Ecurity, Bjectives for the, Nvironment – Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual

Security Target, Version 3.9

March 18, 2008

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 19 of 67

© 2008 Nortel Networks

4.2 Security Objectives for the Environment

4.2.1 IT Security Objectives

The following IT security objectives are to be satisfied by the environment:

OE.TIME

The environment must provide reliable timestamps for the time-stamping of audit events.

OE.CERTIFICATE

The environment must provide the required certificate infrastructure so that the validity of
certificates can be verified. The certificate infrastructure must be properly and securely
maintained so that the status of certificates is accurately provided to the TOE.

OE.DOMSEP

The environment must maintain a security domain for the Nortel VPN Client software that
protects it from interference and tampering by untrusted subjects.

4.2.2 Non-IT Security Objectives

The following non-IT environment security objectives are to be satisfied without imposing technical requirements
on the TOE. That is, they will not require the implementation of functions in the TOE hardware and/or software.
Thus, they will be satisfied largely through application of procedural or administrative measures.

OE.PHYS-SEC

The TOE must be physically protected so that only TOE users who possess the appropriate
privileges have access.

OE.TRAINED

Those responsible for the TOE must train TOE users to establish and maintain sound security
policies and practices.

OE.DELIVERY

Those responsible for the TOE must ensure that it is delivered, installed, managed and
operated in accordance with documented delivery and installation/setup procedures.