Cisco Cat4K NDPP ST 11 March 2014
EDCS-1228241
82
Table 22: Threat/Policies/TOE Objectives Rationale
Security Objectives Drawn from NDPP
O.PROTECTED_COMMUNICATIONS
This security objective is necessary to counter
the threat: T.UNAUTHORIZED_ACCESS
and T.UNAUTHORIZED_UPDATE to
ensure the communications with the TOE is
not compromised.
This security objective is necessary to counter
the threat T.UNAUTHORIZED_UPDATE to
ensure the end user has not installed a
malicious update, thinking that it was
legitimate.
This security objective is necessary to counter
the T.UNDETECTED_ACTIONS to ensure
activity is monitored so the security of the
TOE is not compromised.
This security objective is necessary to address
the Organization Security Policy
P.ACCESS_BANNER to ensure an advisory
notice and consent warning message
regarding unauthorized use of the TOE is
displayed before the session is established.
This security objective is necessary to counter
the T.ADMIN_ERROR that ensures actions
performed on the TOE are logged so that
indications of a failure or compromise of a
TOE security mechanism are known and
corrective actions can be taken.
O.RESIDUAL_INFORMATION_CLEA
RING
This security objective is necessary to counter
the threat T.USER_DATA_REUSE so that
data traversing the TOE could inadvertently
be sent to a user other than that intended by
the sender of the original network traffic.
This security objective is necessary to counter
the threat: T.RESOURCE_EXHAUSTION to
mitigate a denial of service, thus ensuring
resources are available.
This security objective is necessary to counter
the threat: T.UNAUTHORIZED_ACCESS to
To Next Page
Loading...
