Filter
Top Products
Security Target, Version 3.9
March 18, 2008
Nortel VPN Router v7.05 and Client Workstation v7.11
Page 28 of 67
© 2008 Nortel Networks
The TSF shall enforce the [VPN Information Flow Control SFP] on [remote authenticated VPN Clients
connecting to a Nortel VPN Router] and all operations that cause that information to flow to and from
subjects covered by the SFP.
FDP_IFC.2.2(a)
The TSF shall ensure that all operations that cause any information in the TSC to flow to and from any
subject in the TSC are covered by an information flow control SFP.
Dependencies: FDP_IFF.1 Simple security attributes
FDP_IFC.2(b) Complete information flow control (Firewall)
Hierarchical to: FDP_IFC.1
FDP_IFC.2.1(b)
The TSF shall enforce the [Firewall Information Flow Control SFP] on [hosts on either side of a Nortel
VPN Router (subject), and the Nortel VPN Router (subject), and all data flowing between the subjects
(information)] and all operations that cause that information to flow to and from subjects covered by the
SFP.
FDP_IFC.2.2(b)
The TSF shall ensure that all operations that cause any information in the TSC to flow to and from any
subject in the TSC are covered by an information flow control SFP.
Dependencies: FDP_IFF.1 Simple security attributes
FDP_IFF.1(a) Simple security attributes (VPN)
Hierarchical to: No other components.
FDP_IFF.1.1(a)
The TSF shall enforce the [VPN Information Flow Control SFP] based on the following types of subject
and information security attributes: [
o user identity,
o user authentication credentials
and tunnel filtering of packets is based on
o Protocol ID,
o Direction,
o Source, destination IP addresses,
o Source, destination ports,
o Service].
FDP_IFF.1.2(a)
The TSF shall permit an information flow between a controlled subject and controlled information via a
controlled operation if the following rules hold: [the VPN Client successfully authenticates to the Nortel
VPN Router].