[Public Interpretations Database]

I-0346: Users Authorised To Change Authentication Data Are Not Roles

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0346
STATUS:               Withdrawn
REASON:               Upon IWG review, it appears that FMT_SMR.1.2 can be
                      interpeted broadly enough to permit the TSF to allow
                      policy to determine the users in a role.

TITLE:                Users Authorised To Change Authentication Data Are Not
                      Roles

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 8.3 FMT_MTD.1
                      CC v2.1 Part 2 Subclause 8.6 FMT_SMR.1
RELATED TO:           <None>

ISSUE:

Version 2 of the Common Criteria has a problem with respect to users authorised to change their own authentication data. The FMT_MTD.1.1 requirement, which covers management of authentication data, is used to specify that users are authorised to change their own authentication data. However, this makes "user authorised to change their authentication data" into a distinct "authorised identified role". This bring FMT_SMR.1.1 into play. By specifying in the assignment "authorised identified roles", users authorised to change their own authentication data must be completed. Combined with FMT_SMR.1.2, this requires that if any users are authorised to change their authentication data, the TSM must provide the ability to say that some users cannot change their own authentication data (as the TSF must provide the ability to specify the users authorised for a role).

This is clearly not a desirable characteristic, nor does it fit current practice.

STATEMENT

The following provides technical guidance regarding CC component FMT_SMR.1.1 in its interaction with CC component FMT_MTD.1.1. For reference, the components in question are:

  • FMT_SMR.1.1: "The TSF shall maintain the roles [assignment: the authorised identified roles]"

  • FMT_MTD.1.1: "The TSF shall restrict the ability to [selection: change_default, query, modify, delete, clear, [assignment: other operations]] the [assignment: list of TSF data] to [assignment: the authorised identified roles].

Users authorised to change their own authentication data are not a distinct role, unless a product must provide the ability to have some users authorised to change their data, and some users who are prohibited from changing their own data.

RECOMMENDED CRITERIA CHANGES

Never Determined

SUPPORT:

This corrects the problem identified in the issue statement.