Final Interpretation for RI # 103 - Association Of Access Control Attributes With Subjects And Objects

Date: 7/15/2003
Subject: Association Of Access Control Attributes With Subjects And Objects
CC Part #1 Reference: 
CC Part #2 Reference: CC Part 2, FDP_ACF
CC Part #3 Reference: 
CEM Reference: 

Issue:

The Common Criteria does not currently provide functional requirements for identifying the clear association of controlled entities (subjects, information) with relevant security attributes. The existing FDP_ACF family provides only for a simple list of security attributes, without the ability to describe the required association to controlled entities.


 



Interpretation

The statement of Access Control Policy provides a clear association of controlled entities (subjects, objects) with relevant security attributes.



Specific Changes

To address this interpretation, the following changes are made to CC v2.1, Part 2:


 

Rationale

This interpretation makes it clear that an appropriate assignment is one that provides, for each controlled entity, the SFP-relevant security attributes of that entity. This can be clearly provided as a two column table: one column is the controlled entity (subject, object), the other is a list of SFP-relevant security attributes for that controlled entity.