Cisco Integrated Services Router 800 Series Security Target Version 0.9 November 13, 2014 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2014 Cisco Systems, Inc. All rights reserved.
Cisco ISR-800 Security Target Table of Contents 1 SECURITY TARGET INTRODUCTION ............................................................................. 7 1.1 ST and TOE Reference .................................................................................................... 7 1.2 TOE Overview ................................................................................................................. 8 1.2.1 TOE Product Type ..................................................................
Cisco ISR-800 Security Target 5.3.7 Protection of the TSF (FPT) ................................................................................... 43 5.3.8 TOE Access (FTA) ................................................................................................. 44 5.3.9 Trusted Path/Channels (FTP).................................................................................. 45 5.4 TOE SFR Dependencies Rationale for SFRs ................................................................. 45 5.
Cisco ISR-800 Security Target List of Tables TABLE 1 ACRONYMS............................................................................................................................................................................................ 5 TABLE 2 ST AND TOE IDENTIFICATION.......................................................................................................................................................... 7 TABLE 3 IT ENVIRONMENT COMPONENTS ...................................
Cisco ISR-800 Security Target List of Acronyms The following acronyms and abbreviations are common and may be used in this Security Target: Table 1 Acronyms Acronyms / Abbreviations AAA ACL AES BRI CA CC CEM CM CSU DHCP DSU EAL EHWIC ESP GE HTTP HTTPS ICMP ISDN ISR IT NDPP OS PBKDF2 PoE POP3 PP SA SFP SHS SIP SSHv2 ST TCP TOE TSC TSF TSP UDP WAN WIC Definition Administration, Authorization, and Accounting Access Control Lists Advanced Encryption Standard Basic Rate Interface Certificate Authority Common C
Cisco ISR-800 Security Target DOCUMENT INTRODUCTION Prepared By: Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), the Integrated Services Router 800 Series (ISR-800).
Cisco ISR-800 Security Target 1 SECURITY TARGET INTRODUCTION The Security Target contains the following sections: • • • • • • Security Target Introduction [Section 1] Conformance Claims [Section 2] Security Problem Definition [Section 3] Security Objectives [Section 4] IT Security Requirements [Section 5] TOE Summary Specification [Section 6] The structure and content of this ST comply with the requirements specified in the Common Criteria (CC), Part 1, Annex A, and Part 2. 1.
Cisco ISR-800 Security Target 1.2 TOE Overview The Cisco ISR-800 is a purpose-built, routing platform that combines data, security, unified communications and wireless services on a single device. The TOE includes the hardware models as defined in Table 4 in Section 1.5 1.2.1 TOE Product Type The Cisco ISR-800s are fixed configuration routers that provide business solutions for secure voice and data communications to enterprise small branch offices.
Cisco ISR-800 Security Target Component of the TOE Required Usage/Purpose Description for TOE performance configuration, and likely administered by the same personnel. Used as a VPN peer. 1.3 TOE DESCRIPTION This section provides an overview of the Cisco ISR-800 Target of Evaluation (TOE). The TOE is comprised of both software and hardware.
Cisco ISR-800 Security Target Figure 1 TOE Example Deployment VPN Peer (Mandatory) Local Console (Mandatory) VPN Peer (Mandatory) Cisco ISR-819 Cisco ISR-891 Cisco ISR-881 Cisco ISR-800 Series Syslog Server (Mandatory) AAA Server (Optional) CA (Mandatory) = TOE Boundary 10 NTP Server(Optional) Management Workstation (Mandatory)
Cisco ISR-800 Security Target The previous figure includes the following: • Several examples of TOE Models o Cisco ISR-819 o Cisco ISR-891 o Cisco ISR-881 • The following are considered to be in the IT Environment: o (2) VPN Peers o Management Workstation o Authentication Server o NTP Server o Syslog Server o Local Console o CA 1.4 TOE Evaluated Configuration The TOE consists of one or more physical devices as specified in section 1.5 below and includes the Cisco IOS software.
Cisco ISR-800 Security Target web site. The TOE is comprised of the following physical specifications as described in Table 4 below: Table 4 Hardware Models and Specifications Hardware Cisco ISRC819G-4G-AK9 Architecture Generation – 880-B Picture Size 1.67 x 7.7 x 7.2 in. (42 x 196 x 183 mm) Onboard DRAM – 1024 MB Architecture Generation – 880-B Onboard DRAM – 512 MB Interfaces AC Power Adapter: • Maximum power consumption: 25W • Input voltage and currents supported: 100-264 VAC <0.
