Security Target, Version 3.9 | March 18, 2008 |
|
|
5.1.3 Class FDP: User Data Protection
FDP_ACC.2 Complete access control
Hierarchical to: FDP_ACC.1
FDP_ACC.2.1
The TSF shall enforce the [Access Control SFP] on [Subjects: administrators; Objects: VPN Router configuration parameters] and all operations among subjects and objects covered by the SFP.
FDP_ACC.2.2
The TSF shall ensure that all operations between any subject in the TSC and any object within the TSC are covered by an access control SFP.
Dependencies: FDP_ACF.1 Security attribute based access control
FDP_ACF.1 Security attribute based access control
Hierarchical to: No other components.
FDP_ACF.1.1
The TSF shall enforce the [Access Control SFP] to objects based on the following: [administrator privileges].
FDP_ACF.1.2
The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [if an administrator has been authenticated, if that administrator has privileges granted by the Primary Admin].
FDP_ACF.1.3
The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [access to all administrative functions is permitted once a Primary Admin has been identified and authenticated successfully].
FDP_ACF.1.4
The TSF shall explicitly deny access of subjects to objects based on [no additional explicit denial rules].
Dependencies: FDP_ACC.1 Subset access control
FMT_MSA.3 Static attribute initialization
FDP_IFC.2(a) Complete information flow control (VPN)
Hierarchical to: FDP_IFC.1
FDP_IFC.2.1(a)
Nortel VPN Router v7.05 and Client Workstation v7.11 | Page 27 of 67 |
© 2008 Nortel Networks |
|