The TOE is the implementation of the Firewall functionality of Cisco IOS running on Cisco Systems routers. Routers are used to construct IP networks by interconnecting multiple smaller networks or network segments. The Cisco IOS Firewall functionality controls the flow of internet protocol (IP) traffic between network interfaces.
\r\nRouters are dedicated hardware devices with purpose written software, which performs many networking functions. The TOE addresses the following:
\r\nThe Cisco IOS Firewall enhances existing Cisco IOS security capabilities with many features including authentication and encryption, and with state-of-the-art security features, such as stateful packet filtering, defense against network attacks, per user authentication and authorization, and real-time alerts.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Arca Common Criteria Test Laboratory processes and procedures that are compliant with the Common Criteria Evaluation and Validation Scheme (CCEVS). The evaluation demonstrated that the Packet Filtering, Configuration and Management, Audit, Management and Resources, Protection of TSC, and Remote Management functions of the Cisco IOS Firewall met the security requirements contained in the Security Target. The criteria against which the Cisco IOS Firewall was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 Part II and Part III. The evaluation team conducted the evaluation using the Common Methodology for Information Technology Security Evaluation, Version 2.2.
\r\nArca determined the product to be CC version 2.2 Part 2 and Part 3 conformant, including all Information Technology Security Evaluation Final Interpretations from January 2004 through September 30, 2004, and concluded that the Common Criteria requirements for Evaluation Assurance Level (EAL) 4 have been met with the addition of ALC_FLR.1. In addition, the evaluation team confirmed that the TOE uses CCEVS precedent PD-0113, to satisfy SFR FAU_STG.1. The product, configured as outlined in the Secure Installation Guidance, satisfies all of the security functional requirements stated in the Security Target. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Arca. The evaluation was completed in October 2006. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS.
","environmental_strengths":"The Cisco IOS Firewall is deployed at the edges of untrusted networks (such as the Internet), in order to provide controlled communications between two networks that are physically separated. The Cisco IOS Firewall evaluation at EAL4 augmented by ALC_FLR.1 indicates that the product is suitable to ensure a moderate level of security for protecting information in DoD Mission-Critical Categories. The TOE claims a minimum strength of function of SOF-medium for the TOE security functional requirements and the TOE as a whole. Appropriate physical protection of the Cisco IOS Firewall router platform and the external audit server is required.
\r\n","features":[]}