Раздел: Документация

0 ... 33 34 35 36 37 38 39 ... 117

8.4 Revocation (FMT REV)

Family behaviour

This family addresses revocation of security attributes for a variety of entities within a TOE. Component levelling

FMT REV Revocation- 1

FMTREV.1 Revocation provides for revocation of security attributes to be enforced at some point in time.

Management: FMT REV.1

The following actions could be considered for the management functions in FMT Management:

a)managing the group of roles that can invoke revocation of security attributes;

b)managing the lists of users, subjects, objects and other resources for which revocation is possible;

c)managing the revocation rules.

Audit: FMT REV.1

The following actions should be auditable if FAUGEN Security audit data generation is included in the PP / ST:

a)Minimal: Unsuccessful revocation of security attributes;

b)Basic: All attempts to revoke security attributes.

FMTREV.1 Revocation

Hierarchical to: No other components.

FMTREV.1.1 The TSF shall restrict the ability to revoke security attributes associated with the [selection: users, subjects, objects, other additional resources] within the TSC to [assignment: the authorised identified roles].

FMTREV.1.2 The TSF shall enforce the rules [assignment: specification of revocation rules].

Dependencies: FMTSMR.1 Security roles

---

8.5 Security attribute expiration (FMT SAE)

Family behaviour

This family addresses the capability to enforce time limits for the validity ofsecurity attributes. Component levelling

FMT SAE Security attribute expiration- 1

FMTSAE.1 Time-limited authorisation provides the capability for an authorised user to specify an expiration time on specified security attributes.

Management: FMTSAE.1

The following actions could be considered for the management functions in FMT Management:

a)managing the list of security attributes for which expiration is to be supported;

b)the actions to be taken if the expiration time has passed.

Audit: FMT SAE.1

The following actions should be audited if FAU Security Audit is included in the PP/ST:

a)Basic: Specification of the expiration time for an attribute;

b)Basic: Action taken due to attribute expiration.

FMTSAE.1 Time-limited authorisation

Hierarchical to: No other components.

FMT SAE.1.1 The TSF shall restrict the capability to specify an expiration time for [assignment: list of security attributes for which expiration is to be supported]to [assignment: the authorised identified roles].

FMTSAE.1.2 For each of these security attributes, the TSF shall be able to [assignment: list ofactions to be taken for each security attribute] after the expiration time for the indicated security attribute has passed.

Dependencies: FMTSMR.1 Security roles

FPTSTM.1 Reliable time stamps

---

8.6 Security management roles (FMT SMR)

Family behaviour

This family is intended to control the assignment of different roles to users. The capabilities of these roles with respect to security management are described in the other families in this class.

Component levelling

FMT SMR Security management roles

1 - 2

3

FMT SMR.1 Security roles specifies the roles with respect to security that the TSF recognises.

FMTSMR.2 Restrictions on security roles specifies that in addition to the specification of the roles, there are rules that control the relationship between the roles.

FMT SMR.3 Assuming roles requires that an explicit request is given to the TSF to assume a role. Management: FMTSMR.1

The following actions could be considered for the management functions in FMT Management: a) managing the group of users that are part of a role.

Management: FMT SMR.2

The following actions could be considered for the management functions in FMT Management:

a)managing the group of users that are part of a role;

b)managing the conditions that the roles must satisfy.

Management: FMT SMR.3

There are no additional management activities foreseen for this component.

Audit: FMT SMR.1

The following actions should be auditable if FAUGEN Security audit data generation is included

in the PP / ST:

a)Minimal: modifications to the group of users that are part of a role;

b)Detailed: every use of the rights of a role.

0 ... 33 34 35 36 37 38 39 ... 117