Family behaviour
This family defines the types of user authentication mechanisms supported by the TSF. This family also defines the required attributes on which the user authentication mechanisms must be based.
Component levelling
FIA_UAU.1 Timing of authentication, allows a user to perform certain actions prior to the authentication of the user's identity.
FIA_UAU.2 User authentication before any action, requires that users authenticate themselves before any action will be allowed by the TSF.
FIA_UAU.3 Unforgeable authentication, requires the authentication mechanism to be able to detect and prevent the use of authentication data that has been forged or copied.
FIA_UAU.4 Single-use authentication mechanisms, requires an authentication mechanism that operates with single-use authentication data.
FIA_UAU.5 Multiple authentication mechanisms, requires that different authentication mechanisms be provided and used to authenticate user identities for specific events.
FIA_UAU.6 Re-authenticating, requires the ability to specify events for which the user needs to be re-authenticated.
FIA_UAU.7 Protected authentication feedback, require that only limited feedback information is provided to the user during the authentication.
Management: FIA_UAU.1
The following actions could be considered for the management functions in FMT:
a) management of the authentication data by an administrator;
b) management of the authentication data by the associated user;
c) managing the list of actions that can be taken before the user is authenticated.
Management: FIA_UAU.2
The following actions could be considered for the management functions in FMT:
a) management of the authentication data by an administrator;
b) management of the authentication data by the user associated with this data.
Management: FIA_UAU.3, FIA_UAU.4, FIA_UAU.7
There are no management activities foreseen.
Management: FIA_UAU.5
The following actions could be considered for the management functions in FMT:
a) the management of authentication mechanisms;
b) the management of the rules for authentication.
Management: FIA_UAU.6
The following actions could be considered for the management functions in FMT:
a) if an authorised administrator could request re-authentication, the management includes a re-authentication request.
Audit: FIA_UAU.1
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: Unsuccessful use of the authentication mechanism;
b) Basic: All use of the authentication mechanism;
c) Detailed: All TSF mediated actions performed before authentication of the user.
Audit: FIA_UAU.2
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: Unsuccessful use of the authentication mechanism;
b) Basic: All use of the authentication mechanism.
Audit: FIA_UAU.3
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: Detection of fraudulent authentication data;
b) Basic: All immediate measures taken and results of checks on the fraudulent data.
Audit: FIA_UAU.4
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: Attempts to reuse authentication data.
Audit: FIA_UAU.5
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: The final decision on authentication;
b) Basic: The result of each activated mechanism together with the final decision.
Audit: FIA_UAU.6
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Minimal: Failure of reauthentication;
b) Basic: All reauthentication attempts.
Audit: FIA_UAU.7
There are no auditable events foreseen.