Page 33
Security Target, Version 3.9 | March 18, 2008 |
| |
5.1.5 Class FMT: Security Management
FMT_MOF.1(a) Management of security functions behaviour
Hierarchical to: No other components.
FMT_MOF.1.1(a)
The TSF shall restrict the ability to [modify the behaviour of] the functions [creation and rights assignment of Restricted Admins] to [Primary Admin].
Dependencies: FMT_SMF.1 Specification of management functions
FMT_SMR.1 Security roles
FMT_MOF.1(b) Management of security functions behaviour
Hierarchical to: No other components.
FMT_MOF.1.1(b)
The TSF shall restrict the ability to [determine the behaviour of] the functions [all administrator functions allowed by Primary Admin] to [Restricted Admins].
Dependencies: FMT_SMF.1 Specification of management functions
FMT_SMR.1 Security roles
FMT_MSA.1(a) Management of security attributes
Hierarchical to: No other components.
FMT_MSA.1.1(a)
The TSF shall enforce the [Access Control SFP] to restrict the ability to [modify] the security attributes [which includes all internal attributes available to the administrators] to [Primary Admin, Restricted Admins].
Dependencies: [FDP_ACC.1 Subset access control or
FDP_IFC.1 Subset information flow control]
FMT_SMF.1 Specification of management functions
FMT_SMR.1 Security roles
FMT_MSA.1(b) Management of security attributes
Hierarchical to: No other components.
FMT_MSA.1.1(b)
The TSF shall enforce the [Firewall Information Control SFP] to restrict the ability to [modify] the security attributes [which includes all internal attributes available to the administrators] to [Primary Admin, Restricted Admins].
Nortel VPN Router v7.05 and Client Workstation v7.11 | Page 33 of 67 |
© 2008 Nortel Networks | |
Contents
Nortel Networks Corsec Security, Inc
Version Modification Date Modified By Description of Changes
Revision History
Table of Contents
Table of Tables
Table of Figures
Protection Profile Claims
Rationale
Purpose
Security Target Introduction
Security Target, TOE and CC Identification and Conformance
ST, TOE, and CC Identification and Conformance
Conventions
Conventions, Acronyms, and Terminology
Terminology
Terminology
Primary Admin password
TOE Description
Product Type
Product Description
Branch Office Deployment Configuration of the TOE
Physical Boundary
TOE Boundaries and Scope
TOE Environment
Logical Boundary
Enterprise
World
Security Audit
Cryptographic Support
User Data Protection
Security Management
Identification and Authentication
Protection of the TOE Security Functions
Trusted Path/Channels
Excluded TOE Functionality
TOE Security Environment
Assumptions
Threats to Security
Threats Addressed by the TOE Environment
Threats Addressed by the TOE
Security Objectives for the TOE
Security Objectives
IT Security Objectives
Security Objectives for the Environment
Non-IT Security Objectives
OE.TIME
TOE Security Functional Requirements
IT Security Requirements
TOE Security Functional Requirements
ST Operation
Description ST Operation
FAUGEN.1 Audit Data Generation
Class FAU Security Audit
FAUSAR.1 Audit review
Auditable Events
Dependencies FAUGEN.1 Audit data generation
FCSCKM.1a Cryptographic key generation Diffie-Hellman
Class FCS Cryptographic Support
FCSCKM.1b Cryptographic key generation RSA
FCSCKM.4 Cryptographic key destruction
FCSCOP.1b Cryptographic operation authentication
FCSCOP.1d Cryptographic operation random number generation
FCSCOP.1e Cryptographic operation hashing
Security Target, Version March 18
FDPACF.1 Security attribute based access control
FDPACC.2 Complete access control
Class FDP User Data Protection
FDPIFC.2a Complete information flow control VPN
FDPIFF.1a Simple security attributes VPN
FDPIFC.2b Complete information flow control Firewall
FDPIFF.1b Simple security attributes Firewall
FDPUIT.1 Data exchange integrity
FDPUCT.1 Basic data exchange confidentiality
FDPUCT.1.1
FDPUIT.1.1
FIAUAU.1 Timing of authentication
Class FIA Identification and Authentication
FIAUAU.5 Multiple authentication mechanisms
FIAUID.2 User identification before any action
Dependencies No dependencies
FMTMOF.1a Management of security functions behaviour
Class FMT Security Management
FMTMOF.1b Management of security functions behaviour
FMTMSA.1a Management of security attributes
FMTMSA.2 Secure security attributes
FMTMSA.1c Management of security attributes
FMTMSA.3a Static attribute initialisation
FMTMSA.2.1
FMTMSA.3b Static attribute initialisation
FMTSMF.1 Specification of Management Functions
FMTMSA.3c Static attribute initialisation
FMTSMR.1 Security roles
FMTSMR.1.2
FPTTST.1 TSF testing
FPTAMT.1 Abstract machine testing
Class FPT Protection of the TSF
FPTRPL.1 Replay detection
FTPTRP.1 Trusted path
Class FTP Trusted Path/Channels
FTPTRP.1.1
FTPTRP.1.2
FPTRVM.1 Non-bypassability of the TSP
Security Functional Requirements on the IT Environment
FPTSEP.1 TSF domain separation
FPTSTM.1 Reliable time stamps
Security Target, Version 3.9March 18
Assurance Requirements
Assurance Components
Assurance Requirements
TOE Security Functions
TOE Summary Specification
TOE Security
Description Function
Security Audit
Configuration Log
Accounting Logs
Security Log
Event Log
System Log
Fips Validated Modules
Cryptographic Support
FIPS-Validated Cryptographic Algorithms
Validation Modules Fips 140-2 Certificate #
User Data Protection
Security Management
Identification and Authentication
Power-Up Self-Tests
Protection of the TOE Security Functions
Conditional Self-Tests
Trusted Path/Channels
TOE Security Assurance Measures
TOE Security Functional Requirements Satisfied FTPTRP.1
Assurance Assurance Measure Component
Augmentation to EAL 4+ assurance level
Protection Profile Reference
Protection Profile Claims
Security Objectives Rationale
Rationale
Relationship of Security Threats to Objectives
TOE Objectives Environmental Objectives Non-IT
Hack
Certificate
OE.CERTIFICATE
Security Functional Requirements Rationale
Objectives Requirements
Relationship of Security Requirements to Objectives
Env
Functions and data
FMTMSA.3a,b,c
Able to access such functionality
Integrity
Reject packets based on their attributes
Rationale for Strength of Function
Security Assurance Requirements Rationale
Dependency Rationale
Functional Requirements Dependencies
FCSCOP.1
TOE Summary Specification Rationale
Configuration Management
Secure Delivery and Operation
Development
Guidance Documentation
Life Cycle Support Documents
Tests
Vulnerability and TOE Strength of Function Analyses
Strength of Function
Acronyms
Acronyms
Acronym Definition
DoD
SHA
