FMT_MSA.1 Management of security attributes
This component allows users acting in certain roles to manage identified security attributes. The users are assigned to a role within the component FMT_SMR.1 Security roles .
The default value of a parameter is the value the parameter takes when it is instantiated without specifically assigned values. An initial value is provided during the instantiation (creation) of a parameter, and overrides the default value.
Operations
Assignment:
In FMT_MSA.1.1, the PP/ST author should list the access control SFP or the information flow control SFP for which the security attributes are applicable.
Selection:
In FMT_MSA.1.1 the PP/ST author should specify the operations that can be applied to the identified security attributes. The PP/ST author can specify that the role can modify the default value (change_default), query, modify the security attribute, delete the security attributes entirely or define their own operation.
Assignment:
In FMT_MSA.1.1, if selected, the PP/ST author should specify which other operations the role could perform. An example of such an operation could be 'create'.
In FMT_MSA.1.1 the PP/ST author should specify the security attributes that can be operated on by the identified roles. It is possible for the PP/ST author to specify that the default value such as default access-rights can be managed. Examples of these security attributes are user-clearance, priority of service level, access control list, default access rights.
In FMT_MSA.1.1 the PP/ST author should specify the roles that are allowed to operate on the security attributes. The possible roles are specified in FMT_SMR.1.