Family behaviour
This family defines the requirements for providing integrity for user data in transit between the TSF and another Trusted IT Product and recovering from detectable errors. At a minimum, this family monitors the integrity of user data for modifications. Furthermore, this family supports different ways of correcting detected integrity errors.
Component levelling
FDP_UIT.1 Data exchange integrity addresses detection of modifications, deletions, insertions, and replay errors of the user data transmitted.
FDP_UIT.2 Source data exchange recovery addresses recovery of the original user data by the receiving TSF with help from the source Trusted IT Product.
FDP_UIT.3 Destination data exchange recovery addresses recovery of the original user data by the receiving TSF on its own without any help from the source Trusted IT Product.
Management: FDP_UIT.1, FDP_UIT.2, FDP_UIT.3
There are no management activities foreseen for this component.
Audit: FDP_UIT.1
The following events should be auditable if FAU_GEN Security audit data generation is included in the PP/ST.
a) Minimal: The identity of any user or subject using the data exchange mechanisms.
b) Basic: The identity of any user or subject attempting to use the user data exchange mechanisms, but who is unauthorised to do so.
c) Basic: A reference to the names or other indexing information useful in identifying the user data that was transmitted or received. This could include security attributes associated with the user data.
d) Basic: Any identified attempts to block transmission of user data.
e) Detailed: The types and/or effects of any detected modifications of transmitted user data.
Audit: FDP_UIT.2, FDP_UIT.3
The following events should be auditable if FAU_GEN Security audit data generation is included in the PP/ST.
a) Minimal: The identity of any user or subject using the data exchange mechanisms.
b) Minimal: Successful recovery from errors including they type of error that was detected.
c) Basic: The identity of any user or subject attempting to use the user data exchange mechanisms, but who is unauthorised to do so.
d) Basic: A reference to the names or other indexing information useful in identifying the user data that was transmitted or received. This could include security attributes associated with the user data.
e) Basic: Any identified attempts to block transmission of user data.
f) Detailed: The types and/or effects of any detected modifications of transmitted user data.