Cisco Cat4K NDPP ST
EDCS-1228241
TOE SFRs
How the SFR is Met
The log buffer is circular, so newer messages overwrite older
messages after the buffer is full. Administrators are instructed to
monitor the log buffer using the show logging privileged EXEC
command to view the audit records. The first message displayed
is the oldest message in the buffer. There are other associated
commands to clear the buffer, to set the logging level, etc.; all of
which are described in the Guidance documents and IOS CLI.
The logs can be saved to flash memory so records are not lost in
case of failures or restarts. Refer to the Guidance documentation
for configuration syntax and information.
The administrator can set the level of the audit records to be
displayed on the console or sent to the syslog server. For instance
all emergency, alerts, critical, errors, and warning message can be
sent to the console alerting the administrator that some action
needs to be taken as these types of messages mean that the
functionality of the switch is affected. All notifications and
information type message can be sent to the syslog server,
whereas message is only for information; switch functionality is
not affected.
To configure the TOE to send audit records to a syslog server, the
'set logging server' command is used. A maximum of three
syslog servers can be configured. Refer to the Guidance
document for complete guidance and command syntax. The audit
records are transmitted using IPsec tunnel to the syslog server. If
the communications to the syslog server is lost, the TOE
generates an audit record and all permit traffic is denied until the
communications is re-established.
For the FIPS crypto self-tests, the messages are displayed only on
the console during startup. Once the box is up and operational
and the crypto self-test command is entered, then the messages
would be displayed on the console and will also be logged.
For the TSF self-test, successful completion of the self-test is
indicated by reaching the log-on prompt. If there are issues, the
applicable audit record is generated and displayed on the console.
Auditable Event
All use of the user
identification
mechanism.
60
Rationale
Events will be generated for
attempted identification/
authentication, and the
username attempting to
authenticate will be included
11 March 2014