![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0477: Management Of Subject Attributes
TYPE: NIAP Interpretation NUMBER: I-0477 STATUS: Sent to CCEVS Management and CCIMB for Review TITLE: Management Of Subject Attributes SOURCE REFERENCE: CC v2.1 Part 2 Subclause 8.2 FMT_MSA.3 RELATED TO: <None>
ISSUE:
The component FMT_MSA.3 is used to ensure that the default values of security attributes are appropriate in nature. However, it only covers some of the controlled entities: specifically, objects and information. It fails to address the attributes of subjects.STATEMENT
FMT_MSA.3 applies to attributes of subjects as well as attributes of objects and information.RECOMMENDED CRITERIA CHANGES
To address this interpretation, the following changes should be made to Common
Criteria v2.1 Part 2 Section 8.2, FMT_MSA.3 (additions marked
thusly;
deletions marked
thusly):
FMT_MSA.3.2 The TSF shall allow the [assignment: the authorised identified roles] to specify alternative initial values to override the default values whenana subject, object or information is created.