Cisco Catalyst 4503-E

To Next Page

To Previous Page

Cisco Cat4K NDPP ST 11 March 2014

EDCS-1228241

TOE SFRs

How the SFR is Met

and failure related to trusted

channel sessions with

peer/neighbor routers and or

the remote administration

console

FAU_GEN.2

The TOE shall ensure that each auditable event is associated with

the user that triggered the event and as a result, they are traceable

to a specific user. For example, a human user, user identity or

related session ID would be included in the audit record. For an

IT entity or device, the IP address, MAC address, host name, or

other configured identification is presented. Refer to the

Guidance documentation for configuration syntax and

information.

FAU_STG_EXT.1

and

FAU_STG_EXT.3

The TOE is configured to export syslog records to a specified,

external syslog server. The TOE protects communications with an

external syslog server via IPsec. If the IPsec connection fails, the

TOE will store audit records on the TOE when it discovers it can

no longer communicate with its configured syslog server.

FCS_CKM.1

The TOE implements a random number generator for RSA key

establishment schemes (conformant to NIST SP 800-56B). The

TOE is also compliant to ANSI X9.80 (3 January 2000), “Prime

Number Generation, Primality Testing, and Primality

Certificates” using random integers with deterministic tests.

Furthermore, the TOE does not implement elliptic-curve-based

key establishment schemes.

FCS_CKM_EXT.4

The TOE meets all requirements specified in FIPS 140-2 for

destruction of keys and Critical Security Parameters (CSPs) in

that none of the symmetric keys, pre-shared keys, or private keys

are stored in plaintext form. This requirement applies to the

secret keys used for symmetric encryption, private keys, and

CSPs used to generate key (list them); which are zeroized

immediately after use, or on system shutdown, etc.

The cryptographic module securely administers both

cryptographic keys and other critical security parameters such as

passwords. The tamper evidence seals provide physical protection

for all keys. All keys are also protected by the password-

protection required by the privileged administrator role login, and

can be zeroized by the privileged administrator. All zeroization

consists of overwriting the memory that stored the key. Keys are

Note, the following information may be deemed sensitive and may be removed prior to publically posting

this Security Target.

Main Page

Cisco Catalyst 4503-E - Page 62

Table of Contents

Related product manuals