Раздел: Документация
0 ... 90 91 92 93 94 95 96 ... 117 Security management - FIA MOF Management of functions in TSF-~T - FMT MSA Management of security attributes FMT MTD Management of TSF data FMT REV Revocation- 1   FMT SAE Security attribute expiration\-\ 1 FMT SMR Security management roles 1 2 3 Figure H.1 - Security management class decomposition H.1 Management of functions in TSF (FMT MOF) The TSF management functions enable authorised users to set up and control the secure operation of the TOE. These administrative functions typically fall into a number of different categories: a)Management functions that relate to access control, accountability and authentication controls enforced by the TOE. For example, definition and update of user security characteristics (e.g. unique identifiers associated with user names, user accounts, system entry parameters) or definition and update of auditing system controls (e.g. selection of audit events, management of audit trails, audit trail analysis, and audit report generation), definition and update of per-user policy attributes (such as user clearance), definition of known system access control labels, and control and management of user groups. b)Management functions that relate to controls over availability. For example, definition and update of availability parameters or resource quotas. c)Management functions that relate to general installation and configuration. For example, TOE configuration, manual recovery, installation of TOE security fixes (if any), repair and reinstallation of hardware. d)Management functions that relate to routine control and maintenance of TOE resources. For example, enabling and disabling peripheral devices, mounting of removable storage media, backup and recovery of user and system objects. Note that these functions need to be present in a TOE based on the families included in the PP or ST. It is the responsibility of the PP/ST author to ensure that adequate functions will be provided to manage the system in a secure fashion. The TSF might contain functions that can be controlled by an administrator. For example, the auditing functions could be switched off, the time synchronisation could be switchable, and/or the authentication mechanism could be modifiable. FMTMOF.1 Management of security functions behaviour This component allows identified roles to manage the security functions of the TSF. This might entail obtaining the current status of a security function, disabling or enabling the security function, or modifying the behaviour of the security function. An example of modifying the behaviour of the security functions is changing of authentication mechanisms. Operations Selection: In FMTMOF.1.1 the PP/ST author should select whether the role can determine the behaviour of, disable, enable, and/or modify the behaviour of the security functions. Assignment: In FMTMOF.1.1 the PP/ST author should specify the functions that can be modified by the identified roles. Examples include auditing and time determination. In FMTMOF.1.1 the PP/ST author should specify the roles that are allowed to modify the functions in the TSF. The possible roles are specified in FMTSMR.1. 0 ... 90 91 92 93 94 95 96 ... 117
|