Cisco ISR-800 Security Target Hardware Cisco ISRC819HG-4G-GK9 Architecture Generation – 880-B Picture Size 1.73 x 7.7 x 8.1 in. (44 x 196 x 206 mm) Onboard DRAM – 1024 MB Architecture Generation – 880-B Interfaces AC Power Adapter: • Maximum power consumption: 25W • Input voltage and currents supported: 100-264 VAC <0.5A • Maximum output power rating: 20W (1)RJ45 Console or auxiliary port (1)Mini-USB port (1)Wireless WAN interface with 4G LTE, 3.7G, 3.
Cisco ISR-800 Security Target Hardware Cisco ISRC819G-4G-VK9 Architecture Generation – 880-B Picture Size Power Specifications Interfaces 1.67 x 7.7 x 7.2 in. (42 x 196 x 183 mm AC Power Adapter: • Maximum power consumption: 25W • Input voltage and currents supported: 100-264 VAC <0.5A • Maximum output power rating: 20W (1)RJ45 Console or auxiliary port (1)Mini-USB port (1)Wireless WAN interface with 4G LTE, 3.7G, 3.
Cisco ISR-800 Security Target Hardware Cisco ISRC819HGW-VA-K9 Architecture Generation – 880-B Picture Size Power Specifications 1.73 x 7.7 x 8.1 in. (44 x 196 x 206 mm) • Input Voltage: 85-264 VAC 100-240 VAC nominal • Maximum Power Consumption: 25W • Maximum Output Power Rating: 20 W (5VDC, 4 Amps) (1)RJ45 Console or auxiliary port (1)Mini-USB port (1)Wireless WAN interface with 4G LTE, 3.7G, 3.
Cisco ISR-800 Security Target Hardware Cisco ISRC881WD-A-K9 Picture Size Power Specifications Interfaces 1.7 x 12.8 x 10.4 in • AC input voltage: 100 to 240 VAC • Frequency: 50 to 60 Hz • Maximum output power: 60W • Output voltages: 12 VDC • Optional internal PoE with external adapter • Maximum output power: 80W • Output voltage, external: 48 VDC (4)10/100 Switch (2) PoE (factoryconfigurable option) (1) 10/100 FE WAN (1) 1-port console/aux (1) 1-port external USB 2.0 1.9 x 12.8 x 9.8 in.
Cisco ISR-800 Security Target Hardware Cisco ISRC881W-A-K9 Architecture Generation – 880-B Picture Size • AC input voltage: 100 to 240 VAC • Frequency: 50 to 60 Hz • Maximum output power: 60W • Output voltages: 12 VDC Optional internal PoE with external adapter: • Maximum output power: 80W • External output voltage: 48 VDC (1)10/100-Mbps Fast Ethernet WAN interface (4) 10/100 Mbps managed Switch LAN interface (1)Secure 802.11g/n accesspoint option based on draft 802.
Cisco ISR-800 Security Target Hardware Picture CISCO891WAGN-A-K9 Size 1.9 x 12.8 x 10.4 in.
Cisco ISR-800 Security Target 1.6.2 Cryptographic Support The TOE provides cryptography in support of other Cisco ISR-800 security functionality. This cryptography has been validated for conformance to the requirements of FIPS 140-2 Level 2. See Table 5 for certificate references.
Cisco ISR-800 Security Target The TOE can act as a certification authority thus signing and issuing certificates to other devices. The TOE can also use the X.509v3 certificate for securing IPsec and SSH, sessions. 1.6.3 Full Residual Information Protection The TOE ensures that all information flows from the TOE do not contain residual information from previous traffic. Packets are padded with zeroes. Residual data is never transmitted from the TOE. 1.6.
Cisco ISR-800 Security Target • • • • • • • All identification and authentication; All audit functionality of the TOE; All TOE cryptographic functionality; The timestamps maintained by the TOE; Update to the TOE and verification of the updates; Configuration of IPsec functionality; TOE configuration file storage and retrieval. The TOE supports two separate administrator roles: non-privileged administrator and privileged administrator.
Cisco ISR-800 Security Target 1.6.8 TOE Access The TOE can terminate inactive sessions after an Authorized Administrator configurable timeperiod. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. The TOE can also display an Authorized Administrator specified banner on the CLI management interface prior to allowing any administrative access to the TOE. 1.6.
