Cisco Cat4K NDPP ST
EDCS-1228241
TOE SFRs
FPT_ITT.1(1) and
FPT_ITT.1(2)
FPT_PTD_EXT.1
and
FPT_PTD_EXT.2
FPT_RPL.1
FPT_STM.1
How the SFR is Met
Router# disable
Step 8 show privilege
Router> show privilege
Current privilege level is 1
The term "authorized administrator" is used in this ST to refer to
any user that has been assigned to a privilege level that is
permitted to perform the relevant action; therefore has the
appropriate privileges to perform the requested functions. The
privilege level determines the functions the user can perform;
hence the authorized administrator with the appropriate
privileges.
Refer to the Guidance documentation and IOS
Command Reference Guide for available commands and
associated roles and privilege levels.
The Switch can and shall be configured to authenticate all access
to the command line interface using a username and password.
The TOE is self-contained and provides all of the claimed
functionality within a single appliance.
one TOE is used in the configuration, the TOE may be
configured to use the cryptographic services as described in
the FCS SFRs to secure the connection and protect the
transmitted data.
The TOE includes a Master Passphrase features that can be used
to configure the TOE to encrypt all locally defined user
passwords. In this manner, the TOE ensures that plaintext user
passwords will not be disclosed even to administrators.
The TOE stores all private keys in a secure directory that is not
readily accessible to administrators. All pre-shared and symmetric
keys are stored in encrypted form to prevent access.
By virtue of the cryptographic and path mechanisms implemented
by the TOE, replayed network packets directed (terminated) at the
TOE will be detected and discarded.
Note: The intended scope of this requirement is trusted
communications with the TOE (e.g., administrator to TOE, IT
entity (e.g., authentication server) to TOE). As such, replay does
not apply to receipt of multiple network packets due to network
congestion or lost packet acknowledgments.
The TOE provides a source of date and time information for the
switch, used in audit timestamps and in validating service
requests. This function can only be accessed from within the
77
returns to privilege level 1.
Displays the privilege level of the
current CLI session
However if more than
11 March 2014