This family defines mechanisms for importing user data from outside the TSC into the TOE such that the user data security attributes can be preserved. Consistency of these security attributes are addressed by FPT_TDC Inter-TSF TSF data consistency .
FDP_ITC is concerned with limitations on import, user specification of security attributes, and association of security attributes with the user data.
User notes
This family, and the corresponding export family FDP_ETC, address how the TOE deals with user data outside its control. This family is concerned with assigning and abstraction of the user data security attributes.
A variety of activities might be involved here:
a) importing user data from an unformatted medium (e.g. floppy disk, tape, scanner, video or audit signal), without including any security attributes, and physically marking the medium to indicate its contents;
b) importing user data, including security attributes, from a medium and verifying that the object security attributes are appropriate;
c) importing user data, including security attributes, from a medium using a cryptographic sealing technique to protect the association of user data and security attributes.
This family is not concerned with the determination of whether the user data may be imported. It is concerned with the values of the security attributes to associate with the imported user data.
There are two possibilities for the import of user data: either the user data is unambiguously associated with reliable object security attributes (values and meaning of the security attributes is not modified), or no reliable security attributes (or no security attributes at all) are available from the import source. This family addresses both cases.
If there are reliable security attributes available, they may have been associated with the user data by physical means (the security attributes are on the same media), or by logical means (the security attributes are distributed differently, but include unique object identification, e.g. cryptographic checksum).
This family is concerned with importing user data and maintaining the association of security attributes as required by the SFP. Other families are concerned with other import aspects such as consistency, trusted channels, and integrity that are beyond the scope of this family. Furthermore, FDP_ITC is only concerned with the interface to the import medium. FDP_ETC is responsible for the other end point of the medium (the source).
Some of the well known import requirements are:
a) importing of user data without any security attributes;
b) importing of user data including security attributes where the two are associated with one another and the security attributes unambiguously represent the information being imported.
These import requirements may be handled by the TSF with or without human intervention, depending on the IT limitations and the organisational security policy. For example, if user data is received on a "confidential" channel, the security attributes of the objects will be set to "confidential".
If there are multiple SFPs (access control and/or information flow control) then it may be appropriate to iterate these components once for each named SFP.