Раздел: Документация

0 ... 24 25 26 27 28 29 30 ... 117

6.12 Inter-TSF user data confidentiality transfer protection (FDP UCT)

Family behaviour

This family defines the requirements for ensuring the confidentiality of user data when it is transferred using an external channel between distinct TOEs or users on distinct TOEs.

Component levelling

I FDPJJCT Inter-TSF user data confidentiality transfer protectionI-ПЛ

In FDPUCT.1 Basic data exchange confidentiality, the goal is to provide protection from disclosure of user data while in transit.

Management: FDPUCT.1

There are no management activities foreseen for this component.

Audit: FDP UCT.1

The following events should be auditable if FAUGEN Security audit data generation is included in the PP/ST.

a)Minimal: The identity of any user or subject using the data exchange mechanisms.

b)Basic: The identity of any unauthorised user or subject attempting to use the data exchange mechanisms.

c)Basic: A reference to the names or other indexing information useful in identifying the user data that was transmitted or received. This could include security attributes associated with the information.

FDPUCT.1 Basic data exchange confidentiality

Hierarchical to: No other components.

FDP UCT.1.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] to be able to [selection: transmit, receive] objects in a manner protected from unauthorised disclosure.

Dependencies: [FTPITC.1 Inter-TSF trusted channel, or FTP TRP.1 Trusted path]

[FDP ACC.1 Subset access control, or FDP IFC.1 Subset information flow control]

---

6.13 Inter-TSF user data integrity transfer protection (FDP UIT)

Family behaviour

This family defines the requirements for providing integrity for user data in transit between the TSF and another trusted IT product and recovering from detectable errors. At a minimum, this family monitors the integrity of user data for modifications. Furthermore, this family supports different ways of correcting detected integrity errors.

Component levelling

FDP UIT Inter-TSF user data integrity transfer protection

FDPUIT. 1 Data exchange integrity addresses detection of modifications, deletions, insertions, and replay errors of the user data transmitted.

FDPUIT.2 Source data exchange recovery addresses recovery of the original user data by the receiving TSF with help from the source trusted IT product.

FDPUIT.3 Destination data exchange recovery addresses recovery of the original user data by the receiving TSF on its own without any help from the source trusted IT product.

Management: FDPUIT.1, FDPUIT.2, FDPUIT.3

There are no management activities foreseen for this component.

Audit: FDPUIT.1

The following events should be auditable if FAUGEN Security audit data generation is included in the PP/ST.

a)Minimal: The identity of any user or subject using the data exchange mechanisms.

b)Basic: The identity of any user or subject attempting to use the user data exchange mechanisms, but who is unauthorised to do so.

c)Basic: A reference to the names or other indexing information useful in identifying the user data that was transmitted or received. This could include security attributes associated with the user data.

d)Basic: Any identified attempts to block transmission of user data.

e)Detailed: The types and/or effects of any detected modifications of transmitted user data.

---

Audit: FDPUIT.2, FDPUIT.3

The following events should be auditable if FAUGEN Security audit data generation is included in the PP/ST.

a)Minimal: The identity of any user or subject using the data exchange mechanisms.

b)Minimal: Successful recovery from errors including they type of error that was detected.

c)Basic: The identity of any user or subject attempting to use the user data exchange mechanisms, but who is unauthorised to do so.

d)Basic: A reference to the names or other indexing information useful in identifying the user data that was transmitted or received. This could include security attributes associated with the user data.

e)Basic: Any identified attempts to block transmission of user data.

f)Detailed: The types and/or effects of any detected modifications of transmitted user data.

FDP UIT.1 Data exchange integrity

Hierarchical to: No other components.

FDPUIT.1.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] to be able to [selection: transmit, receive] user data in a manner protected from [selection: modification, deletion, insertion, replay] errors.

FDPUIT.1.2 The TSF shall be able to determine on receipt of user data, whether [selection: modification, deletion, insertion, replay] has occurred.

Dependencies: [FDPACC.1 Subset access control, or

FDP IFC.1 Subset information flow control] [FTP ITC.1 Inter-TSF trusted channel, or FTP TRP.1 Trusted path]

FDP UIT.2 Source data exchange recovery

Hierarchical to: No other components.

FDP UIT.2.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] to be able to recover from [assignment: list of recoverable errors] with the help of the source trusted IT product.

0 ... 24 25 26 27 28 29 30 ... 117