8(495)909-90-01
8(964)644-46-00
pro@sio.su
Главная
Системы видеонаблюдения
Охранная сигнализация
Пожарная сигнализация
Система пожаротушения
Система контроля удаленного доступа
Оповещение и эвакуация
Контроль периметра
Система домофонии
Парковочные системы
Проектирование слаботочных сетей
Аварийный
контроль
            
Раздел: Документация

0 ... 80 81 82 83 84 85 86 ... 117

Operations

Assignment:

In FDPITC.2.1, the PP/ST author should specify the access control SFP and/or information flow control SFP that will be enforced when importing user data from outside of the TSC. The user data that this function imports is scoped by the assignment of these SFPs

In FDPITC.2.5, the PP/ST author should specify any additional importation control rules or "none" if there are no additional importation control rules. These rules will be enforced by the TSF in addition to the access control SFPs and/or information flow control SFPs selected in FDPITC.2.1.

F.8 Internal TOE transfer (FDP ITT)

This family provides requirements that address protection of user data when it is transferred between parts of a TOE across an internal channel. This may be contrasted with the FDPUCT and FDPUIT family, which provide protection for user data when it is transferred between distinct TSFs across an external channel, and FDPETC and FDPITC, which address transfer of data to or from outside the TSFs Control.

User notes

The requirements in this family allow a PP/ST author to specify the desired security for user data while in transit within the TOE. This security could be protection against disclosure, modification, or loss of availability.

The determination of the degree of physical separation above which this family should apply depends on the intended environment of use. In a hostile environment, there may be risks arising from transfers between parts of the TOE separated by only a system bus. In more benign environments, the transfers may be across more traditional network media.

If there are multiple SFPs (access control and/or information flow control) then it may be appropriate to iterate these components once for each named SFP.

FDPITT.1 Basic internal transfer protection

Operations

Assignment:

In FDPITT.1.1, the PP/ST author should specify the access control SFP(s) and/ or information flow control SFP(s) covering the information being transferred.

Selection:

In FDPITT.1.1 the PP/ST author should specify the types of transmission errors that the TSF should prevent occuring for user data while in transport. The options are disclosure, modification, loss of use.

FDPITT.2 Transmission separation by attribute

User application notes

This component could, for example, be used to provide different forms of protection to information with different clearance levels.

One of the ways to achieve separation of data when it is transmitted is through the use of separate logical or physical channels.

Operations

Assignment:

In FDPITT.2.1, the PP/ST author should specify the access control SFP(s) and/or information flow control SFP(s) covering the information being transferred.

Selection:

In FDPITT.2.1 the PP/ST author should specify the types of transmission errors that the TSF should prevent occuring for user data while in transport. The options are disclosure, modification, loss of use.

Assignment:

In FDPITT.2.2, the PP/ST author should specify the security attributes, the values of which the TSF will use to determine when to separate data that is being trasmitted between physically-separated parts of the TOE. An example is that user data associated with the identity ofone owner is transmitted separately from the user data associated with the identify of a different owner. In this case, the value of the identity of the owner of the data is what is used to determine when to separate the data for transmission.

FDPITT.3 Integrity monitoring

User application notes

This component is used in combination with either FDPITT.1 or FDPITT.2. It ensures that the TSF checks received user data (and their attributes) for integrity. FDPITT.1 or FDPITT.2 will provide the data in a manner such that it is protected from modification (so that FDPITT.3 can detect any modifications).

The PP/ST author has to specify the types of errors that must be detected. The PP/ST author should consider: modification of data, substitution of data, unrecoverable ordering change of data, replay of data, incomplete data, in addition to other integrity errors.

The PP/ST author must specify the actions that the TSF should take on detection of a failure. For example: ignore the user data, request the data again, inform the authorised administrator, reroute traffic for other lines.



0 ... 80 81 82 83 84 85 86 ... 117