Family behaviour
This family provides requirements that address protection of user data when it is transferred between parts of a TOE across an internal channel. This may be contrasted with the FDP_UCT Inter-TSF user data confidentiality transfer protection and FDP_UIT Inter-TSF user data integrity transfer protection families, which provide protection for user data when it is transferred between distinct TSFs across an external channel, and FDP_ETC Export to outside TSF control and FDP_ITC Import from outside TSF control, which address transfer of data to or from outside the TSF's control.
Component levelling
FDP_ITT.1 Basic internal transfer protection requires that user data be protected when transmitted between parts of the TOE.
FDP_ITT.2 Transmission separation by attribute requires separation of data based on the value of SFP-relevant attributes in addition to the first component.
FDP_ITT.3 Integrity monitoring requires that the SF monitor user data transmitted between parts of the TOE for identified integrity errors.
FDP_ITT.4 Attribute-based integrity monitoring expands on the third component by allowing the form of integrity monitoring to differ by SFP-relevant attribute.
Management: FDP_ITT.1, FDP_ITT.2
The following actions could be considered for the management functions in FMT Management:
a) If the TSF provides multiple methods to protect user data during transmission between physically separated parts of the TOE, the TSF could provide a pre-defined role with the ability to select the method that will be used.
Management: FDP_ITT.3, FDP_ITT.4
The following actions could be considered for the management functions in FMT Management:
a) The specification of the actions to be taken upon detection of an integrity error could be configurable.
Audit: FDP_ITT.1, FDP_ITT.2
The following events should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: Successful transfers of user data, including identification of the protection method used.
b) Basic: All attempts to transfer user data, including the protection method used and any errors that occurred.
Audit: FDP_ITT.3, FDP_ITT.4
The following events should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: Successful transfers of user data, including identification of the integrity protection method used.
b) Basic: All attempts to transfer user data, including the integrity protection method used and any errors that occurred.
c) Basic: Unauthorised attempts to change the integrity protection method.
d) Detailed: The action taken upon detection of an integrity error.