Security Objectives For The Environment; It Security Objectives; Non-It Security Objectives - Nortel VPN Router v7.05 User Manual

Security Target, Version 3.9

4.2 Security Objectives for the Environment

4.2.1 IT Security Objectives

The following IT security objectives are to be satisfied by the environment:
OE.TIME
OE.CERTIFICATE
OE.DOMSEP

4.2.2 Non-IT Security Objectives

The following non-IT environment security objectives are to be satisfied without imposing technical requirements
on the TOE. That is, they will not require the implementation of functions in the TOE hardware and/or software.
Thus, they will be satisfied largely through application of procedural or administrative measures.
OE.PHYS-SEC The TOE must be physically protected so that only TOE users who possess the appropriate
privileges have access.
OE.TRAINED Those responsible for the TOE must train TOE users to establish and maintain sound security
policies and practices.
OE.DELIVERY Those responsible for the TOE must ensure that it is delivered, installed, managed and
operated in accordance with documented delivery and installation/setup procedures.
Nortel VPN Router v7.05 and Client Workstation v7.11
The environment must provide reliable timestamps for the time-stamping of audit events.
The environment must provide the required certificate infrastructure so that the validity of
certificates can be verified. The certificate infrastructure must be properly and securely
maintained so that the status of certificates is accurately provided to the TOE.
The environment must maintain a security domain for the Nortel VPN Client software that
protects it from interference and tampering by untrusted subjects.
© 2008 Nortel Networks
March 18, 2008
Page 19 of 67