8.2 Management of security attributes (FMT_MSA)

Family behaviour

This family allows authorised users control over the management of security attributes. This management might include capabilities for viewing and modifying of security attributes.

Component levelling

FMT_MSA.1 Management of security attributes allows authorised users (roles) to manage the specified security attributes.

FMT_MSA.2 Secure security attributes ensures that values assigned to security attributes are valid with respect to the secure state.

FMT_MSA.3 Static attribute initialisation ensures that the default values of security attributes are appropriately either permissive or restrictive in nature.

Management: FMT_MSA.1

The following actions could be considered for the management functions in FMT Management:

a)    managing the group of roles that can interact with the security attributes.

Management: FMT_MSA.2

There are no additional management activities foreseen for this component.

Management: FMT_MSA.3

The following actions could be considered for the management functions in FMT Management:

a)    managing the group of roles that can specify initial values;

b)    managing the permissive or restrictive setting of default values for a given access control SFP.

Audit: FMT_MSA.1

The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:

a)    Basic: All modifications of the values of security attributes.

Audit: FMT_MSA.2

The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:

a)    Minimal: All offered and rejected values for a security attribute.

b)    Detailed: All offered and accepted secure values for a security attribute.

Audit: FMT_MSA.3

The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:

a)    Basic: Modifications of the default setting of permissive or restrictive rules.

b)    Basic: All modifications of the initial values of security attributes.