Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2014 Cisco Systems, Inc. All rights reserved.
Cisco ISR-800 Security Target 10 Figure 1 TOE Example Deployment = TOE Boundary
Cisco ISR-800 Security Target 11 The previous figure includes the following: • Several examples of TOE Models o Cisco ISR-819 o Cisco ISR-89
Cisco ISR-800 Security Target 12 web site. The TOE is comprised of the following physical specifications as described in Table 4 below: Table 4 Har
Cisco ISR-800 Security Target 13 Hardware Picture Size Power Specifications Interfaces Cisco ISR-C819HG-4G-G-K9 Architecture Generation – 880-
Cisco ISR-800 Security Target 14 Hardware Picture Size Power Specifications Interfaces Cisco ISR-C819G-4G-V-K9 Architecture Generation – 880-B Onb
Cisco ISR-800 Security Target 15 Hardware Picture Size Power Specifications Interfaces Cisco ISR-C819HGW-V-A-K9 Architecture Generation – 880-
Cisco ISR-800 Security Target 16 Hardware Picture Size Power Specifications Interfaces Cisco ISR-C881WD-A-K9 Architecture Generation – 880-B Onbo
Cisco ISR-800 Security Target 17 Hardware Picture Size Power Specifications Interfaces Cisco ISR-C881W-A-K9 Architecture Generation – 880-B O
Cisco ISR-800 Security Target 18 Hardware Picture Size Power Specifications Interfaces CISCO891W-AGN-A-K9 Architecture Generation – 890-A Onboard
Cisco ISR-800 Security Target 19 1.6.2 Cryptographic Support The TOE provides cryptography in support of other Cisco ISR-800 security functiona
Cisco ISR-800 Security Target 2 Table of Contents 1 SECURITY TARGET INTRODUCTION ...
Cisco ISR-800 Security Target 20 The TOE can act as a certification authority thus signing and issuing certificates to other devices. The TOE can al
Cisco ISR-800 Security Target 21 • All identification and authentication; • All audit functionality of the TOE; • All TOE cryptographic fun
Cisco ISR-800 Security Target 22 1.6.8 TOE Access The TOE can terminate inactive sessions after an Authorized Administrator configurable time-period
Cisco ISR-800 Security Target 23 2 CONFORMANCE CLAIMS 2.1 Common Criteria Conformance Claim The TOE and ST are compliant with the Common Crite
Cisco ISR-800 Security Target 24 All concepts covered in the Protection Profile’s Statement of Security Objectives are included in the Security Targe
Cisco ISR-800 Security Target 25 3 SECURITY PROBLEM DEFINITION This chapter identifies the following: • Significant assumptions about the TOE
Cisco ISR-800 Security Target 26 Threat Threat Definition T.ADMIN_ERROR An administrator may unintentionally install or configure the TOE incorrec
Cisco ISR-800 Security Target 27 Policy Name Policy Definition P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions
Cisco ISR-800 Security Target 28 4 SECURITY OBJECTIVES This Chapter identifies the security objectives of the TOE and the IT Environment. The secur
Cisco ISR-800 Security Target 29 TOE Objective TOE Security Objective Definition O.ADDRESS_FILTERING The TOE will provide the means to filter
Cisco ISR-800 Security Target 3 5.3.7 Protection of the TSF (FPT) ...
Cisco ISR-800 Security Target 30 5 SECURITY REQUIREMENTS This section identifies the Security Functional Requirements for the TOE. The Security Fun
Cisco ISR-800 Security Target 31 Class Name Component Identification Component Name FCS: Cryptographic support FCS_CKM.1(1) Cryptographic Key
Cisco ISR-800 Security Target 32 Class Name Component Identification Component Name FPT_SKP_EXT.1 Extended: Protection of TSF Data (for reading of
Cisco ISR-800 Security Target 33 Table 15 Auditable Events SFR Auditable Event Additional Audit Record Contents FAU_GEN.1 None. None. FAU_GEN.
Cisco ISR-800 Security Target 34 SFR Auditable Event Additional Audit Record Contents FIA_X509_EXT.1 Establishing session with CA Source and destina
Cisco ISR-800 Security Target 35 SFR Auditable Event Additional Audit Record Contents Failure of the trusted channel functions. FTP_TRP.1 Init
Cisco ISR-800 Security Target 36 • FIPS PUB 186-3, “Digital Signature Standard (DSS)”, Appendix B.4 for ECDSA schemes and implementing “NIST curves
Cisco ISR-800 Security Target 37 5.3.2.7 FCS_COP.1(4) Cryptographic Operation (for keyed-hash message authentication) FCS_COP.1.1(4) Refinement
Cisco ISR-800 Security Target 38 FCS_IPSEC_EXT.1.10 The TSF shall generate nonces used in IKE exchanges in a manner such that the probability that a
Cisco ISR-800 Security Target 39 FCS_SSH_EXT.1.6 The TSF shall ensure that data integrity algorithms used in SSH transport connection is [hmac-s
Cisco ISR-800 Security Target 4 List of Tables TABLE 1 ACRONYMS...
