![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0288: Actions Allowed Before I&A
NUMBER: I-0288
STATUS: Approved by CCEVS Management and Mailed to Public Mailing
List
TITLE: Actions Allowed Before I&A
APPROVAL POSTING: [announce 0352]
EFFECTIVE: 1994-04-18
REQUIREMENT: Identification and Authentication
CRITERIA CLASSES: C1, C2, B1, B2, B3, A1
DOCUMENT(S): <None>
RELATED TO: <None>
STATEMENT:
The following interprets the requirement that ``The TCB shall require users to identify themselves to it before beginning to perform any other actions that the TCB is expected to mediate.''Prior to having been identified and authenticated by the TCB, a user communicating with the TCB may be allowed to perform only those actions that would not require TCB mediation.
PROJECTED IMPACT:
Negligible impact anticipated.SUPPORT:
User actions before identification and authentication should not require access to protected objects, and they should not be visible to or affected by untrusted subjects. These actions need not be auditable.TCB actions that would be acceptable before I&A include displaying a login banner, responding to help requests with help information, and providing a mechanism to request assistance from a trusted user. Actions that would not be acceptable include access to any file system object and sending or receiving messages from or to other users or terminals.