Family behaviour
This family allows authorised users control over the management of security attributes. This management might include capabilities for viewing and modifying of security attributes.
Component levelling
FMT_MSA.1 Management of security attributes allows authorised users (roles) to manage the specified security attributes.
FMT_MSA.2 Secure security attributes ensures that values assigned to security attributes are valid with respect to the secure state.
FMT_MSA.3 Static attribute initialisation ensures that the default values of security attributes are appropriately either permissive or restrictive in nature.
Management: FMT_MSA.1
The following actions could be considered for the management functions in FMT Management:
a) managing the group of roles that can interact with the security attributes.
Management: FMT_MSA.2
There are no additional management activities foreseen for this component.
Management: FMT_MSA.3
The following actions could be considered for the management functions in FMT Management:
a) managing the group of roles that can specify initial values;
b) managing the permissive or restrictive setting of default values for a given access control SFP.
Audit: FMT_MSA.1
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:
a) Basic: All modifications of the values of security attributes.
Audit: FMT_MSA.2
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:
a) Minimal: All offered and rejected values for a security attribute.
b) Detailed: All offered and accepted secure values for a security attribute.
Audit: FMT_MSA.3
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:
a) Basic: Modifications of the default setting of permissive or restrictive rules.
b) Basic: All modifications of the initial values of security attributes.