Раздел: Документация
0 ... 31 32 33 34 35 36 37 ... 117 8.1 Management of functions in TSF (FMT MOF) Family behaviour This family allows authorised users control over the management of functions in the TSF. Examples of functions in the TSF include the audit functions and the multiple authentication functions. Component levelling I FMT MOF Management of functions in TSF I-РП FMTMOF. 1 Management of security functions behaviour allows the authorised users (roles) to manage the behaviour of functions in the TSF that use rules or have specified conditions that may be manageable. Management: FMTMOF. 1 The following actions could be considered for the management functions in FMT Management: a) managing the group of roles that can interact with the functions in the TSF; Audit: FMTMOF. 1 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP / ST: a) Basic: All modifications in the behaviour of the functions in the TSF. FMTMOF.1 Management of security functions behaviour Hierarchical to: No other components. FMT MOF.1.1 The TSF shall restrict the ability to [selection: determine the behaviour of, disable, enable, modify the behaviour of] the functions [assignment: list of functions] to [assignment: the authorised identified roles]. Dependencies: FMTSMR.1 Security roles 8.2 Management of security attributes (FMT MSA) Family behaviour This family allows authorised users control over the management of security attributes. This management might include capabilities for viewing and modifying of security attributes. Component levelling FMT MSA.1 Management of security attributes allows authorised users (roles) to manage the specified security attributes. FMT MSA.2 Secure security attributes ensures that values assigned to security attributes are valid with respect to the secure state. FMT MSA.3 Static attribute initialisation ensures that the default values of security attributes are appropriately either permissive or restrictive in nature. Management: FMTMSA.1 The following actions could be considered for the management functions in FMT Management: a) managing the group of roles that can interact with the security attributes. Management: FMT MSA.2 There are no additional management activities foreseen for this component. Management: FMT MSA.3 The following actions could be considered for the management functions in FMT Management: a)managing the group of roles that can specify initial values; b)managing the permissive or restrictive setting of default values for a given access Audit: FMT MSA.1 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP / ST:  control SFP. a) Basic: All modifications of the values of security attributes. Audit: FMTMSA.2 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP / ST: a)Minimal: All offered and rejected values for a security attribute; b)Detailed: All offered and accepted secure values for a security attribute. Audit: FMTMSA.3 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP / ST: a)Basic: Modifications of the default setting of permissive or restrictive rules. b)Basic: All modifications of the initial values of security attributes. FMTMSA.1 Management of security attributes Hierarchical to: No other components. FMTMSA.1.1 The TSF shall enforce the [assignment: access control SFP, information flow control SFP] to restrict the ability to [selection: changedefault, query, modify, delete, [assignment: other operations]] the security attributes [assignment: list of security attributes] to [assignment: the authorised identified roles]. Dependencies: [FDPACC.1 Subset access control or FDP IFC.1 Subset information flow control] FMT SMR.1 Security roles FMTMSA.2 Secure security attributes Hierarchical to: No other components. FMT MSA.2.1 The TSF shall ensure that only secure values are accepted for security attributes. Dependencies: ADVSPM.1 Informal TOE security policy model [FDP ACC.1 Subset access control or FDP IFC.1 Subset information flow control] FMTMSA.1 Management of security attributes FMT SMR.1 Security roles 0 ... 31 32 33 34 35 36 37 ... 117
|
