FMTSMR.1.2 | Nortel Networks 7.05, 7.11 instruction

Security Target, Version 3.9	March 18, 2008

The TSF shall maintain the roles [Primary Admin, Restricted Admin, VPN User].

FMT_SMR.1.2

The TSF shall be able to associate users with roles.

Dependencies: FIA_UID.1 Timing of identification

Nortel VPN Router v7.05 and Client Workstation v7.11	Page 36 of 67
© 2008 Nortel Networks

Page 36

Image 36

Nortel Networks 7.05, 7.11 manual FMTSMR.1.2, Dependencies FIAUID.1 Timing of identification

Contents

Nortel Networks Corsec Security, Inc Revision History Version Modification Date Modified By Description of Changes Table of Contents Table of Figures Table of TablesProtection Profile Claims Rationale Security Target Introduction PurposeSecurity Target, TOE and CC Identification and Conformance ST, TOE, and CC Identification and Conformance Conventions, Acronyms, and Terminology ConventionsTerminology Terminology Primary Admin password TOE Description Product TypeProduct Description Branch Office Deployment Configuration of the TOE TOE Boundaries and Scope Physical Boundary Logical Boundary TOE Environment World Enterprise Security Audit Cryptographic SupportUser Data Protection Identification and Authentication Security ManagementProtection of the TOE Security Functions Trusted Path/Channels Excluded TOE Functionality TOE Security Environment AssumptionsThreats to Security Threats Addressed by the TOE Threats Addressed by the TOE Environment Security Objectives Security Objectives for the TOE Security Objectives for the Environment IT Security ObjectivesNon-IT Security Objectives OE.TIME IT Security Requirements TOE Security Functional RequirementsTOE Security Functional Requirements ST Operation Description ST Operation Class FAU Security Audit FAUGEN.1 Audit Data GenerationFAUSAR.1 Audit review Auditable Events Dependencies FAUGEN.1 Audit data generation Class FCS Cryptographic Support FCSCKM.1a Cryptographic key generation Diffie-HellmanFCSCKM.1b Cryptographic key generation RSA FCSCKM.4 Cryptographic key destruction FCSCOP.1b Cryptographic operation authentication FCSCOP.1d Cryptographic operation random number generationFCSCOP.1e Cryptographic operation hashing Security Target, Version March 18 FDPACC.2 Complete access control FDPACF.1 Security attribute based access controlClass FDP User Data Protection FDPIFC.2a Complete information flow control VPN FDPIFC.2b Complete information flow control Firewall FDPIFF.1a Simple security attributes VPN FDPIFF.1b Simple security attributes Firewall FDPUCT.1 Basic data exchange confidentiality FDPUIT.1 Data exchange integrityFDPUCT.1.1 FDPUIT.1.1 Class FIA Identification and Authentication FIAUAU.1 Timing of authenticationFIAUAU.5 Multiple authentication mechanisms FIAUID.2 User identification before any action Dependencies No dependencies Class FMT Security Management FMTMOF.1a Management of security functions behaviourFMTMOF.1b Management of security functions behaviour FMTMSA.1a Management of security attributes FMTMSA.1c Management of security attributes FMTMSA.2 Secure security attributesFMTMSA.3a Static attribute initialisation FMTMSA.2.1 FMTSMF.1 Specification of Management Functions FMTMSA.3b Static attribute initialisationFMTMSA.3c Static attribute initialisation FMTSMR.1 Security roles FMTSMR.1.2 FPTAMT.1 Abstract machine testing FPTTST.1 TSF testingClass FPT Protection of the TSF FPTRPL.1 Replay detection Class FTP Trusted Path/Channels FTPTRP.1 Trusted pathFTPTRP.1.1 FTPTRP.1.2 Security Functional Requirements on the IT Environment FPTRVM.1 Non-bypassability of the TSPFPTSEP.1 TSF domain separation FPTSTM.1 Reliable time stamps Security Target, Version 3.9March 18 Assurance Requirements Assurance ComponentsAssurance Requirements TOE Summary Specification TOE Security FunctionsTOE Security Description Function Configuration Log Security AuditAccounting Logs Security Log System Log Event Log Cryptographic Support Fips Validated ModulesFIPS-Validated Cryptographic Algorithms Validation Modules Fips 140-2 Certificate # User Data Protection Identification and Authentication Security Management Power-Up Self-Tests Protection of the TOE Security FunctionsConditional Self-Tests TOE Security Assurance Measures Trusted Path/ChannelsTOE Security Functional Requirements Satisfied FTPTRP.1 Assurance Assurance Measure Component Augmentation to EAL 4+ assurance level Protection Profile Claims Protection Profile Reference Rationale Security Objectives RationaleRelationship of Security Threats to Objectives TOE Objectives Environmental Objectives Non-IT Hack Certificate Security Functional Requirements Rationale OE.CERTIFICATE Relationship of Security Requirements to Objectives Objectives Requirements Functions and data Env Able to access such functionality FMTMSA.3a,b,c Reject packets based on their attributes Integrity Security Assurance Requirements Rationale Rationale for Strength of FunctionDependency Rationale Functional Requirements Dependencies FCSCOP.1 TOE Summary Specification Rationale Configuration Management Secure Delivery and OperationDevelopment Guidance Documentation Life Cycle Support DocumentsTests Strength of Function Vulnerability and TOE Strength of Function Analyses Acronyms AcronymsAcronym Definition DoD SHA