Re: Do we need explicitly stated IT security requirement for FPT_ STM?

["YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>]

I've changed my previous thought.

There is a consideration that the meaning of the phrase "reliable time
stump" could be only decided when we think about the security of the client
of the time server.
I mean, the "reliable time stump" is required as a security function in the
IT environment when we evaluate the security of the client of the time
server, not when we evaluate the security of the time server.
So, when we think about the time server and the TOE, the first one ( i.e.,
the TOE that provide time values as user data ) might be appropriate.

How about this?

----- Original Message ----- 
From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
To: "Multiple recipients of list" <cc-cmt@nist.gov>
Sent: Wednesday, January 07, 2004 6:29 PM
Subject: Re: Do we need explicitly stated IT security requirement for FPT_
STM?


>
> When we have a time server ( product)  to evaluate the security functions,
I
> see two options for defining the TOE, since the use of time values are not
> necessarily for security purposes.
>
> One is the TOE that includes:
>  - an application that provides reliable time information.
>  - I&A security function.
>  - audit security function.
>  - user data (time values) protection function.
>
> Another one could be the TOE that includes:
> - time stamps security function that provide reliable time information.
>   ( this might be expressed by using FPT_STM or the refinement, or
> explicitly stated IT security requirement )
> - other ( fringe ) security functions ( I&A, audit, user data protection )
>
> Then, which TOE could be preferable for the evaluation?
> Does this selection purely depend on the customers strategy?
> Or, is this an area that scheme or evaluation lab can recommend?
>
> I personally prefer the second one, but I am not sure if this is common
> sense and if this is preferable to the second one.
>
> Yokota
>
>
>