Specifications
Cisco ISR-800 Security Target
60
TOE SFRs
How the SFR is Met
self-test.
The integrity of stored TSF executable code when it is loaded for execution can be
verified through the use of RSA and Elliptic Curve Digital Signature algorithms.
FTA_SSL_EXT.1
An administrator can configure maximum inactivity times individually for both
local and remote administrative sessions through the use of the “session-timeout”
setting applied to the console. When a session is inactive (i.e., no session input
from the administrator) for the configured period of time the TOE will terminate
the session, and no further activity is allowed requiring the administrator to log in
(be successfully identified and authenticated) again to establish a new session. If a
remote user session is inactive for a configured period of time, the session will be
terminated and will require authentication to establish a new session.
The allowable inactivity timeout range is from 1 to 65535 seconds.
Administratively configurable timeouts are also available for the EXEC level
access (access above level 1) through use of the “exec-timeout” setting.
FTA_SSL.3
FTA_SSL.4
An administrator is able to exit out of both local and remote administrative
sessions. Each administrator logged onto the TOE can manually terminate their
session using the “exit” command.
FTA_TAB.1
The TOE displays a privileged Administrator specified banner on the CLI
management interface prior to allowing any administrative access to the TOE.
This is applicable for both local and remote TOE administration.
FTP_ITC.1
The TOE protects communications with peer or neighbour routers using keyed
hash as defined in FCS_COP.1.1(4) and cryptographic hashing functions
FCS_COP.1.1(3). This protects the data from modification of data by hashing that
verify that data has not been modified in transit. In addition, encryption of the
data as defined in FCS_COP.1.1(1) is provided to ensure the data is not disclosed
in transit. The TSF allows the TSF, or the authorized IT entities to initiate
communication via the trusted channel.
The TOE also requires that peers and other TOE instances establish an IKE/IPsec
connection in order to forward routing tables used by the TOE. In addition the
TOE can establish secure VPN tunnels with IPsec VPN clients.
The TOE also requires that peers establish an IKE/IPsec connection to a CA server
for sending certificate signing requests.
The TOE protects communications between the TOE and the remote audit server
using IPsec. This provides a secure channel to transmit the log events.
Likewise communications between the TOE and AAA servers are secured using
IPsec.
The distinction between “remote VPN gateway/peer” and “another instance of the
TOE” is that “another instance of the TOE” would be installed in the evaluated
configuration, and likely administered by the same personnel, whereas a “remote
VPN gateway/peer” could be any interoperable IPsec gateway/peer that is
expected to be administered by personnel who are not administrators of the TOE,
and who share necessary IPsec tunnel configuration and authentication credentials
with the TOE administrators. For example, the exchange of X.509 certificates for
certificate based authentication.