Cisco ISR-800 Security Target 2 CONFORMANCE CLAIMS 2.1 Common Criteria Conformance Claim The TOE and ST are compliant with the Common Criteria (CC) Version 3.1, Revision 4, dated: September 2012. For a listing of Assurance Requirements claimed see section 5.5. The TOE and ST are CC Part 2 extended and CC Part 3 conformant. 2.2 Protection Profile Conformance The TOE and ST are conformant with the Protection Profiles as listed in Table 8 below: Table 8 Protection Profiles Protection Profile U.S.
Cisco ISR-800 Security Target All concepts covered in the Protection Profile’s Statement of Security Objectives are included in the Security Target. 2.3.3 Statement of Security Requirements Consistency The Security Functional Requirements included in the Security Target represent the Security Functional Requirements specified in the NDPPv1.1, and VPNGWEP v1.1 for which conformance is claimed verbatim.
Cisco ISR-800 Security Target 3 SECURITY PROBLEM DEFINITION This chapter identifies the following: • • • • Significant assumptions about the TOE’s operational environment. IT related threats to the organization countered by the TOE. Environmental threats requiring controls to provide sufficient protection. Organizational security policies for the TOE as appropriate. This document identifies assumptions as A.assumption with “assumption” specifying a unique name. Threats are identified as T.
Cisco ISR-800 Security Target Threat Definition Threat T.ADMIN_ERROR An administrator may unintentionally install or configure the TOE incorrectly, resulting in ineffective security mechanisms. T.TSF_FAILURE Security mechanisms of the TOE may fail, leading to a compromise of the TSF. T.UNDETECTED_ACTIONS Malicious remote users or external IT entities may take actions that adversely affect the security of the TOE.
Cisco ISR-800 Security Target Policy Name Policy Definition P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions of use, legal agreements, or any other appropriate information to which users consent by accessing the TOE.
Cisco ISR-800 Security Target 4 SECURITY OBJECTIVES This Chapter identifies the security objectives of the TOE and the IT Environment. The security objectives identify the responsibilities of the TOE and the TOE’s IT environment in meeting the security needs. • This document identifies objectives of the TOE as O.objective with objective specifying a unique name. Objectives that apply to the IT environment are designated as OE.objective with objective specifying a unique name. 4.
Cisco ISR-800 Security Target TOE Security Objective Definition TOE Objective O.ADDRESS_FILTERING O.AUTHENTICATION O.CRYPTOGRAPHIC_FUNCTIONS O.FAIL_SECURE O.PORT_FILTERING The TOE will provide the means to filter and log network packets based on source and destination addresses. The TOE will provide a means to authenticate the user to ensure they are communicating with an authorized external IT entity.
Cisco ISR-800 Security Target 5 SECURITY REQUIREMENTS This section identifies the Security Functional Requirements for the TOE. The Security Functional Requirements included in this section are derived from Part 2 of the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, dated: September 2012 and all international interpretations. 5.
Cisco ISR-800 Security Target Class Name FCS: Cryptographic support Component Identification Component Name FCS_CKM.1(1) Cryptographic Key Generation (for asymmetric keys) FCS_CKM.1(2) Cryptographic Key Generation (for asymmetric keys) FCS_CKM_EXT.4 Cryptographic Key Zeroization FCS_COP.1(1) Cryptographic Operation (for data encryption/decryption) FCS_COP.1(2) Cryptographic Operation (for cryptographic signature) FCS_COP.1(3) Cryptographic Operation (for cryptographic hashing) FCS_COP.
Cisco ISR-800 Security Target Component Identification Class Name FTA: TOE Access FTP: Trusted Path/Channels Component Name FPT_SKP_EXT.1 Extended: Protection of TSF Data (for reading of all symmetric keys) FPT_APW_EXT.1 Extended: Protection of Administrator Passwords FPT_STM.1 Reliable Time Stamps FPT_TST_EXT.1 Extended: TSF Testing FPT_TUD_EXT.1 Extended: Trusted Update FTA_SSL_EXT.1 TSF-initiated Session Locking FTA_SSL.3 TSF-initiated Termination FTA_SSL.
