Class fmt: security management – Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual
Page 33

Security Target, Version 3.9
March 18, 2008
Nortel VPN Router v7.05 and Client Workstation v7.11
Page 33 of 67
© 2008 Nortel Networks
5.1.5 Class FMT: Security Management
FMT_MOF.1(a) Management of security functions behaviour
Hierarchical to: No other components.
FMT_MOF.1.1(a)
The TSF shall restrict the ability to [modify the behaviour of] the functions [creation and rights assignment
of Restricted Admins] to [Primary Admin].
Dependencies: FMT_SMF.1 Specification of management functions
FMT_SMR.1 Security roles
FMT_MOF.1(b) Management of security functions behaviour
Hierarchical to: No other components.
FMT_MOF.1.1(b)
The TSF shall restrict the ability to [determine the behaviour of] the functions [all administrator functions
allowed by Primary Admin] to [Restricted Admins].
Dependencies: FMT_SMF.1 Specification of management functions
FMT_SMR.1 Security roles
FMT_MSA.1(a) Management of security attributes
Hierarchical to: No other components.
FMT_MSA.1.1(a)
The TSF shall enforce the [Access Control SFP] to restrict the ability to [modify] the security attributes
[which includes all internal attributes available to the administrators] to [Primary Admin, Restricted
Admins].
Dependencies: [FDP_ACC.1 Subset access control or
FDP_IFC.1 Subset information flow control]
FMT_SMF.1 Specification of management functions
FMT_SMR.1 Security roles
FMT_MSA.1(b) Management of security attributes
Hierarchical to: No other components.
FMT_MSA.1.1(b)
The TSF shall enforce the [Firewall Information Control SFP] to restrict the ability to [modify] the security
attributes [which includes all internal attributes available to the administrators] to [Primary Admin,
Restricted Admins].