Management recommendations (version 24a)

These are items that are recommended (by CC part 2) to be included in FMT. I suggest that these be listed in a PP app note instead of trying to embed them in the actual FMT requirement.

For each item, the SFR name refers to the SFR which contains the recommendation, followed by entity(ies) to be managed.

 

FAU_SAR.1 maintenance (deletion, modification, addition) of the group of users with read access right to the audit records

FAU_STG.4 maintenance (deletion, modification, addition) of actions to be taken in case of audit storage failure. 

FCS_CKM.1, FCS_CKM.4 management of changes to cryptographic key attributes. Examples of key attributes include user, key type (e.g. public, private, secret), validity period, and use (e.g. digital signature, key encryption, key agreement, data encryption).

FDP_ACF.1 Managing the attributes used to make explicit access or denial based decisions. 

FDP_RIP.1 The choice of when to perform residual information protection (i.e. upon allocation or deallocation) could be made configurable within the TOE. 

FIA_AFL.1 management of the threshold for unsuccessful authentication attempts; management of actions to be taken in the event of an authentication failure. 

FIA_ATD.1 if so indicated in the assignment, the authorised administrator might be able to define additional security attributes for users.  

FIA_SOS.1 the management of the metric used to verify the secrets.

FIA_UAU.1  management of the authentication data by an administrator; management of the authentication data by the associated user; managing the list of actions that can be taken before the user is authenticated.  

FIA_UAU.6 if an authorised administrator could request re-authentication, the management includes a re-authentication request.  

FIA_UID.1 the management of the user identities; if an authorised administrator can change the actions allowed before identification, the managing of the action lists.  

FIA_USB.1 an authorised administrator can define default subject security attributes; an authorised administrator can change subject security attributes. 

FMT_MSA.1 managing the group of roles that can interact with the security attributes. 

FMT_MSA.3 managing the group of roles that can specify initial values; managing the permissive or restrictive setting of default values for a given access control SFP.  

FMT_MTD.1 managing the group of roles that can interact with the TSF data.  

FMT_SMR.1 managing the group of users that are part of a role.  

FPT_AMT.1 management of the conditions under which abstract machine test occurs, such as during initial start-up, regular interval, or under specified conditions; management of the time interval if appropriate.  

FPT_STM.1 management of the time. 

FPT_TST.1 management of the conditions under which TSF self testing occurs, such as during initial start-up, regular interval, or under specified conditions; management of the time interval if appropriate.  

FTA_SSL.3 specification of the time of user inactivity after which termination of the interactive session occurs for an individual user; specification of the default time of user inactivity after which termination of the interactive session occurs.  

FTP_ITC.1 Configuring the actions that require trusted channel, if supported.