System information
Cisco Cat3K ST 6 June 2012
72
between the security requirements and the security objectives and the relationship
between the threats, policies and IT security objectives. The functional and assurance
requirements presented in this Security Target are mutually supportive and their
combination meets the stated security objectives.
Table 17: Assumptions/Threat/TOE Environment Objectives Mappings
A.NOEVIL
A.TRAIN_AUDIT
A.TRAIN_GUIADN
A.LOCATE
A.CONFIDENTIALITY
A.INTEROPERABILITY
A.LOWEXP
T.AUDIT_REVIEW
OE.AUDIT_REVIEW X X
OE.NOEVIL X
OE.TRAIN_GUIDAN X
OE.LOCATE X
OE.CONFIDENTIALITY X
OE.INTEROPERABILITY X
OE.LOWEXP X
Table 18: Assumptions/Threat/TOE Environment Objectives Rationale
Assumption Rationale
A.NOEVIL All authorized administrators are assumed not evil and will not
disrupt the operation of the TOE intentionally. The
OE.NOEVIL objective ensures that authorized administrators
are not evil and will follow and abide by the instructions
provided by the TOE documentation, including the
administrator guidance; however, they are capable of error.
A.TRAIN_GUIDAN Personnel will be trained in the appropriate use of the TOE to
ensure security and will refer to all administrative guidance to
ensure the correct operation of the TOE. The
OE.TRAIN_GUIDAN objective ensures that authorized
administrators will be trained in the appropriate use of the TOE
to ensure security and will refer to all administrative guidance
to ensure the correct operation of the TOE.
A.TRAIN_AUDIT Administrators will be trained to periodically review audit logs
to identify sources of concern. The OE.AUDIT_REVIEW