System information
Cisco Cat3K ST 6 June 2012
70
Table 16: Threat/Organizing Security Policy/TOE and TOE Environment Objectives Rationale
Threat/Organization Security Policy Rationale
T.AUDIT_REVIEW Actions performed by users may not be known to the
administrators due to actions not being recorded locally or
remotely in a manner suitable for allow interpretation of the
messages.
The O.AUDIT_GEN objective requires that the TOE generate
audit records. The O.AUDIT_VIEW requires the TOE to
provide the Authorized administrator with the capability to
view Audit data. These two objectives provide complete TOE
coverage of the threat. The OE.AUDIT_REVIEW objective on
the environment assists in covering this threat on the TOE by
requiring that the administrator periodically check the audit
record, and/or to configure the TOE to transmit audit records to
a remote syslog server.
T.AUTHADMIN A semi-privileged administrator may configure the system in
an insecure manner (on purpose or accidentally) resulting in an
insecure configuration setting on the TOE. The
O.CFG_MANAGE objective requires that the TOE will
provide management tools/applications for the administrator to
manage its security functions, reducing the possibility for error.
The O.ACCESS_CONTROL and O.ADMIN_ROLE
objectives ensures that only authorized administrator, with the
proper privilege level have access to the TOE management
functions. The O.SELFPRO objective requires that the TOE
protect itself from attempts to bypass, deactivate, or tamper
with TOE security functions. The combination of these
objectives ensures the TOE provides the ability for only the
authorized administrator, with the proper privilege level to gain
access to and manage the TOE.
T.MEDIATE An unauthorized entity may send impermissible information
through the TOE which results in the exploitation of resources
on the network. The O.MEDIATE security objective requires
that all information that passes through the network is mediated
by the TOE.
T.NOAUDIT An unauthorized user modifies or destroys audit data. The
O.AUDIT_VIEW objective requires that the TOE will provide
only the authorized administrator the capability to review and
clear the audit data.
T.NOAUTH An unauthorized person may attempt to bypass the security of
the TOE so as to access and use security functions and/or non-
security functions provided by the TOE to disrupt operations of
the TOE. The O.SELFPRO objective requires that the TOE
protect itself from attempts to bypass, deactivate, or tamper
with TOE security functions. The O.ACCESS_CONTROL
objective ensures that only authorized administrator have
access to the TOE management functions.
T.NOMGT The administrator is not able to manage the security functions
of the TOE, resulting in the potential for the TOE configuration
to compromise security objectives and policies. The