Family behaviour
This family addresses the need to ensure that deleted information is no longer accessible, and that newly created objects do not contain information that should not be accessible. This family requires protection for information that has been logically deleted or released, but may still be present within the TOE.
Component levelling
FDP_RIP.1 Subset residual information protection requires that the TSF ensure that any residual information content of any resources is unavailable to a defined subset of the objects in the TSC upon the resource's allocation or deallocation.
FDP_RIP.2 Full residual information protection requires that the TSF ensure that any residual information content of any resources is unavailable to all objects upon the resource's allocation or deallocation.
Management: FDP_RIP.1, FDP_RIP.2
The following actions could be considered for the management functions in FMT Management:
a) The choice of when to perform residual information protection (i.e. upon allocation or deallocation) could be made configurable within the TOE.
Audit: FDP_RIP.1, FDP_RIP.2
There are no events identified that should be auditable if FAU_GEN Security audit data generation is included in the PP/ST.