I-0369: Security Management Functions To Be Provided Must Be Enumerated

Subject: I-0369: Security Management Functions To Be Provided Must Be Enumerated
From: "Interpretations Working Group" <iwg@gibraltar.ncsc.mil>
Date: Fri, 17 Nov 2000 08:46:39 -0800
Content-type: Multipart/Mixed; boundary=Message-Boundary-8329
Priority: normal
[0114] (221 lines) iwg@gibraltar.ncsc.mil 11/06/00  1824.58 gmt Mon Common_Criteria
Subject: I-0369: Security Management Functions To Be Provided Must Be Enumerated


  This transaction consists of a proposal for a National Interpretation of
  a Common Criteria document. It is being posted in accordance with the
  procedures of the IWG.

  Comments on this proposal are welcomed and should be posted to this
  transaction chain.  If any party wishes to post a comment anonymously,
  the comment should be mailed to IWG@gibraltar.ncsc.mil in a form
  suitable for posting.  All comments should be posted no later than
  Friday, December 1, 2000.

                 CCITSE/CEM  NIAP INTERPRETATION (PROPOSED)

     _________________________________________________________________

    I-0369: Security Management Functions To Be Provided Must Be Enumerated
     _________________________________________________________________

NUMBER:               I-0369
STATUS:               Ready for External Review
TYPE:                 NIAP Interpretation

TITLE:                Security Management Functions To Be Provided Must Be
                      Enumerated

SOURCE REFERENCE:     CC v2.1 Part 2 Annex H FMT
                      CC v2.1 Part 2 Clause 8 FMT
                      CC v2.1 Part 2 Subclause 8.1 FMT_MOF
                      CC v2.1 Part 2 Subclause 8.2 FMT_MSA
                      CC v2.1 Part 2 Subclause 8.3 FMT_MTD
                      CC v2.1 Part 2 Subclause 8.NIAP-0369 FMT_NIAP-0369-SMF
                      CC v2.1 Part 2 Subclause H.NIAP-0369 FMT_NIAP-0369-SMF
RELATED TO:           <None>

ISSUE:

   The CC words for the FMT class specify restrictions on roles that may
   perform security management functions, but fail to provide explicit
   requirements that the TSF provide the security management functions
   upon which the restrictions apply. A common argument is that
   restricting the functions implicitly requires that they be provided.
   However, implicit requirements are not tested; moreover, the implicit
   requirements do not capture the fact that the functions must be
   provided by the TSF.

STATEMENT OF INTERPRETATION:

   A new family is added to the Common Criteria that allows specification
   of management functions to be provided by the TOE.

SPECIFIC INTERPRETATION:

   To address this interpretation, the following changes are made to CC
   v2.1, Part 2: (additions marked _thusly_; deletions marked _[DEL:_
   thusly _:DEL]_ )

     * The following family is added to Clause 8, Class FMT:

     8.NIAP-0369 Management Functions Provided (FMT_NIAP-0369-SMF)

     Family Behavior

     This family allows the specification of the management functions to
     be provided by the TOE. Management functions are TSFI that allow
     administrators to define the parameters that control the operation
     of security-related aspects of the TOE, such as data protection
     attributes, TOE protection attributes, audit attributes,
     identification and authentication attributes, and so on. Management
     functions also include those functions performed by an operator to
     ensure continued operation of the TOE, such as backup and recovery.

     This family works in conjunction with the other components in the
     FMT class: the component in this family call out the functions, and
     other families in FMT restrict the ability to use the management
     functions.

     Component Levelling

     [There would be a graphic here showing one component in the
     FMT_NIAP-0369-SMF family.]

     FDP_NIAP-0369-SMF.1 Specification of Management Functions requires
     that the TSF provide specific management functions.

     Management: FMT_NIAP-0369-SMF.1

     All management functions assigned in FMT_NIAP-0369-SMF.1 could be
     considered for other management families in FMT Management in order
     to restrict the ability to use those functions.

     Audit: FMT_NIAP-0369.SMF.1
     The following events should be auditable if FAU_GEN Security audit
     data generation is included in the PP/ST:

     a) Minimal, Basic, Detailed: Use of the management functions.

     FMT_NIAP-0369-SMF.1 Specification of Management Functions

     Hierarchical To: No other components

     FMT_NIAP-0369-SMF.1.1 The TSF shall be capable of performing the
     following security management functions: [assignment: list of
     security management functions to be provided by the TSF,
     categorized as either "security attribute management", "TSF data
     management", or "security function management"]

     Dependencies: None

     * The following subclause is added to Annex H, Security Management:

     H.NIAP-0369. Management Functions Provided (FMT_NIAP-0369-SMF)

     This family allows the specification of the management functions to
     be provided by the TOE. Management functions are TSFI that allow
     administrators to define the parameters that control the operation
     of security-related aspects of the TOE, such as data protection
     attributes, TOE protection attributes, audit attributes,
     identification and authentication attributes, and so on. Management
     functions also include those functions performed by an operator to
     ensure continued operation of the TOE, such as backup and recovery.

