Specifications
Cisco ISR-800 Security Target
57
TOE SFRs
How the SFR is Met
• Ability to configure the cryptographic functionality,
• Ability to configure the IPsec functionality,
• Ability to enable, disable, determine and modify the behavior of all the
security functions of the TOE identified in this EP to the Administrator,
• Ability to configure all security management functions identified in other
sections of this EP.
FMT_SMR.2
The TOE platform maintains privileged and semi-privileged administrator roles.
The TOE performs role-based authorization, using TOE platform authorization
mechanisms, to grant access to the semi-privileged and privileged roles. For the
purposes of this evaluation, the privileged role is equivalent to full administrative
access to the CLI, which is the default access for IOS privilege level 15; and the
semi-privileged role equates to any privilege level that has a subset of the
privileges assigned to level 15. Privilege levels 0 and 1 are defined by default and
are customizable, while levels 2-14 are undefined by default and are also
customizable. Note: the levels are not hierarchical.
The term “Authorized Administrator” is used in this ST to refer to any user which
has been assigned to a privilege level that is permitted to perform the relevant
action; therefore has the appropriate privileges to perform the requested functions.
The privilege level determines the functions the user can perform; hence the
Authorized Administrator with the appropriate privileges.
The TOE must be configured to authenticate all access to the command line
interface using a username and password. The TOE supports both local
administration via a directly connected console cable and remote authentication
via SSH.
FPF_RUL_EXT.1
An authorized administrator can define the traffic that needs to be protected by
configuring access lists (permit, deny, log) and applying these access lists to
interfaces using access and crypto map sets. Therefore, traffic may be selected on
the basis o
f the source and destination address, and optionally the Layer 4 protocol
and port.
The TOE enforces information flow policies on network packets that are received
by TOE interfaces and leave the TOE through other TOE interfaces. When
network packets are received on a TOE interface, the TOE verifies whether the
network traffic is allowed or not and performs one of the following actions,
pass/not pass information, as well as optional logging.
By implementing rules that defines the permitted flow of traffic between interfaces
of the ISR-800 for unauthenticated traffic. These rules control whether a packet is
transferred from one interface to another based on:
• presumed address of source
• presumed address of destination
• transport layer protocol (or next header in IPv6)
• Service used (UDP or TCP ports, both source and destination)
• Network interface on which the connection request occurs
These rules are supported for the following protocols: RFC 791(IPv4); RFC 2460
(IPv6); RFC 793 (TCP); RFC 768 (UDP). TOE compliance with these protocols is
verified via regular quality assurance, regression, and interoperability testing.
Packets will be dropped unless a specific rule has been set up to allow the packet
to pass (where the attributes of the packet match the attributes in the rule and the