Cisco Cat4K NDPP ST 11 March 2014
EDCS-1228241
48
5.2.4.2 FIA_UIA_EXT.1: User identification and authentication
FIA_UIA_EXT.1.1 The TSF shall allow [no services] on behalf of the user to be
performed before the user is identified and authenticated.
FIA_UIA_EXT.1.2 The TSF shall require each user to be successfully identified
and authenticated before allowing any other TSF-mediated
actions on behalf of that user.
5.2.4.3 FIA_UAU_EXT.5: Password-based authentication mechanism
FIA_UAU_EXT.5.1 The TSF shall provide a local password-based authentication
mechanism, [[remote password-based authentication via
RADIUS or TACACS+]] to perform user authentication.
FIA_UAU_EXT.5.2 The TSF shall ensure that users with expired passwords are
[locked out until their password is reset by an
administrator].
5.2.4.4 FIA_UAU.6: Re-authenticating
FIA_UAU.6.1 The TSF shall re-authenticate the user under the conditions: when
the user changes their password, [following TSF-initiated locking
(FTA_SSL)].
5.2.4.5 FIA_UAU.7: Protected authentication feedback
FIA_UAU.7.1 The TSF shall provide only obscured feedback to the user while the
authentication is in progress at the local console.
5.2.5 Security management (FMT)
5.2.5.1 FMT_MTD.1: Management of TSF data (for general TSF data)
FMT_MTD.1.1 The TSF shall restrict the ability to manage the TSF data to the
Security Administrators.
5.2.5.2 FMT_SMF.1: Specification of Management Functions
FMT_SMF.1.1 The TSF shall be capable of performing the following management
functions:
Ability to configure the list of TOE services available before
an entity is identified and authenticated, as specified in
FIA_UIA_EXT.1, respectively.
Ability to configure the cryptographic functionality.
To Next Page
Loading...
