System information
Cisco Cat3K ST 6 June 2012
71
Threat/Organization Security Policy Rationale
O.CFG_MANAGE objective requires that the TOE will
provide management tools/applications for the administrator to
manage its security functions, reducing the possibility for error
.
The O.ACCESS_CONTROL objective ensures that only
authorized administrator have access to the TOE management
functions. The O.SELFPRO objective requires that the TOE
protect itself from attempts to bypass, deactivate, or tamper
with TOE security functions. The combination of these
objectives ensures the TOE provides the ability for only the
authorized administrator to gain access to and manage the
TOE.
T.UNAUTH_MGT_ACCESS An unauthorized user gains management access to the TOE
and views or changes the TOE security configuration. The
O.ACCESS_CONTROL objective restricts access to the TOE
management functions to authorized administrators. The
O.IDAUTH objective requires a user to enter a unique
identifier and authentication before management access is
granted. The O.STARTUP_TEST objective performs initial
tests upon system startup to ensure the integrity of the TOE
security configuration and operations. The O.SELFPRO
objective requires that the TOE protect itself from attempts to
bypass, deactivate, or tamper with TOE security functions.
T.TIME An authorized administrator will not be able to determine the
sequence of events in the audit trail because the audit records
are not correctly time-stamped.
Evidence of a compromise or malfunction of the TOE may go
unnoticed or not be properly traceable if recorded events are
not properly sequenced through application of correct
timestamps.The O.TIME objective mitigates this threat by
providing the accurate time to the TOE for use in the audit
records (O.AUDIT_GEN).
T.USER_DATA_REUSE User data that is temporarily retained by the TOE in the course
of processing network traffic could be inadvertently re-used in
sending network traffic to a destination other than intended by
the sender of the original network traffic.This threat is
countered by the security objective
O.RESIDUAL_INFORMATION_CLEARING so that data
traversing the TOE could inadvertently be sent to a user other
than that intended by the sender of the original network traffic.
P.ACCESS_BANNER This Organization Security Policy is addressed by the
organizational security policy O.DISPLAY_BANNER to
ensure an advisory notice and consent warning message
regarding unauthorized use of the TOE is displayed before the
session is established.
7.2 Rationale for the Security Objectives for the Environment
The security requirements are derived according to the general model presented in
Part 1 of the Common Criteria. Specifically, the tables below illustrate the mapping