Specifications
Cisco ISR-800 Security Target
48
6 TOE SUMMARY SPECIFICATION
6.1 TOE Security Functional Requirement Measures
This chapter identifies and describes how the Security Functional Requirements identified above
are met by the TOE.
Table 18 How TOE SFRs are met
TOE SFRs
How the SFR is Met
FAU_GEN.1
The TOE generates an audit record that is stored internally within the TOE
whenever an audited event occurs. The types of events that cause audit records to
be generated include: startup and shutdown of the audit mechanism, cryptography
related events, identification and authentication related events, and administrative
events (the specific events and the contents of each audit record are listed in the
table within the FAU_GEN.1 SFR, “Auditable Events Table”). Each of the events
is specified in syslog records in enough detail to identify the user for which the
event is associated, date and time the event occurred, where the event occurred,
the outcome of the event, and the type of event that occurred. When the incoming
traffic to the TOE exceeds what the interface can handle, the packets are dropped
at the input queue itself and there are no error messages generated.
Auditable Event
Rationale
All use of the user
identification mechanism.
Events will be generated for attempted
identification/ authentication, and the username
attempting to authenticate and source address or
interface will be included in the log record.
Any use of the
authentication mechanism.
Events will be generated for attempted
identification/ authentication, and the username
attempting to authenticate will be included in
the log record, along with the origin or source
of the attempt.
Management functions
The use of the security management functions is
logged; modifications of the behavior of the
functions in the TSF and modifications of
default settings.
Changes to the time.
The old and new values for the time.
Origin of the attempt (e.g., IP address).
Failure to establish an IPsec
SA.
Establishment/Termination
of an IPsec SA.
Reason for failure.
Non-TOE endpoint of connection (IP address)
for both successes and failures Source and
destination addresses