Family behaviour
Non-repudiation of receipt ensures that the recipient of information cannot successfully deny receiving the information. This family requires that the TSF provide a method to ensure that a subject that transmits information during a data exchange is provided with evidence of receipt of the information. This evidence can then be verified by either this subject or other subjects.
Component levelling
FCO_NRR.1 Selective proof of receipt requires the TSF to provide subjects with a capability to request evidence of the receipt of information.
FCO_NRR.2 Enforced proof of receipt requires that the TSF always generate evidence of receipt for received information.
Management: FCO_NRR.1, FCO_NRR.2
The following actions could be considered for the management functions in FMT:
a) The management of changes to information types, fields, originator attributes and third parties recipients of evidence.
Audit: FCO_NRR.1 Selective proof of receipt
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: The identity of the user who requested that evidence of receipt would be generated.
b) Minimal: The invocation of the non-repudiation service.
c) Basic: Identification of the information, the destination, and a copy of the evidence provided.
d) Detailed: The identity of the user who requested a verification of the evidence.
Audit: FCO_NRR.2 Enforced proof of receipt
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: The invocation of the non-repudiation service.
b) Basic: Identification of the information, the destination, and a copy of the evidence provided.
c) Detailed: The identity of the user who requested a verification of the evidence.