User application notes
The entities included here are, for example, messages, service requests, service responses, or sessions.
Operations
Assignment:
In FPT_RPL.1.1, the PP/ST author should provide a list of identified entities for which detection of replay should be possible. Examples of such entities might include: messages, service requests, service responses, and user sessions.
In FPT_RPL.1.2, the PP/ST author should specify the list of actions to be taken by the TSF when replay is detected. The potential set of actions that can be taken includes: ignoring the replayed entity, requesting confirmation of the entity from the identified source, and terminating the subject from which the re-played entity originated.