prohibit read access of certain files in FDP_ACF_EXT.1

commoncriteria / operatingsystem

Protection Profile for Operating Systems

The Unlicense

9 stars 6 forks source link

prohibit read access of certain files in FDP_ACF_EXT.1 #54

Closed jeffblank closed 9 years ago

jeffblank commented 9 years ago

or in FPT_ACF_EXT.1. This is to ensure that things which require confidentiality (e.g. audit logs) have it.

kgal commented 9 years ago

FDP_ACF_EXT.1 has been modified to prevent 'accessing' and not specifically 'modifiying'. Since audit logs are not going to be owned by a regular user, this should be okay. Thoughts?

jeffblank commented 9 years ago

That helps, but we still need it in FPT (Protection of TSF). I added a new requirement -- hopefully this will do it.