I was recently reviewing CC v3.0 and wondered how to implement most of
the FMT class of SFRs from CC v2.X.
Examples:
- What V3 SFRs should be used to require the TSF to
provide ability for an administrator to enable or disable audit functions?
Is enabling or disabling audit functions considered an operation
in FDP_ACC.1? That just does not seem correct.
- Is this explained anywhere in CC V3.0 Part 2?
- It appears that the FDP_ACC.1 V3 SFR is to be
used to specify what user/role/permission is allowed to manage (view,
create, modify, delete, etc) the TSF data? If so, then the TSF data
will need to be defined as an object. So, all configuration settings would
be objects. For some reason, that just does not seem correct.
- If this is what is intended, it seems CC V3.0
Part 2, Section 6.2 should be expanded to explain this.
- It appears that requiring the TSF to
implement/manage roles in CC V3.0 should be accomplished by claiming that
the roles are security properties/attributes and using FIA_USB.1. Is this
correct?
Can anyone provide any insight to how the majority of the FMT class of SFRs are
to be implemented in CC V3.0?
Thanks,
- Michelle
|