This family provides requirements that address protection of TSF data when it is transferred between separate parts of a TOE across an internal channel.
User notes
The determination of the degree of separation (i.e., physical or logical) that would make application of this family useful depends on the intended environment of use. In a hostile environment, there may be risks arising from transfers between parts of the TOE separated by only a system bus or an inter-process communications channel. In more benign environments, the transfers may be across more traditional network media.
Evaluator Notes
One practical mechanism available to a TSF to provide this protection is cryptographically-based.