[Public Interpretations Database]

I-0353: Association Of Access Control Attributes With Subjects And Objects

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0353
STATUS:               Formally Superseded

TITLE:                Association Of Access Control Attributes With Subjects And
                      Objects
SUPERSEDED BY:        
     I-0416           Association Of Access Control Attributes With Subjects And Objects

EFFECTIVE:            2000-03-27
SUPERSEDED:           2000-12-05

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 6.2 FDP_ACF.1
                      CC v2.1 Part 2 Subclause F.2 FDP_ACF.1
RELATED TO:
     I-0354           Association Of Information Flow Attributes W/Subjects And Information
CCIMB ENTRY:          CCIMB-INTERP-0103

STATEMENT

The following interprets the FDP_ACF.1 component:

Access Control Policies shall provide a clear association of controlled entities (subjects, objects) with relevent security attributes.

RECOMMENDED CRITERIA CHANGES

To address this interpretation, the FDP_ACF.1.1 element should be reworded to the following (additions marked thusly; deletions marked thusly):

FDP_ACF.x.1: The TSF shall enforce the [assignment: access control SFP] to objects based on the following types of subject and object security attributes: [assignment: security attributes, named groups of security attributes list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security attributes or named groups of SFP-relevant security attributes]

In the Part 2 Annex (Section F.1), the second paragraph for the assignment operation for FDP_ACF.1.1 should be reworded as:

In FDP_ACF.x.1, the PP/ST should specify, for each type of controlled subject and object, the security attributes and/or named groups of security attributes that the function will use in the specification of the rules. For example,...[remainder of existing wording].

SUPPORT:

The CC wording for FDP_ACF.1.1 is unclear when it refers to an assignment of "security attributes, named groups of security attributes":

  • This is unclear in that it seems to call for a simple list of security attributes, without association of security attributes to the controlled entities.

This interpretation corrects this problem. It makes it clear that an appropriate assignment is one that provides, for each controlled entity, the SFP-relevant security attributes of that entity. This can be clearly provided as a two column table: one column is the controlled entity (subject, information), the other is a list of SFP-relevant security attributes for that controlled entity.