Understanding Roles and Services for Junos OS in Common Criteria and FIPS Mode

For Common Criteria, user accounts in the TOE have the following attributes: user identity (user name), authentication data (password), and role (privilege). The Security Administrator is associated with the defined login class “security-admin”, which has the necessary permission set to allow the administrator to perform all tasks necessary to manage the Junos OS. Administrative users (Security Administrator) must provide unique identification and authentication data before any administrative access to the system is granted.

Security Administrator roles and responsibilities are as follows:

1. Security Administrator can administer the TOE locally and remotely.

2. Create, modify, and delete administrator accounts, including configuration of authentication failure parameters.

3. Re-enable an Administrator account.

4. Responsible for the configuration and maintenance of cryptographic elements related to the establishment of secure connections to and from the evaluated product. The SSH keys are managed by the security administrator.