Specifications

Cisco ISR-800 Security Target

5.3.5.4 FMT_SMR.2 Restrictions on Security Roles

FMT_SMR.2.1 The TSF shall maintain the roles:

• Authorized Administrator.

FMT_SMR.2.2 The TSF shall be able to associate users with roles.

FMT_SMR.2.3 The TSF shall ensure that the conditions

• Authorized Administrator role shall be able to administer the TOE locally;

• Authorized Administrator role shall be able to administer the TOE remotely;

are satisfied.

5.3.6 Packet Filtering (FPF)

5.3.6.1 FPF_RUL_EXT.1 Packet Filtering

FPF_RUL_EXT.1.1 The TSF shall perform Packet Filtering on network packets processed by

the TOE.

FPF_RUL_EXT.1.2 The TSF shall process the following network traffic protocols:

• Internet Protocol (IPv4)

• Internet Protocol version 6 (IPv6)

• Transmission Control Protocol (TCP)

• User Datagram Protocol (UDP)

and be capable of inspecting network packet header fields defined by the following RFCs to the

extent mandated in the other elements of this SFR

• RFC 791 (IPv4)

• RFC 2460 (IPv6)

• RFC 793 (TCP)

• RFC 768 (UDP).

FPF_RUL_EXT.1.3 The TSF shall allow the definition of Packet Filtering rules using the

following network protocol fields:

• IPv4

o Source address

o Destination Address

o Protocol

• IPv6

o Source address

o Destination Address

o Next Header (Protocol)

• TCP