RE: FPT_SEP in an Application TOE (does mutual recognition work?)
- Subject: RE: FPT_SEP in an Application TOE (does mutual recognition work?)
- From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>
- Date: Mon, 13 Dec 2004 13:16:08 -0500
- Content-Type: text/plain
In light of the arguments indicating that FPT_SEP (and other SFRs) might not
be appropriate for TOEs excluding their underlying supporting components
(e.g., OSs and hardware), I am somewhat curious about the following quotes
that occur in a number of Controlled Access Protection Profile conformant OS
STs validated in the German Scheme:
"Tools and commands executed in user mode that are used by an administrative
user need also to be trusted to manage the system in a secure way. But as
with other operating system evaluations they are not considered to be part
of this TSF.
Also the hardware and the BootProm firmware are considered not to be part of
the TOE but part of the TOE
How is it that security management functions, such as audit review, can be
claimed if the applicable tools are not part of the TSF?
How is it that FPT_SEP.1, FPT_RVM.1, FPT_STM.1 and perhaps other SFRs that
have recently been questioned for applications can be met by an OS TSF (just
a few months ago) that doesn't include components that are directly
responsible to implement the corresponding security functions?
Note that I am pretty certain that no past or current OS evaluation in the
US Scheme excludes administrative utilities or hardware.
Date Index |
Thread Index |
Problems or questions? Contact firstname.lastname@example.org