[Public Interpretations Database]

I-0363: Attribute Inheritance/Modification Rules Need To Be Included In Policy

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0363
STATUS:               Formally Superseded

TITLE:                Attribute Inheritance/Modification Rules Need To Be
                      Included In Policy
SUPERSEDED BY:        
     I-0420           Attribute Inheritance/Modification Rules Need To Be Included In Policy

EFFECTIVE:            2000-03-27
SUPERSEDED:           2002-08-22

SOURCE REFERENCE:     CC v2.1 Part 2 Annex F FDP
                      CC v2.1 Part 2 Clause 6 FDP
RELATED TO:           <None>
CCIMB ENTRY:          CCIMB-INTERP-0107

STATEMENT

The following interprets the entire FDP class in its interaction with the FMT_MSA.1 element:

FMT_MSA.1.1 The TSF shall enforce the [assignment: access control SFP, information flow control SFP] to restrict the ability to [selection: change_default, query, modify, delete, [assignment: other operations]] the security attributes [assignment: list of security attributes] to [assignment: the authorised identified roles].

Rules relating to modification and inheritance of security attributes are part of a Security Function Policy.

RECOMMENDED CRITERIA CHANGES

To address this interpretation, a new family (FDP_ATR, Security Attribute Policy), should be added to the FDP Class. This family should contain the following component:

FDP_ATR.1 Security Attribute Management and Inheritance

FDP_ATR.1.1. As part of the [assignment: access control SFP, information flow control SFP], the TSF shall enforce the following policy rules with respect to security attribute establishment: [assignment: list of rules governing security attribute inheritance]

FDP_ATR.1.2. As part of the [assignment: access control SFP, information flow control SFP], the TSF shall enforce the following policy rules with respect to security attribute modification: [assignment: list of rules governing security attribute modification]

Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control]

SUPPORT:

FMT_MSA.1.1 only allows the specification of the roles permitted to make selected security attribute modifications. However, the FMT_MSA component provides no ability to specify policies related to security attribute modification, such as how new objects inherit security attributes from creating subjects, or ancillary rules that control security attribute modification. For example, one cannot use FMT_MSA to specify a rule that a Mandatory Access Control SFPs policy must be satisfied in order to set security attributes controlled under a Discretionary Access Control policy.

One might think that such rules could be specified under FDP_ACF or FDP_ICF. However, those families allow specification of rules related to access of objects, not how security attributes obtain values. Providing a place to specify such rules appears to be an omission in the CC. This interpretation corrects that omission.