This class contains families of functional requirements that relate to the integrity and management of the mechanisms that provide the TSF (independent of TSP-specifics) and to the integrity of TSF data (independent of the specific contents of the TSP data). In some sense, families in this class may appear to duplicate components in the Class FDP User data protection (Class FDP User data protection) class; they may even be implemented using the same mechanisms. However, Class FDP User data protection focuses on user data protection, while Class FPT Protection of the TOE Security Functions focuses on TSF data protection. In fact, components from the Class FPT Protection of the TOE Security Functions class are necessary to provide requirements that the SFPs in the TOE cannot be tampered with or bypassed.
From the point of view of this class, there are three significant portions for the TSF:
a) The TSF's abstract machine, which is the virtual or physical machine upon which the specific TSF implementation under evaluation executes.
b) The TSF's implementation, which executes on the abstract machine and implements the mechanisms that enforce the TSP.
c) The TSF's data, which are the administrative databases that guide the enforcement of the TSP.
Figure 10.1 - Protection of the TOE Security Functions class decomposition
Figure 10.2 - Protection of the TOE Security Functions class decomposition (Cont.)