The CC words for the FMT class specify restrictions on roles that may perform security management functions, but fail to provide explicit requirements that the TSF provide the security management functions upon which the restrictions apply. A common argument is that restricting the functions implicitly requires that they be provided.

A new family is added to the FMT Class in CC Part 2 that allows specification of management functions to be provided by the TOE.

Specific Changes

To address this interpretation, the following changes are made to CC Part 2:

The following family is added to Clause 8, Class FMT:

8.x Specification of Management Functions (FMT_SMF)

Family Behaviour

This family allows the specification of the management functions to be provided by the TOE. Management functions provide TSFI that allow administrators to define the parameters that control the operation of security-related aspects of the TOE, such as data protection attributes, TOE protection attributes, audit attributes, and identification and authentication attributes. Management functions also include those functions performed by an operator to ensure continued operation of the TOE, such as backup and recovery. This family works in conjunction with the other components in the FMT class: the component in this family calls out the management functions, and other families in FMT restrict the ability to use these management functions.

Component Levelling

FMT_SMF.1 Specification of Management Functions requires that the TSF provide specific management functions.

Management: FMT_SMF.1

There are no management activities foreseen for this component.

Audit: FMT_SMF.1

The following events should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

a) Minimal: Use of the management functions.

FMT_SMF.1 Specification of Management Functions
Hierarchical to: No other components

FMT_SMF.1.1 The TSF shall be capable of performing the following security management functions: [assignment: list of security management functions to be provided by the TSF].

Dependencies: No Dependencies

The following subclause is added to Annex H, Security Management:

H.x Specification of Management Functions (FMT_SMF)

This family allows the specification of the management functions to be provided by the TOE. Each security management function that is listed in fulfilling the assignment is either security attribute management, TSF data management, or security function management.

FMT_SMF.1 Specification of Management Functions

This component specifies the management functions to be provided.

Application Note

PP/ST authors should consult the “Management” sections for components included in their PP/ST to provide a basis for the management functions to be listed via this component.

Operations

Assignment:

In FMT_SMF.1, the PP/ST author should specify the management functions to be provided by the TSF, either security attribute management, TSF data management, or security function management.

Clause 8, Figure 8.1, is modified to show an additional family, FMT_SMF Specification of Management Functions, with one component.

Clause H, Figure H.1, is modified to show an additional family, FMT_SMF Specification of Management Functions, with one hierarchical component.

The following dependency is added to FMT_MOF.1: FMT_SMF.1 Specification of Management Functions

The following dependency is added to FMT_MSA.1: FMT_SMF.1 Specification of Management Functions

The following dependency is added to FMT_MTD.1: FMT_SMF.1 Specification of Management Functions

N/A