Class fdp: user data protection – Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual

Security Target, Version 3.9

March 18, 2008

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 27 of 67

© 2008 Nortel Networks

5.1.3 Class FDP: User Data Protection

FDP_ACC.2 Complete access control

Hierarchical to: FDP_ACC.1

FDP_ACC.2.1

The TSF shall enforce the [Access Control SFP] on [Subjects: administrators; Objects: VPN Router
configuration parameters] and all operations among subjects and objects covered by the SFP.

FDP_ACC.2.2

The TSF shall ensure that all operations between any subject in the TSC and any object within the TSC are
covered by an access control SFP.

Dependencies: FDP_ACF.1 Security attribute based access control

FDP_ACF.1 Security attribute based access control

Hierarchical to: No other components.

FDP_ACF.1.1

The TSF shall enforce the [Access Control SFP] to objects based on the following: [administrator
privileges].

FDP_ACF.1.2

The TSF shall enforce the following rules to determine if an operation among controlled subjects and
controlled objects is allowed: [if an administrator has been authenticated, if that administrator has
privileges granted by the Primary Admin].

FDP_ACF.1.3

The TSF shall explicitly authorise access of subjects to objects based on the following additional rules:
[access to all administrative functions is permitted once a Primary Admin has been identified and
authenticated successfully].

FDP_ACF.1.4

The TSF shall explicitly deny access of subjects to objects based on [no additional explicit denial rules].

Dependencies: FDP_ACC.1 Subset access control

FMT_MSA.3 Static attribute initialization

FDP_IFC.2(a) Complete information flow control (VPN)

Hierarchical to: FDP_IFC.1

FDP_IFC.2.1(a)