Раздел: Документация
0 ... 26 27 28 29 30 31 32 ... 117 Identification and authentication FIA AFL Authentication failures FIA ATD User attribute definition FIA SOS Specification of secrets FIA JAJ User authentication FIA JID User identification FIAJJSB User-subject binding   1- 2
Figure 7.1 - Identification and authentication class decomposition 1 1 1 2 1 7.1 Authentication failures (FIA AFL) Family behaviour This family contains requirements for defining values for some number of unsuccessful authentication attempts and TSF actions in cases of authentication attempt failures. Parameters include, but are not limited to, the number of failed authentication attempts and time thresholds. Component levelling I FIA AFL Authentication failuresI-РП FIAAFL.1 requires that the TSF be able to terminate the session establishment process after a specified number of unsuccessful user authentication attempts. It also requires that, after termination of the session establishment process, the TSF be able to disable the user account or the point of entry (e.g. workstation) from which the attempts were made until an administrator-defined condition occurs. Management: FIAAFL.1 The following actions could be considered for the management functions in FMT: a)management of the threshold for unsuccessful authentication attempts; b)management of actions to be taken in the event of an authentication failure. Audit: FIAAFL.1 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP/ST: a) Minimal: the reaching of the threshold for the unsuccesful authentication attempts and the actions (e.g. disabling of a terminal) taken and the subsequent, if appropriate, restoration to the normal state (e.g. re-enabling of a terminal). FIAAFL.1 Authentication failure handling Hierarchical to: No other components. FIA AFL.1.1 The TSF shall detect when [assignment: number] unsuccessful authentication attempts occur related to [assignment: list of authentication events]. FIAAFL.1.2 When the defined number of unsuccessful authentication attempts has been met or surpassed, the TSF shall [assignment: list of actions]. Dependencies: FIAUAU.1 Timing of authentication 7.2 User attribute definition (FIA ATD) Family behaviour All authorised users may have a set of security attributes, other than the users identity, that is used to enforce the TSP. This family defines the requirements for associating user security attributes with users as needed to support the TSP. Component levelling FIA ATD User attribute definition- 1 FIAATD. 1 User attribute definition, allows user security attributes for each user to be maintained individually. Management: FIAATD. 1 The following actions could be considered for the management functions in FMT: a) if so indicated in the assignment, the authorised administrator might be able to define additional security attributes for users. Audit: FIAATD.1 There are no actions identified that should be auditable if FAUGEN Security audit data generation is included in the PP/ST. FIAATD.1 User attribute definition Hierarchical to: No other components. FIA ATD.1.1 The TSF shall maintain the following list of security attributes belonging to individual users: [assignment: list of security attributes]. Dependencies: No dependencies. 0 ... 26 27 28 29 30 31 32 ... 117
|
