FTU?

[kgal]

Note that the Common Criteria contains no such class as FTU describing Fault Tolerance in the PP. Citrix recommends FPT (Protection of the TSF), but we might have meant FRU (Which is one letter away, and is code for Resource Utilisation[sic] with a subclass of FRU_FLT for Fault Tolerance)

[WeeknightMVP]

@jeffblank and I had a related conversation.

FPT (Protection of the TSF) concerns securing the TSF (just the functionality trusted to secure the assets protected by the application); it includes families like FPT_FLS (Fail Secure), i.e. when the application fails, it does not compromise those assets; FPT_TRU (Trusted Recovery), i.e. the application does not compromise assets upon recovery; FPT_IT(A|C|I|T) (Availability, Confidentiality, Integrity, and Secure Transfer of TSF data, respectively), i.e. the data used by the TSF is secure, etc.

An application not crashing is a liveness property, more of a DO-178B concept than a CC concept; the closest CC match I could think of was availability, and FRU_FLT (Fault Tolerance) was the only CC SFR family I found that concerns availability of the TOE, not just the TSF or its data. All that said, IANA(CC)L.

PS: CC is an international standard based on UK English; "Utilisation" is not a misspelling.

[jeffblank]

Perhaps controversially, I changed it to a new component, FPT_ROB_EXT. I opted against FRU since it's not really about how the TOE behaves when resources upon which it depends become unavailable. It's much more about whether the TOE is implemented so poorly that it almost certainly cannot maintain its integrity during operation. But we could change it back.