Specifications
Cisco ISR-800 Security Target
39
FCS_SSH_EXT.1.6 The TSF shall ensure that data integrity algorithms used in SSH transport
connection is [hmac-sha1, hmac-sha1-96].
FCS_SSH_EXT.1.7 The TSF shall ensure that diffie-hellman-group14-sha1 and [no other
methods] are the only allowed key exchange methods used for the SSH protocol.
5.3.3 User data protection (FDP)
5.3.3.1 FDP_RIP.2 Full Residual Information Protection
FDP_RIP.2.1 The TSF shall ensure that any previous information content of a resource is made
unavailable upon the [deallocation of the resource from] all objects.
5.3.4 Identification and authentication (FIA)
5.3.4.1 FIA_AFL.1 Authentication Failure Handling
FIA_AFL.1.1 Refinement: The TSF shall detect when an Administrator configurable
positive integer of successive unsuccessful authentication attempts occur related to
administrators attempting to authenticate remotely.
FIA_AFL.1.2 When the defined number of unsuccessful authentication attempts has been met,
the TSF shall [prevent the offending remote administrator from successfully authenticating until
[an authorized administrator unlocks the locked user account] is taken by a local Administrator.]
5.3.4.2 FIA_PMG_EXT.1 Password Management
FIA_PMG_EXT.1.1 The TSF shall provide the following password management capabilities
for administrative passwords:
1. Passwords shall be able to be composed of any combination of upper and lower case
letters, numbers, and the following special characters: [“!”, “@”, “#”, “$”, “%”, “^”,
“&”, “*”, “(“, “)”, [no other characters]];
2. Minimum password length shall settable by the Security Administrator, and support
passwords of 15 characters or greater;
5.3.4.3 FIA_PSK_EXT.1 Extended: Pre-Shared Key Composition
FIA_PSK_EXT.1.1 The TSF shall be able to use pre-shared keys for IPsec and [no other
protocols].
FIA_PSK_EXT.1.2 The TSF shall be able to accept text-based pre-shared keys that:
• are 22 characters and [any combination of alphanumeric or special characters up to 128
bytes];