FDP_ITT.3 Integrity monitoring
User application notes
This component is used in combination with either FDP_ITT.1 or FDP_ITT.2. It ensures that the TSF checks received user data (and their attributes) for integrity. FDP_ITT.1 or FDP_ITT.2 will provide the data in a manner such that it is protected from modification (so that FDP_ITT.3 can detect any modifications).
The PP/ST author has to specify the types of errors that must be detected. The PP/ST author should consider: modification of data, substitution of data, unrecoverable ordering change of data, replay of data, incomplete data, in addition to other integrity errors.
The PP/ST author must specify the actions that the TSF should take on detection of a failure. For example: ignore the user data, request the data again, inform the authorised administrator, reroute traffic for other lines.
Operations
Assignment:
In FDP_ITT.3.1, the PP/ST author should specify the access control SFP(s) and/or information flow control SFP(s) covering the information being transferred and monitored for integrity errors.
In FDP_ITT.3.1, the PP/ST author should specify the type of possible integrity errors to be monitored during transmission of the user data.
In FDP_ITT.3.2, the PP/ST author should specify the action to be taken by the TSF when an integrity error is encountered. An example might be that the TSF should request the resubmission of the user data. The SFP(s) specified in FDP_ITT.3.1 will be enforced as the actions are taken by the TSF.