This family addresses the need to return to a well defined valid state, such as the need of a user to undo modifications to a file or to undo transactions in case of an incomplete series of transaction as in the case of databases.
This family is intended to assist a user in returning to a well defined valid state after the user undoes the last set of actions, or, in distributed databases, the return of all of the distributed copies of the databases to the state before an operation failed.
FDP_RIP and FDP_ROL conflict when FDP_RIP enforces that the contents will be made unavailable at the time that a resource is deallocated from an object. Therefore, this use of FDP_RIP cannot be combined with FDP_ROL as there would be no information to roll back. FDP_RIP can be used only with FDP_ROL when it enforces that the contents will be unavailable at the time that a resource is allocated to an object. This is because the FDP_ROL mechanism will have an opportunity to access the previous information that may still be present in the TOE in order to successfully roll back the operation.
The rollback requirement is bounded by certain limits. For example a text editor typically only allows you roll back up to a certain number of commands. Another example would be backups. If backup tapes are rotated, after a tape is reused, the information can no longer be retrieved. This also poses a bound on the rollback requirement.