This family describes the rules for the specific functions that can implement an access control policy named in FDP_ACC which also specifies the scope of control of the policy.
User notes
This family provides a PP/ST author the capability to describe the rules for access control. This results in a system where the access to objects will not change. An example of such an object is "Message of the Day", which is readable by all, and changeable only by the authorised administrator. This family also provides the PP/ST author with the ability to describe rules that provide for exceptions to the general access control rules. Such exceptions would either explicitly allow or deny authorisation to access an object.
There are no explicit components to specify other possible functions such as two-person control, sequence rules for operations, or exclusion controls. However, these mechanisms, as well as traditional DAC mechanisms, can be represented with the existing components, by careful drafting of the access control rules.
A variety of acceptable access control SFs may be specified in this family such as:
- Access control lists (ACLs)
- Time-based access control specifications
- Origin-based access control specifications
- Owner-controlled access control attributes