Cisco ISR-800 Security Target Table 15 Auditable Events Auditable Event Additional Audit Record Contents SFR FAU_GEN.1 None. None. FAU_GEN.2 None. None. FAU_STG_EXT.1 None. None. FCS_CKM.1(1) None. None. FCS_CKM.1(2) None. None. FCS_CKM_EXT.4 None. None. FCS_COP.1(1) None. None. FCS_COP.1(2) None. None. FCS_COP.1(3) None. None. FCS_COP.1(4) None. None. FCS_IPSEC_EXT.1 Failure to establish an IPsec SA. Reason for failure. Establishment/Termination of an IPsec SA.
Cisco ISR-800 Security Target SFR FIA_X509_EXT.1 Auditable Event Establishing session with CA Additional Audit Record Contents Source and destination addresses Source and destination ports TOE Interface FMT_MOF.1 None. None. FMT_MTD.1 None. None. FMT_SMF.1 None. None. FMT_SMR.2 None. None. FPF_RUL_EXT.
Cisco ISR-800 Security Target SFR Auditable Event Additional Audit Record Contents Failure of the trusted channel functions. FTP_TRP.1 Initiation of the trusted channel. Identification of the claimed user identity. Termination of the trusted channel. Failures of the trusted path functions 5.3.1.2 FAU_GEN.2 User Identity Association FAU_GEN.2.
Cisco ISR-800 Security Target • FIPS PUB 186-3, “Digital Signature Standard (DSS)”, Appendix B.4 for ECDSA schemes and implementing “NIST curves” P-256, P-384 and [no other curves];] and specified cryptographic key sizes equivalent to, or greater than, a symmetric key strength of 112 bits. 5.3.2.3 FCS_CKM_EXT.4 Cryptographic Key Zeroization FCS_CKM_EXT.4.1 The TSF shall zeroize all plaintext secret and private cryptographic keys and CSPs when no longer required. 5.3.2.4 FCS_COP.
Cisco ISR-800 Security Target 5.3.2.7 FCS_COP.1(4) Cryptographic Operation (for keyed-hash message authentication) FCS_COP.1.1(4) Refinement: The TSF shall perform [keyed-hash message authentication] in accordance with a specified cryptographic algorithm HMAC-[SHA-1, SHA-256, SHA-384, SHA-512], key size [160], and message digest sizes [160, 256, 384, 512] bits that meet the following: FIPS Pub 198-1, "The Keyed-Hash Message Authentication Code, and FIPS Pub 1803, “Secure Hash Standard.” 5.3.2.
Cisco ISR-800 Security Target FCS_IPSEC_EXT.1.10 The TSF shall generate nonces used in IKE exchanges in a manner such that the probability that a specific nonce value will be repeated during the life a specific IPsec SA is less than 1 in 2^ [128]. FCS_IPSEC_EXT.1.11 The TSF shall ensure that all IKE protocols implement DH Groups 14 (2048-bit MODP), 19 (256-bit Random ECP), and [24 (2048-bit MODP with 256-bit POS), 20 (384-bit Random ECP), [15 (3072 bit MODP), and 16 (4096-bit MODP)]]. FCS_IPSEC_EXT.1.
Cisco ISR-800 Security Target FCS_SSH_EXT.1.6 The TSF shall ensure that data integrity algorithms used in SSH transport connection is [hmac-sha1, hmac-sha1-96]. FCS_SSH_EXT.1.7 The TSF shall ensure that diffie-hellman-group14-sha1 and [no other methods] are the only allowed key exchange methods used for the SSH protocol. 5.3.3 User data protection (FDP) 5.3.3.1 FDP_RIP.2 Full Residual Information Protection FDP_RIP.2.
Cisco ISR-800 Security Target • composed of any combination of upper and lower case letters, numbers, and special characters (that include: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, and “)”). FIA_PSK_EXT.1.3 The TSF shall condition the text-based pre-shared keys by using [SHA-1]. FIA_PSK_EXT.1.4 The TSF shall be able to [accept] bit-based pre-shared keys. 5.3.4.4 FIA_UIA_EXT.1 User Identification and Authentication FIA_UIA_EXT.1.
Cisco ISR-800 Security Target RFC 5759]. FIA_X509_EXT.1.6 The TSF shall validate a certificate path by ensuring the presence of the basicConstraints extension is present and the cA flag is set to TRUE for all CA certificates. FIA_X509_EXT.1.7 The TSF shall not treat a certificate as a CA certificate if the basicConstraints extension is not present or the cA flag is not set to TRUE. FIA_X509_EXT.1.8 The TSF shall not establish an SA if a certificate is deemed invalid. FIA_X509_EXT.1.
