Specifications
Cisco ISR-800 Security Target
35
SFR
Auditable Event
Additional Audit Record Contents
Failure of the trusted channel functions.
FTP_TRP.1
Initiation of the trusted channel.
Identification of the claimed user identity.
Termination of the trusted channel.
Failures of the trusted path functions
5.3.1.2 FAU_GEN.2 User Identity Association
FAU_GEN.2.1 For audit events resulting from actions of identified users, the TSF shall be able
to associate each auditable event with the identity of the user that caused the event.
5.3.1.3 FAU_STG_EXT.1 External Audit Trail Storage
FAU_STG_EXT.1.1 The TSF shall be able to [transmit the generated audit data to an external
IT entity] using a trusted channel implementing the [IPsec] protocol.
5.3.2 Cryptographic Support (FCS)
5.3.2.1 FCS_CKM.1(1) Cryptographic Key Generation (for asymmetric keys)
FCS_CKM.1.1(1) Refinement: The TSF shall generate asymmetric cryptographic keys used
for key establishment in accordance with [
• NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment
Schemes Using Discrete Logarithm Cryptography” for elliptic curve-based key
establishment schemes and implementing “NIST curves” P-256, P-384 and [no other
curves] (as defined in FIPS PUB 186-3, “Digital Signature Standard”)
• NIST Special Publication 800-56B, “Recommendation for Pair-Wise Key Establishment
Schemes Using Integer Factorization Cryptography” for RSA-based key establishment
schemes ]
and specified cryptographic key sizes equivalent to, or greater than, a symmetric key strength of
112 bits.
5.3.2.2 FCS_CKM.1(2) Cryptographic Key Generation (for asymmetric keys)
FCS_CKM.1.2 Refinement: The TSF shall generate asymmetric cryptographic keys used for
IKE peer authentication in accordance with a:[
• FIPS PUB 186-3, “Digital Signature Standard (DSS)”, Appendix B.3 for RSA schemes;