Security Target, Version 3.9

March 18, 2008

 

 

5.1.3 Class FDP: User Data Protection

FDP_ACC.2 Complete access control

Hierarchical to: FDP_ACC.1

FDP_ACC.2.1

The TSF shall enforce the [Access Control SFP] on [Subjects: administrators; Objects: VPN Router configuration parameters] and all operations among subjects and objects covered by the SFP.

FDP_ACC.2.2

The TSF shall ensure that all operations between any subject in the TSC and any object within the TSC are covered by an access control SFP.

Dependencies: FDP_ACF.1 Security attribute based access control

FDP_ACF.1 Security attribute based access control

Hierarchical to: No other components.

FDP_ACF.1.1

The TSF shall enforce the [Access Control SFP] to objects based on the following: [administrator privileges].

FDP_ACF.1.2

The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [if an administrator has been authenticated, if that administrator has privileges granted by the Primary Admin].

FDP_ACF.1.3

The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [access to all administrative functions is permitted once a Primary Admin has been identified and authenticated successfully].

FDP_ACF.1.4

The TSF shall explicitly deny access of subjects to objects based on [no additional explicit denial rules].

Dependencies: FDP_ACC.1 Subset access control

FMT_MSA.3 Static attribute initialization

FDP_IFC.2(a) Complete information flow control (VPN)

Hierarchical to: FDP_IFC.1

FDP_IFC.2.1(a)

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 27 of 67

© 2008 Nortel Networks

 

Page 27
Image 27
Nortel Networks 7.11, 7.05 manual Class FDP User Data Protection, FDPACC.2 Complete access control