A common security requirement is to unambiguously identify the person and/or entity performing functions in a TOE. This involves not only establishing the claimed identity of each user, but also verifying that each user is indeed who he/she claims to be. This is achieved by requiring users to provide the TSF with some information that is known by the TSF to be associated with the user in question.
Families in this class address the requirements for functions to establish and verify a claimed user identity. Identification and Authentication is required to ensure that users are associated with the proper Security Attributes (e.g. identity, groups, roles, security or integrity levels).
The unambiguous identification of authorised users and the correct association of security attributes with users and subjects is critical to the enforcement of the security policies.
The FIA_UID family addresses determining the identity of a user.
The FIA_UAU family addresses verifying the identity of a user.
The FIA_AFL family addresses defining limits on repeated unsuccessful authentication attempts.
The FIA_ATD family address the definition of user attributes that are used in the enforcement of the TSP.
The FIA_USB family addresses the correct association of security attributes for each authorised user.
The FIA_SOS family addresses the generation and verification of secrets that satisfy a defined metric.
Figure G.1 - Identification and authentication class decomposition