Date: | 10/31/2003 |
Subject: | Relationship between FPT_PHP and FMT_MOF |
CC Part #1 Reference: | |
CC Part #2 Reference: | CC Part 2, FPT_PHP CC Part 2, Annex J.7 (FPT_PHP) |
CC Part #3 Reference: | |
CEM Reference: |
Management activities are incorrectly handled in FPT_PHP.1. CC v2.1 indicates that FPT_PHP.1 is dependent on FMT_MOF.1. However, FPT_PHP.1 does not require user roles to be present in order to determine whether physical tampering has occurred, although a management function could be considered for such a role.
Interpretation
FPT_PHP.1 is not dependent on FMT_MOF.1, although inclusion of the FPT_PHP.1
component in a PP or ST could require a management function for the user or
role that determines whether physical tampering has occurred.
Specific Changes
The following changes are made to CC v2.1 Part 2:
The following actions could be considered for the management functions in FMT:a) management of the user or role that determines whether physical tampering has occurred.
No dependencies
FPT_PHP.1 should be used when threats from unauthorised physical tampering with parts of the TOE are not countered by procedural methods. It addresses the threat of undetected physical tampering with the TSF. Typically, an authorised user would be given the function to verify whether tampering took place. As written, this component simply provides a TSF capability to detect tampering. Specification of management functions in FMT_MOF.1 should be considered to specify who can make use of that capability, and how they can make use of that capability. If this function is realised by non-IT mechanisms (e.g. physical inspection) management functions are not required.
Rationale
No additional rationale required, the interpretation speaks for itself.