FDP_IFC.2 Complete information flow control
User application notes
This component requires that all possible operations that cause information to flow to and from subjects included in the SFP, are covered by an information flow control SFP.
The PP/ST author must demonstrate that each combination of information flows and subjects is covered by an information flow control SFP.
Operations
Assignment:
In FDP_IFC.2.1, the PP/ST author should specify a uniquely named information flow control SFP to be enforced by the TSF.
In FDP_IFC.2.1, the PP/ST author should specify the list of subjects and information that will be covered by the SFP. All operations that cause that information to flow to and from subjects will be covered by the SFP. As mentioned above, the list of subjects could be at various levels of detail depending on the needs of the PP/ST author. It could specify users, machines, or processes for example. Information could refer to data such as email or network protocols, or more specific objects similar to those specified under an access control policy. If the information that is specified is contained within an object that is subject to an access control policy, then both the access control policy and information flow control policy must be enforced before the specified information could flow to or from the object.