Cisco ISR-800 Security Target 5.3.5.4 FMT_SMR.2 Restrictions on Security Roles FMT_SMR.2.1 The TSF shall maintain the roles: • Authorized Administrator. FMT_SMR.2.2 The TSF shall be able to associate users with roles. FMT_SMR.2.3 The TSF shall ensure that the conditions • Authorized Administrator role shall be able to administer the TOE locally; • Authorized Administrator role shall be able to administer the TOE remotely; are satisfied. 5.3.6 Packet Filtering (FPF) 5.3.6.1 FPF_RUL_EXT.
Cisco ISR-800 Security Target • o o UDP o o Source Port Destination Port Source Port Destination Port and distinct interface. FPF_RUL_EXT.1.4 The TSF shall allow the following operations to be associated with Packet Filtering rules: permit, deny, and log. FPF_RUL_EXT.1.5 The TSF shall allow the Packet Filtering rules to be assigned to each distinct network interface. FPF_RUL_EXT.1.5 The TSF shall allow the Packet Filtering rules to be assigned to each distinct network interface. FPF_RUL_EXT.1.
Cisco ISR-800 Security Target 5.3.7.5 FPT_TST_EXT.1: Extended: TSF Testing FPT_TST_EXT.1.1 The TSF shall run a suite of self tests during initial start-up (on power on) to demonstrate the correct operation of the TSF. FPT_TST_EXT.1.2 The TSF shall provide the capability to verify the integrity of stored TSF executable code when it is loaded for execution through the use of the TSF-provided cryptographic service specified in FCS_COP.1(2). 5.3.7.6 FPT_TUD_EXT.1 Extended: Trusted Update FPT_TUD_EXT.1.
Cisco ISR-800 Security Target 5.3.9 Trusted Path/Channels (FTP) 5.3.9.1 FTP_ITC.1 Inter-TSF trusted channel FTP_ITC.1.1 Refinement: The TSF shall use IPsec, and [no other protocols] to provide a trusted communication channel between itself and all authorized IT entities that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data. FTP_ITC.1.
Cisco ISR-800 Security Target 5.5 Security Assurance Requirements 5.5.1 SAR Requirements The TOE assurance requirements for this ST are taken directly from the NDPP which are derived from Common Criteria Version 3.1, Revision 4. The assurance requirements are summarized in the table below. Table 16: Assurance Measures Assurance Class DEVELOPMENT Components ADV_FSP.1 Components Description Basic Functional Specification GUIDANCE DOCUMENTS AGD_OPE.1 Operational user guidance AGD_PRE.
Cisco ISR-800 Security Target 5.6 Assurance Measures The TOE satisfies the identified assurance requirements. This section identifies the Assurance Measures applied by Cisco to satisfy the assurance requirements. The table below lists the details. Table 17 Assurance Measures Component ADV_FSP.1 How requirement will be met The functional specification describes the external interfaces of the TOE; such as the means for a user to invoke a service and the corresponding response of those services.
Cisco ISR-800 Security Target 6 TOE SUMMARY SPECIFICATION 6.1 TOE Security Functional Requirement Measures This chapter identifies and describes how the Security Functional Requirements identified above are met by the TOE. Table 18 How TOE SFRs are met How the SFR is Met TOE SFRs FAU_GEN.1 The TOE generates an audit record that is stored internally within the TOE whenever an audited event occurs.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs Source and destination ports TOE Interface Session Establishment with peer. Establishing session with CA The connection to CA’s for the purpose of certificate verification is logged. Failure to establish and/or establishment/termination of an SSH session Attempts to establish a SSH session or the failure of an established SSH session is logged as well as successfully established and terminated sessions.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs The termination of an interactive session. An audit event is generated by an authorized administrator when the exit command is used. Initiation of the trusted channel/ path. Termination of the trusted channel/ path. Failure of the trusted channel/ path functions. See the rows for IPsec and SSH above. FAU_GEN.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs the buffer contents when connectivity to the syslog server is restored. This store is separate from the local logging buffer, which could be set to a different level of logging then what is to be sent via syslog. Only Authorized Administrators are able to clear the local logs, and local audit records are stored in a directory that does not allow administrators to modify the contents. FCS_CKM.1(1) FCS_CKM.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs 384, and SHA-512 with message digest sizes 160, 256, 384 and 512 bits respectively, as specified in FIPS Pub 180-3 “Secure Hash Standard.” FCS_COP.