This family defines requirements for mechanisms that enforce defined quality metrics on provided secrets, and generate secrets to satisfy the defined metric. Examples of such mechanisms may include automated checking of user supplied passwords, or automated password generation.
A secret can be generated outside the TOE (e.g. selected by the user and introduced in the system). In such cases, the FIA_SOS.1 component can be used to ensure that the external generated secret adheres to certain standards, for example a minimum size, not present in a dictionary, and/or not previously used.
Secrets can also be generated by the TOE. In those cases, the FIA_SOS.2 component can be used to require the TOE to ensure that the secrets that will adhere to some specified metrics.
User notes
Secrets contain the authentication data provided by the user for an authentication mechanism that is based on knowledge the user possesses. When cryptographic keys are employed, the class FCS should be used instead of this family.