Specifications
Cisco ISR-800 Security Target
54
TOE SFRs
How the SFR is Met
confidentiality of the session.
• The TOE’s implementation of SSHv2 supports hashing algorithms
HMAC-SHA1, HMAC-SHA-1-96, to ensure the integrity of the session.
• The TOE’s implementation of SSHv2 can be configured to only allow
Diffie-Hellman Group 14 (2048-bit keys) Key Establishment, as required
by the PP.
• packets greater than 35,000 bytes in an SSH transport connection are
dropped
FCS_RBG_EXT.1
The TOE implements a NIST-approved AES-CTR Deterministic Random Bit
Generator (DRBG), as specified in SP 800-90 seeded by an entropy source that
accumulates entropy from a TSF-hardware based noise source. The deterministic
RBG is seeded with a minimum of 256 bits of entropy, which is at least equal to
the greatest security strength of the keys and hashes that it will generate. The
information has been detailed in the document – “Cisco Integrated Services Router
(ISR) 800 Series Entropy Information”
FDP_RIP.2
The TOE ensures that packets transmitted from the TOE do not contain residual
information from data deallocated from previous packets. Packets that are not the
required length use zeroes for padding (zeroization is not done on the data field on
the packet but just the header). Residual data is never transmitted from the TOE.
Once packet handling is completed memory buffer content is zeroized before
reuse. This applies to both data plane traffic and administrative session traffic.
FDP_RIP.2 also applies to traffic traversing the TOE. The TOE enforces
information flow policies on traffic through the TOE from unauthenticated IT
entities. These policies are enforced on network traffic received by the TOE
interfaces and leaving the TOE through other TOE interfaces. When network
traffic is received on a TOE interface from an unauthenticated source, the TOE
verifies whether the network traffic is allowed or not and performs one or more of
the following actions: pass or drop, encrypt or decrypt, and optionally log.
FIA_AFL.1
The TOE provides the privileged administrator the ability to specify the maximum
number of unsuccessful authentication attempts (between 1 and 25) before
privileged administrator or non-privileged administrator is locked out through the
administrative CLI using a privileged CLI command.
When a privileged administrator or non-privileged administrator attempting to log
into the administrative CLI reaches the administratively set maximum number of
failed authentication attempts, the user will not be granted access to the
administrative functionality of the TOE until a privileged administrator resets the
user's number of failed login attempts through the administrative CLI.
FIA_PMG_EXT.1
The TOE supports the local definition of users with corresponding passwords. The
passwords can be composed of any combination of upper and lower case letters,
numbers, and special characters (that include: “!”, “@”, “#”, “$”, “%”, “^”, “&”,
“*”, “(“, and “)”. Minimum password length is settable by the Authorized
Administrator, and support passwords of 8 characters or greater. In the evaluated
configuration, the Authorised Administrator must configure the password length
to be 15 characters or more. Password composition rules specifying the types and
number of required characters that comprise the password are settable by the
Authorized Administrator. Passwords have a maximum lifetime, configurable by