This class specifies the management of several aspects of the TSF: security attributes, TSF data and functions in the TSF. The different management roles and their interaction, such as separation of capability, can also be specified
In an environment where the TOE is made up of multiple physically separated parts that form a distributed system, the timing issues with respect to propagation of security attributes, TSF data, and function modification become very complex, especially if the information is required to be replicated across the parts of the TOE. This should be considered when selecting components such as FMT_REV.1 Revocation, or FMT_SAE.1 Time-limited authorisation, where the behaviour might be impaired. In such situations, use of components from FPT_TRC is advisable.
Figure H.1 - Security management class decomposition