TD0055: Move FTA_TAB.1 to Selection-Based Requirement
FTA_TAB.1 requires that the TSF have the ability to display a configurable warning banner to administrators before they can administer the TOE. There are ESM products that are used to administer and enforce access control policy, but depend upon operational environment components to authenticate users and display the banner. These products can, however, enforce rules on who can modify the banner. FTA_TAB.1 as written and placed in these PPs does not take into account that the TOE can enforce rules on the banner but must rely on an operational environment component to perform authentication.
FTA_TAB.1 should be moved to Appendix C (Architectural Variations and Additional Requirements) in the ESM PM PP and ESM ICM PP. The following application note should be added:
Application Note: If a TOE component is selected for subject authentication and identification in ESM_EAU.2.1 and ESM_EID.2.1, respectively, FTA_TAB.1 must be claimed.
FTA_TAB.1 should be conditional based on whether a TOE component or an Operational Environment component is authenticating the administrator.