Automated recovery is considered to be more useful than manual recovery, as it allows the machine to operate in an unattended fashion.
User application notes
The component FPT_RCV.2 Automated recovery extends the feature coverage of FPT_RCV.1 Manual recovery by requiring that there be at least one automated method of recovery from failure or service discontinuity. It addresses the threat of protection compromise resulting from an unattended TOE returning to an insecure state after recovery from a failure or other discontinuity.
Evaluator application notes
It is acceptable for the functions that are available to an authorised user for trusted recovery to be available only in a maintenance mode. Controls should be in place to limit access during maintenance to authorised users.
For FPT_RCV.2.1, it is the responsibility of the developer of the TSF to determine the set of recoverable failures and service discontinuities.
It is assumed that the robustness of the automated recovery mechanisms will be verified.
Operations
Assignment:
For FPT_RCV.2.2, the PP/ST author should specify the list of failures or other discontinuities for which automated recovery must be possible.