Table of Contents
Advertisement
Security Target, Version 3.9
5.1.3 Class FDP: User Data Protection
FDP_ACC.2 Complete access control
Hierarchical to: FDP_ACC.1
FDP_ACC.2.1
The TSF shall enforce the [Access Control SFP] on [Subjects: administrators; Objects: VPN Router
configuration parameters] and all operations among subjects and objects covered by the SFP.
FDP_ACC.2.2
The TSF shall ensure that all operations between any subject in the TSC and any object within the TSC are
covered by an access control SFP.
Dependencies:
FDP_ACF.1 Security attribute based access control
FDP_ACF.1 Security attribute based access control
Hierarchical to: No other components.
FDP_ACF.1.1
The TSF shall enforce the [Access Control SFP] to objects based on the following: [administrator
privileges].
FDP_ACF.1.2
The TSF shall enforce the following rules to determine if an operation among controlled subjects and
controlled objects is allowed: [if an administrator has been authenticated, if that administrator has
privileges granted by the Primary Admin].
FDP_ACF.1.3
The TSF shall explicitly authorise access of subjects to objects based on the following additional rules:
[access to all administrative functions is permitted once a Primary Admin has been identified and
authenticated successfully].
FDP_ACF.1.4
The TSF shall explicitly deny access of subjects to objects based on [no additional explicit denial rules].
Dependencies:
FDP_ACC.1 Subset access control
FMT_MSA.3 Static attribute initialization
FDP_IFC.2(a) Complete information flow control (VPN)
Hierarchical to: FDP_IFC.1
FDP_IFC.2.1(a)
Nortel VPN Router v7.05 and Client Workstation v7.11
© 2008 Nortel Networks
March 18, 2008
Page 27 of 67
Advertisement
Table of Contents
