Archived TD0100: Password Management in SVPP
PP_SV_v1.1, FIA_PMG_EXT.1 , FMT_MOF_EXT.1.1
FIA_PMG_EXT.1 and management function #3 in FMT_MOF_EXT.1.1 imply that using passwords is mandatory. However, it is allowable for a product to disable password functionality and use other authentication methods as described in FIA_UIA_EXT.1.
Modify FMT_MOF_EXT.1.1, item 12 (the selection) to include the bullet:
* Ability to enable/disable password authentication
Modify the FMT_MOF_EXT.1 Application Note to include the following:
While password authentication (and the associated password management functionality) must be supported by the TOE, it is acceptable to disable that functionality and force administrators to use an alternate authentication mechanisms, as specified in FIA_UAU_EXT.2. If this capability is included, the ST author selects "Ability to enable/disable password authentication" in item 12.
Add the following SFR to the SV PP:
FIA_UAU_EXT.2 Password-based Authentication Mechanism
FIA_UAU_EXT.2.1The TSF shall provide a local password-based authentication mechanism, [selection: [assignment: other authentication mechanism(s)], none]to perform administrative user authentication.
The assignment should be used to identify any additional local authentication mechanisms supported. Local authentication mechanisms are defined as those that occur through the local console; remote administrative sessions (and their associated authentication mechanisms) are specified in FTP_TRP.1.
This change shows that password functionality may be disabled if other allowable authentication methods are used instead.