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs lets two peers agree on how to build an IPsec Security Association (SA). The strength of the symmetric algorithm negotiated to protect the IKEv1 Phase 1 and IKEv2 IKE_SA connection is greater than or equal to the strength of the symmetric algorithm negotiated to protect the IKEv1 Phase 2 or IKEv2 CHILD_SA connection. The IKE protocols implement Peer Authentication using RSA and ECDSA along with X.509v3 certificates, or pre-shared keys.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs • • • confidentiality of the session. The TOE’s implementation of SSHv2 supports hashing algorithms HMAC-SHA1, HMAC-SHA-1-96, to ensure the integrity of the session. The TOE’s implementation of SSHv2 can be configured to only allow Diffie-Hellman Group 14 (2048-bit keys) Key Establishment, as required by the PP. packets greater than 35,000 bytes in an SSH transport connection are dropped FCS_RBG_EXT.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs the Authorized Administrator. New passwords must contain a minimum of 4 character changes from the previous password. FIA_PSK_EXT.1 The TOE supports use of IKEv1 (ISAKMP) and IKEv2 pre-shared keys for authentication of IPsec tunnels. Preshared keys can be entered as ASCII character strings, or HEX values. The TOE supports keys that are from 22 characters in length up to 128 bytes in length.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs screen so that the user password is obscured. For remote session authentication, the TOE does not echo any characters as they are entered. FIA_X509_EXT.1 The TOE uses X.509v3 certificates as defined by RFC 5280 to support authentication for IPsec and SSH connections.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs • • • • FMT_SMR.2 Ability to configure the cryptographic functionality, Ability to configure the IPsec functionality, Ability to enable, disable, determine and modify the behavior of all the security functions of the TOE identified in this EP to the Administrator, Ability to configure all security management functions identified in other sections of this EP. The TOE platform maintains privileged and semi-privileged administrator roles.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs action associated with the rule is to pass traffic). Rules are enforced on a first match basis from the top down. As soon as a match is found the action associated with the rule is applied. These rules are entered in the form of access lists at the CLI (via ‘access list’ and ‘access group’ commands).
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs timestamps. The clock function is reliant on the system clock provided by the underlying hardware. The TOE can optionally be set to receive clock updates from an NTP server. This date and time is used as the time stamp that is applied to TOE generated audit records and used to track inactivity of administrative sessions. It is also used for time-related aspects of IPsec peer communication such as key lifetimes FPT_TUD_EXT.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs self-test. The integrity of stored TSF executable code when it is loaded for execution can be verified through the use of RSA and Elliptic Curve Digital Signature algorithms. FTA_SSL_EXT.1 FTA_SSL.3 An administrator can configure maximum inactivity times individually for both local and remote administrative sessions through the use of the “session-timeout” setting applied to the console. When a session is inactive (i.e.
Cisco ISR-800 Security Target How the SFR is Met TOE SFRs FTP_TRP.1 All remote administrative communications take place over a secure encrypted SSHv2 session which has the ability to be encrypted further using IPsec. The SSHv2 session is encrypted using AES encryption. The remote users are able to initiate SSHv2 communications with the TOE.
Cisco ISR-800 Security Target 7 ANNEX A: KEY ZEROIZATION 7.1 Key Zeroization The following table describes the key zeroization referenced by FCS_CKM_EXT.4 provided by the TOE. Table 19: TOE Key Zeroization Name Description Zeroization Diffie-Hellman Shared Secret The value is zeroized after it has been given back to the consuming operation. The value is overwritten by 0’s. Automatically after completion of DH exchange.
Cisco ISR-800 Security Target Name Description Zeroization key encryption and authentication keys. The entire object is overwritten by 0’s using memset. session terminated. Overwritten with: 0x00 IPsec The function zeroizes an _ike_flow structure that includes the authentication key encryption and authentication keys. The entire object is overwritten by 0’s using memset. Automatically when IPsec session terminated.
Cisco ISR-800 Security Target 8 ANNEX B: REFERENCES The following documentation was used to prepare this ST: Table 20 References Identifier [CC_PART1] [CC_PART2] [CC_PART3] [CEM] [NDPP] [Errata 2] [VPNGWEP] [800-38A] [800-56A] [800-56B] [FIPS 140-2] [FIPS PUB 186-2] [FIPS PUB 186-3] [FIPS PUB 198-1] [800-90] [FIPS PUB 180-3] Description Common Criteria for Information Technology Security Evaluation – Part 1: Introduction and general model, dated September 2012, version 3.
