Manualshelf

Specifications

ManualsBrandsCisco ManualsNetworkingCISCO881W-GN-A-K9
21222324252627282930
Cisco ISR-800 Security Target
25
3 SECURITY PROBLEM DEFINITION
This chapter identifies the following:
Significant assumptions about the TOE’s operational environment.
IT related threats to the organization countered by the TOE.
Environmental threats requiring controls to provide sufficient protection.
Organizational security policies for the TOE as appropriate.
This document identifies assumptions as A.assumption with “assumption” specifying a unique
name. Threats are identified as T.threat with “threat” specifying a unique name. Organizational
Security Policies (OSPs) are identified as P.osp with “osp” specifying a unique name.
3.1 Assumptions
The specific conditions listed in the following subsections are assumed to exist in the TOE’s
environment. These assumptions include both practical realities in the development of the TOE
security requirements and the essential environmental conditions on the use of the TOE.
Table 9 TOE Assumptions
Assumption
Assumption Definition
Reproduced from the U.S. Government Protection Profile for Security Requirements for Network Devices
A.NO_GENERAL_PURPOSE
It is assumed that there are no general-purpose computing capabilities (e.g.,
compilers or user applications) available on the TOE, other than those services
necessary for the operation, administration and support of the TOE.
A.PHYSICAL
Physical security, commensurate with the value of the TOE and the data it
contains, is assumed to be provided by the environment.
A.TRUSTED_ADMIN
TOE Administrators are trusted to follow and apply all administrator guidance
in a trusted manner.
Reproduced from U.S. Government Approved Protection Profile - Network Device Protection Profile
(NDPP) Extended Package VPN Gateway Version 1.1
A.CONNECTIONS
It is assumed that the TOE is connected to distinct networks in a manner that
ensures that the TOE security policies will be enforced on all applicable
network traffic flowing among the attached networks.
3.2 Threats
The following table lists the threats addressed by the TOE and the IT Environment. The
assumed level of expertise of the attacker for all the threats identified below is Enhanced-Basic.
Table 10 Threats
Threat
Threat Definition
Reproduced from the U.S. Government Protection Profile for Security Requirements for Network Devices