6.3 Data authentication (FDP_DAU)

Family behaviour

Data authentication permits an entity to accept responsibility for the authenticity of information (e.g., by digitally signing it). This family provides a method of providing a guarantee of the validity of a specific unit of data that can be subsequently used to verify that the information content has not been forged or fraudulently modified. In contrast to Class Class FCO Communication, this family is intended to be applied to "static" data rather than data that is being transferred.

Component levelling

FDP_DAU.1 Basic Data Authentication requires that the TSF is capable of generating a guarantee of authenticity of the information content of objects (e.g. documents).

FDP_DAU.2 Data Authentication with Identity of Guarantor additionally requires that the TSF is capable of establishing the identity of the subject who provided the guarantee of authenticity.

Management: FDP_DAU.1, FDP_DAU.2

The following actions could be considered for the management functions in FMT Management:

a)    The assignment or modification of the objects for which data authentication may apply could be configurable in the system.

Audit: FDP_DAU.1

The following events should be auditable if FAU_GEN Security audit data generation is included in the PP/ST.

a)    Minimal: Successful generation of validity evidence.

b)    Basic: Unsuccessful generation of validity evidence.

c)    Detailed: The identity of the subject that requested the evidence.

Audit: FDP_DAU.2

The following events should be auditable if FAU_GEN Security audit data generation is included in the PP/ST.

a)    Minimal: Successful generation of validity evidence.

b)    Basic: Unsuccessful generation of validity evidence.

c)    Detailed: The identity of the subject that requested the evidence.

d)    Detailed: The identity of the subject that generated the evidence.