Specifications
Cisco ISR-800 Security Target
59
TOE SFRs
How the SFR is Met
timestamps. The clock function is reliant on the system clock provided by the
underlying hardware. The TOE can optionally be set to receive clock updates
from an NTP server. This date and time is used as the time stamp that is applied
to TOE generated audit records and used to track inactivity of administrative
sessions.
It is also used for time-related aspects of IPsec peer communication such
as key lifetimes
FPT_TUD_EXT.1
The TOE has specific versions that can be queried by an administrator. When
updates are made available by Cisco, an administrator can obtain and install those
updates. The updates can be downloaded from the Cisco.com web site.
Authorized Administrators can download the Common Criteria evaluated software
image file from Cisco.com onto a trusted computer system for usage in the trusted
update functionality. Software images are available from Cisco.com at the
following:
http://www.cisco.com/cisco/software/navigator.html. Digital signatures
and published hash mechanisms are used to verify software/firmware update files
(to ensure they have not been modified from the originals distributed by Cisco)
before they are used to actually update the applicable TOE components. The
digital certificates used by the update verification mechanism are contained on the
TOE.
Instructions for how to do this verification are provided in the administrator
guidance for this evaluation.
FPT_TST_EXT.1
As a FIPS 140-2 validated product, the TOE runs a suite of self-tests during initial
start-up to verify its correct operation. Refer to the FIPS Security Policy for
available options and management of the cryptographic self-test. For testing of
the TSF, the TOE automatically runs checks and tests at startup and during resets
to ensure the TOE is operating correctly, including checks of image integrity and
all cryptographic functionality.
During the system bootup process (power on or reboot), all the Power on Startup
Test (POST) components for all the cryptographic modules perform the POST for
the corresponding component (hardware or software). These tests include:
• AES Known Answer Test
• RSA Signature Known Answer Test (both signature/verification)
• Power up bypass test
• RNG Known Answer Test
• Diffie Hellman test
• HMAC Known Answer Test
• SHA-1/256/384/512 Known Answer Test
• Triple-DES Known Answer Test
• Software Integrity Test
If any component reports failure for the POST, the system crashes and appropriate
information is displayed on the screen, and saved in the crashinfo file.
All ports are blocked from moving to forwarding state during the POST. If all
components of all modules pass the POST, the system is placed in FIPS PASS
state and ports are allowed to forward data traffic.
These tests are sufficient to verify that the correct version of the TOE software is
running as well as that the cryptographic operations are all performing as expected
because any deviation in the TSF behavior will be identified by the failure of a