Cisco CISCO881W-GN-A-K9 Especificaciones descargar pdf (Pagina 41)

Cisco ISR-800 Security Target

RFC 5759].

FIA_X509_EXT.1.6 The TSF shall validate a certificate path by ensuring the presence of the

basicConstraints extension is present and the cA flag is set to TRUE for all CA certificates.

FIA_X509_EXT.1.7 The TSF shall not treat a certificate as a CA certificate if the

basicConstraints extension is not present or the cA flag is not set to TRUE.

FIA_X509_EXT.1.8 The TSF shall not establish an SA if a certificate is deemed invalid.

FIA_X509_EXT.1.9 The TSF shall not establish an SA if the distinguished name (DN)

contained in a certificate does not match the expected DN for the entity attempting to establish a

connection.

FIA_X509_EXT.1.10 When the TSF cannot establish a connection to determine the validity of a

certificate, the TSF shall, at the option of the administrator, establish an SA or disallow the

establishment of an SA.

5.3.5 Security management (FMT)

5.3.5.1 FMT_MOF.1 Management of Security Functions Behavior

FMT_MOF.1.1 Refinement: The TSF shall restrict the ability to enable, disable, determine and

modify the behavior of all of the security functions of the TOE identified in this EP to an

authenticated Administrator.

5.3.5.2 FMT_MTD.1 Management of TSF Data (for general TSF data)

FMT_MTD.1.1 The TSF shall restrict the ability to manage the TSF data to the Security

Administrators.

5.3.5.3 FMT_SMF.1 Specification of Management Functions

FMT_SMF.1.1 The TSF shall be capable of performing the following security management

functions:

• Ability to administer the TOE locally and remotely;

• Ability to update the TOE, and to verify the updates using [digital signature, published

hash] capability prior to installing those updates;

• Ability to configure the cryptographic functionality;

• Ability to configure the IPsec functionality;

• Ability to enable, disable, determine and modify the behavior of all the security functions

of the TOE identified in this EP to the Administrator;

• Ability to configure all security management functions identified in other sections of this

EP.

1 2 ... 36 37 38 39 40 41 42 43 44 45 46 ... 63 64

Sin comentarios

Cisco CISCO881W-GN-A-K9 Especificaciones Pagina 41