Nortel Networks 7.05, 7.11 manual FDPIFC.2b Complete information flow control Firewall

The TSF shall enforce the [VPN Information Flow Control SFP] on [remote authenticated VPN Clients connecting to a Nortel VPN Router] and all operations that cause that information to flow to and from subjects covered by the SFP.

FDP_IFC.2.2(a)

The TSF shall ensure that all operations that cause any information in the TSC to flow to and from any subject in the TSC are covered by an information flow control SFP.

Dependencies: FDP_IFF.1 Simple security attributes

FDP_IFC.2(b) Complete information flow control (Firewall)

Hierarchical to: FDP_IFC.1

FDP_IFC.2.1(b)

The TSF shall enforce the [Firewall Information Flow Control SFP] on [hosts on either side of a Nortel VPN Router (subject), and the Nortel VPN Router (subject), and all data flowing between the subjects (information)] and all operations that cause that information to flow to and from subjects covered by the SFP.

FDP_IFC.2.2(b)

The TSF shall ensure that all operations that cause any information in the TSC to flow to and from any subject in the TSC are covered by an information flow control SFP.

Dependencies: FDP_IFF.1 Simple security attributes

FDP_IFF.1(a) Simple security attributes (VPN)

Hierarchical to: No other components.

FDP_IFF.1.1(a)

The TSF shall enforce the [VPN Information Flow Control SFP] based on the following types of subject and information security attributes: [

ouser identity,

ouser authentication credentials and tunnel filtering of packets is based on

oProtocol ID, o Direction,

o Source, destination IP addresses, o Source, destination ports,

o Service].

FDP_IFF.1.2(a)

The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: [the VPN Client successfully authenticates to the Nortel VPN Router].