Cisco ISR-800 Security Target 40 • composed of any combination of upper and lower case letters, numbers, and special characters (that include: “!”,
Cisco ISR-800 Security Target 41 RFC 5759]. FIA_X509_EXT.1.6 The TSF shall validate a certificate path by ensuring the presence of the basicCo
Cisco ISR-800 Security Target 42 5.3.5.4 FMT_SMR.2 Restrictions on Security Roles FMT_SMR.2.1 The TSF shall maintain the roles: • Authorized Admin
Cisco ISR-800 Security Target 43 o Source Port o Destination Port • UDP o Source Port o Destination Port and distinct interface. FPF_
Cisco ISR-800 Security Target 44 5.3.7.5 FPT_TST_EXT.1: Extended: TSF Testing FPT_TST_EXT.1.1 The TSF shall run a suite of self tests during initial
Cisco ISR-800 Security Target 45 5.3.9 Trusted Path/Channels (FTP) 5.3.9.1 FTP_ITC.1 Inter-TSF trusted channel FTP_ITC.1.1 Refinement: Th
Cisco ISR-800 Security Target 46 5.5 Security Assurance Requirements 5.5.1 SAR Requirements The TOE assurance requirements for this ST are taken di
Cisco ISR-800 Security Target 47 5.6 Assurance Measures The TOE satisfies the identified assurance requirements. This section identifies the A
Cisco ISR-800 Security Target 48 6 TOE SUMMARY SPECIFICATION 6.1 TOE Security Functional Requirement Measures This chapter identifies and describes
Cisco ISR-800 Security Target 49 TOE SFRs How the SFR is Met Session Establishment with peer. Source and destination ports TOE Interface Es
Cisco ISR-800 Security Target 5 List of Acronyms The following acronyms and abbreviations are common and may be used in this Security Target:
Cisco ISR-800 Security Target 50 TOE SFRs How the SFR is Met The termination of an interactive session. An audit event is generated by an authorize
Cisco ISR-800 Security Target 51 TOE SFRs How the SFR is Met the buffer contents when connectivity to the syslog server is restored. This store
Cisco ISR-800 Security Target 52 TOE SFRs How the SFR is Met 384, and SHA-512 with message digest sizes 160, 256, 384 and 512 bits respectively, as
Cisco ISR-800 Security Target 53 TOE SFRs How the SFR is Met lets two peers agree on how to build an IPsec Security Association (SA). The stren
Cisco ISR-800 Security Target 54 TOE SFRs How the SFR is Met confidentiality of the session. • The TOE’s implementation of SSHv2 supports hashing a
Cisco ISR-800 Security Target 55 TOE SFRs How the SFR is Met the Authorized Administrator. New passwords must contain a minimum of 4 character
Cisco ISR-800 Security Target 56 TOE SFRs How the SFR is Met screen so that the user password is obscured. For remote session authentication, the TO
Cisco ISR-800 Security Target 57 TOE SFRs How the SFR is Met • Ability to configure the cryptographic functionality, • Ability to configure t
Cisco ISR-800 Security Target 58 TOE SFRs How the SFR is Met action associated with the rule is to pass traffic). Rules are enforced on a first matc
Cisco ISR-800 Security Target 59 TOE SFRs How the SFR is Met timestamps. The clock function is reliant on the system clock provided by the und
Cisco ISR-800 Security Target 6 DOCUMENT INTRODUCTION Prepared By: Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 This document provide
Cisco ISR-800 Security Target 60 TOE SFRs How the SFR is Met self-test. The integrity of stored TSF executable code when it is loaded for execution
Cisco ISR-800 Security Target 61 TOE SFRs How the SFR is Met FTP_TRP.1 All remote administrative communications take place over a secure encryp
Cisco ISR-800 Security Target 62 7 ANNEX A: KEY ZEROIZATION 7.1 Key Zeroization The following table describes the key zeroization referenced by FCS
Cisco ISR-800 Security Target 63 Name Description Zeroization key encryption and authentication keys. The entire object is overwritten by 0’s u
Cisco ISR-800 Security Target 64 8 ANNEX B: REFERENCES The following documentation was used to prepare this ST: Table 20 References Identifier Des
Cisco ISR-800 Security Target 7 1 SECURITY TARGET INTRODUCTION The Security Target contains the following sections: • Security Target Introd
Cisco ISR-800 Security Target 8 1.2 TOE Overview The Cisco ISR-800 is a purpose-built, routing platform that combines data, security, unified commun
Cisco ISR-800 Security Target 9 Component Required Usage/Purpose Description for TOE performance of the TOE configuration, and likely administer
Comments to this Manuals