of event that occurred. Additionally, the

startup and shutdown of the audit functionality is audited.

The audit trail consist of the individual audit records; one audit record for each

event that occurred. The audit record can contain up to 80 characters and a

percent sign (%), which follows the time-stamp information. As noted above,

the information includes [at least] all of the required information. Additional

information can be configured and included if desired. Refer to the Guidance

documentation for configuration syntax and information.

The logging buffer size can be configured from a range of 4096 (default) to

2147483647 bytes. It is noted, not make the buffer size too large because the

switch could run out of memory for other tasks. Use the show memory

privileged EXEC command to view the free processor memory on the switch.

However, this value is the maximum available, and the buffer size should not be

set to this amount. Refer to the Guidance documentation for configuration

syntax and information.

The administrator can also configure a ‘configuration logger’ to keep track of

configuration changes made with the command-line interface (CLI). The

administrator can configure the size of the configuration log from 1 to 1000

entries (the default is 100). Refer to the Guidance documentation for

configuration syntax and information.

The log buffer is circular, so newer messages overwrite older messages after the

buffer is full. Administrators are instructed to monitor the log buffer using the

show logging privileged EXEC command to view the audit records. The first

message displayed is the oldest message in the buffer. There are other

associated commands to clear the buffer, to set the logging level, etc; all of

which are described in the Guidance documents and IOS CLI.

The logs can be saved to flash memory so records are not lost in case of failures

or restarts. Refer to the Guidance documentation for configuration syntax and

information.