13.2 Trusted path (FTP_TRP)

Family behaviour

This family defines the requirements to establish and maintain trusted communication to or from users and the TSF. A trusted path may be required for any security-relevant interaction. Trusted path exchanges may be initiated by a user during an interaction with the TSF, or the TSF may establish communication with the user via a trusted path.

Component levelling

FTP_TRP.1 Trusted path requires that a trusted path between the TSF and a user be provided for a set of events defined by a PP/ST author. The user and/or the TSF may have the ability to initiate the trusted path.

Management: FTP_TRP.1

The following actions could be considered for the management functions in FMT:

a)    Configuring the actions that require trusted path, if supported.

Audit: FTP_TRP.1

The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:

a)    Minimal: Failures of the trusted path functions.

b)    Minimal: Identification of the user associated with all trusted path failures, if available.

c)    Basic: All attempted uses of the trusted path functions.

d)    Basic: Identification of the user associated with all trusted path invocations, if available.