     This family works in conjunction with the other components in the
     FMT class: the component in this family call out the functions, and
     other families in FMT restrict the ability to use the management
     functions.

     FMT_NIAP-0369-SMF.1 Specification of Management Functions
     This component specifies the management functions to be provided.

     User Application Note

     PP/ST authors should consult the "Management" sections for
     components included in their PP/ST to provide a basis for the
     management functions to be listed via this component.

     Operations

     Assignment:

     In FMT_NIAP-0369-SMF.1, the PP/ST author should specify the
     management functions to be provided by the TSF, and indicate for
     each whether it is categorized as either "security attribute
     management", "TSF data management", or "security function
     management".

     * Clause 8, Figure 8.1, is modified to show an additional family,
       FMT_NIAP-0369-SMF.1 Specification of Management Functions, with
       one hierarchical component.

     * Clause H, Figure H.1, is modified to show an additional family,
       FMT_NIAP-0369-SMF.1 Specification of Management Functions, with
       one hierarchical component.

     * FMT_MOF.1 is relabeled as FMT_MOF.1-NIAP-0369. Unless otherwise
       noted in these changes, all normative and informative material
       associated with FMT_MOF.1 is incorporated unchanged into
       FMT_MOF.1-NIAP-0369, and all references to FMT_MOF.1 in the CC,
       CEM, or other Common Criteria documentation is changed to refer to
       FMT_MOF.1-NIAP-0369.

     * The following change is made to FMT_MOF.1-NIAP-0369:

     Dependencies: FMT_SMR.1 Security Roles

     _FPT_NIAP-0369-SMF.1 Specification of Management Functions_

     * FMT_MSA.1 is relabeled as FMT_MSA.1-NIAP-0369. Unless otherwise
       noted in these changes, all normative and informative material
       associated with FMT_MSA.1 is incorporated unchanged into
       FMT_MSA.1-NIAP-0369, and all references to FMT_MSA.1 in the CC,
       CEM, or other Common Criteria documentation is changed to refer to
       FMT_MSA.1-NIAP-0369.

     * The following change is made to FMT_MSA.1-NIAP-0369 [Note: The
       relabeling of FDP_ACC.1 and FDP_IFC.1 are the result of other
       interpretations]:

     Dependencies: [FDP_ACC.1-NIAP-0416 Subset access control or
     FDP_IFC.1-NIAP-0417 Subset information flow control]

     FMT_SMR.1 Security Roles

     _FPT_NIAP-0369-SMF.1 Specification of Management Functions_

     * FMT_MTD.1 is relabeled as FMT_MTD.1-NIAP-0369. Unless otherwise
       noted in these changes, all normative and informative material
       associated with FMT_MTD.1 is incorporated unchanged into
       FMT_MTD.1-NIAP-0369, and all references to FMT_MTD.1 in the CC,
       CEM, or other Common Criteria documentation is changed to refer to
       FMT_MTD.1-NIAP-0369.

     * The following change is made to FMT_MTD.1-NIAP-0369:

     Dependencies: FMT_SMR.1 Security Roles

     _FPT_NIAP-0369-SMF.1 Specification of Management Functions_

FURTHER CONSIDERATIONS:

   Related to this, the PP or ST evaluation process should ensure that
   there are appropriate management functions for the other functional
   elements in the PP/ST. This should be done either through additional
   APE_REQ and ASE_REQ requirements, or clarifications in the CEM.

PROJECTED IMPACT:

   Negligible impact anticipated.

SUPPORT:

   This interpretation addresses the issue by requiring that the security
   functions to be provided by a TOE be explicitly listed to allow
   evaluation of the PP/ST to determine if it satisfies its objectives.

   Note that the goal of this queue entry might be achievable by adding
   elements to specific existing FMT families, although the approach
   specified above collects all function specification into a single
   location.



---[0114]---
0369.pdf
Prev by Date: I-0387: Auditing Of Audit Storage Failures
Next by Date: I-0411: Guidance Includes AGD_ADM, ADG_USR, ADO, And ALC_FLR
Prev by thread: I-0411: Guidance Includes AGD_ADM, ADG_USR, ADO, And ALC_FLR
Next by thread: I-0369: Security Management Functions To Be Provided Must Be Enumerated
Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov