NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0658:  Updates to Table 7 Column References in MDF v3.2

Publication Date
2022.07.07

Protection Profiles
PP_MDF_V3.2

Other References
FMT_MOF_EXT.1, FMT_SMF_EXT.1

Issue Description

In MDF PP v3.2 FMT_SMF_EXT.1.1, a new column was added to the left side of Table 7 which caused a column numbering shift, but the column numbers referenced in FMT_MOF_EXT.1.1, 1.2, and application notes in FMT_MOF_EXT.1 and FMT_SMF_EXT.1 were not adjusted to compensate for this shift.

Resolution

PP_MDF_V3.2 is modified as follows, with underline denoting addition and strikethrough denoting deletion:

 

FMT_MOF_EXT.1 is updated as follows:

The TSF shall restrict the ability to perform the functions in column 34 of Table 7 to the user.
Application Note: The functions that have an "M" in the thirdfourth column are mandatory for this component, thus are restricted to the user, meaning that the administrator cannot manage those functions. The functions that have an "O" in the thirdfourth column are optional and may be selected; and those functions with a "-" in the thirdfourth are not applicable and may not be selected. The ST author should select those security management functions that only the user may perform (i.e. the ones the administrator may not perform).

The ST author may not select the same function in both FMT_MOF_EXT.1.1 and FMT_MOF_EXT.1.2. A function cannot contain an "M" in both column 34 and column 56.

The ST author may use a table in the ST, indicating with clear demarcations (to be accompanied by an index) those functions that are restricted to the user (column 34). The ST author should iterate a row to indicate any variations in the selectable sub-functions or assigned values with respect to the values in the columns.

For functions that are mandatory, any sub-functions not in a selection are also mandatory and any assignments must contain at least one assigned value. For non-selectable sub-functions in an optional function, all sub-functions outside a selection must be implemented in order for the function to be listed.
The TSF shall restrict the ability to perform the functions in column 56 of Table 7 to the administrator when the device is enrolled and according to the administrator-configured policy.
Application Note: As long as the device is enrolled in management, the administrator (of the enterprise) must be guaranteed that minimum security functions of the enterprise policy are enforced. Further restrictive policies can be applied at any time by the user on behalf of the user or other administrators.

The functions that have an "M" in the fifthsixth column are mandatory for this component; the functions that have an "O" in the fifthsixth column are optional and may be selected; and those functions with a "-" in the fifthsixth are not applicable and may not be selected.

The ST author may not select the same function in both FMT_MOF_EXT.1.1 and FMT_MOF_EXT.1.2.

The ST author should select those security management functions that the administrator may restrict. The ST author may use a table in the ST, indicating with clear demarcations (to be accompanied by an index) those functions that are and are not implemented with APIs for the administrator (as in column 45). Additionally, the ST author should demarcate which functions the user is prevented from accessing or performing (as in column 56). The ST author should iterate a row to indicate any variations in the selectable sub-functions or assigned values with respect to the values in the columns.

For functions that are mandatory, any sub-functions not in a selection are also mandatory and any assignments must contain at least one assigned value. For non-selectable sub-functions in an optional function, all sub-functions outside the selection must be implemented in order for the function to be listed.

 

 

The Application Note for FMT_SMF_EXT.1 is updated as follows:

Application Note: Table 7 compares the management functions required by this Protection Profile.

The firstsecond column lists the management functions identified in the PP.

In the following columns:

  • ‘M’ means Mandatory
  • ‘O’ means Optional/Objective
  • '-' means that no value (M or O) can be assigned



The secondthird column (FMT_SMF_EXT.1) indicates whether the function is to be implemented. The ST author should select which Optional functions are implemented.

The thirdfourth column (FMT_MOF_EXT.1.1) indicates functions that are to be restricted to the user (i.e. not available to the administrator).

The fourthfifth column (Administrator) indicates functions that are available to the administrator. The functions restricted to the user (column 34) cannot also be available to the administrator. Functions available to the administrator can still be available to the user, as long as the function is not restricted to the administrator (column 56). Thus, if the TOE must offer these functions to the administrator to perform the fourthfifth column must be selected.

The fifthsixth column (FMT_MOF_EXT.1.2) indicates whether the function is to be restricted to the administrator when the device is enrolled and the administrator applies the indicated policy. If the function is restricted to the administrator the function is not available to the user. This does not prevent the user from modifying a setting to make the function stricter, but the user cannot undo the configuration enforced by the administrator.

The ST author may use a table in the ST, listing only those functions that are implemented. For functions that are mandatory, any sub-functions not in a selection are also mandatory and any assignments must contain at least one assigned value. For functions that are optional and contain an assignment or selection, at least one value must be assigned/selected to be included in the ST. For non-selectable sub-functions in an optional function, all sub-functions must be implemented in order for the function to be included. For functions with a "per-app basis" sub function and an assignment, the ST author must indicate which assigned features are manageable on a per-app basis and which are not by iterating the row.

 
Justification

See issue description.

 
 
Site Map              Contact Us              Home