Раздел: Документация
0 ... 12 13 14 15 16 17 18 ... 117 5 Class FCS: Cryptographic support The TSF may employ cryptographic functionality to help satisfy several high-level security objectives. These include (but are not limited to): identification and authentication, non-repudiation, trusted path, trusted channel and data separation. This class is used when the TOE implements cryptographic functions, the implementation of which could be in hardware, firmware and/or software. The FCS class is composed of two families: FCS CKM Cryptographic key management and FCS COP Cryptographic operation. The FCS CKM family addresses the management aspects of cryptographic keys, while the FCS COP family is concerned with the operational use of those cryptographic keys. Figure 5.1 shows the decomposition of this class into its constituent components. Cryptographic support FCS CKM Cryptographic key management  2 3 4 FCS COP Cryptographic operation\-\ 1 Figure 5.1 - Cryptographic support class decomposition 5.1 Cryptographic key management (FCS CKM) Family behaviour Cryptographic keys must be managed throughout their life cycle. This family is intended to support that lifecycle and consequently defines requirements for the following activities: cryptographic key generation, cryptographic key distribution, cryptographic key access and cryptographic key destruction. This family should be included whenever there are functional requirements for the management of cryptographic keys. Component levelling 1 FCS CKM Cryptographic key management  2 3 4 FCS CKM.1 Cryptographic key generation requires cryptographic keys to be generated in accordance with a specified algorithm and key sizes which can be based on an assigned standard. FCS CKM.2 Cryptographic key distribution requires cryptographic keys to be distributed in accordance with a specified distribution method which can be based on an assigned standard. FCS CKM.3 Cryptographic key access requires access to cryptographic keys to be performed in accordance with a specified access method which can be based on an assigned standard. FCS CKM.4 Cryptographic key destruction requires cryptographic keys to be destroyed in accordance with a specified destruction method which can be based on an assigned standard. Management: FCSCKM.1,FCSCKM.2,FCSCKM.3,FCSCKM.4 The following actions could be considered for the management functions in FMT: a) the management of changes to cryptographic key attributes. Examples of key attributes include user, key type (e.g. public, private, secret), validity period, and use (e.g. digital signature, key encryption, key agreement, data encryption). Audit: FCSCKM.1, FCSCKM.2, FCSCKM.3, FCSCKM.4 The following actions should be auditable if FAUGEN Security Audit Data Generation is included in the PP/ST: a)Minimal: Success and failure of the activity. b)Basic: The object attribute(s), and object value(s) excluding any sensitive information (e.g. secret or private keys). 0 ... 12 13 14 15 16 17 18 ... 117
|
