Security Target
Version 1.1
2022-03-08
27
5.2.4
Security Management (FMT)
5.2.4.1
Management of Security Functions Behavior (FMT_MOF.1)
FMT_MOF.1.1
The TSF shall restrict the ability to [
modify the behavior of
] the functions [
TOE
user authentication device filtering whitelist and blacklist
,
TOE keyboard and
mouse filtering blacklist,
Reset to Factory Default, view audit logs, change
password
] to [
the authorized administrators
].
5.2.4.2
Specification of Management Functions (FMT_SMF.1)
FMT_SMF.1.1
The TOE shall be capable of performing the following management functions:
[
modify TOE user authentication device filtering whitelist and blacklist, modify
TOE keyboard and mouse filtering blacklist, Reset to Factory Default, view
audit logs, change password
].
5.2.4.3
Security Roles (FMT_SMR.1)
FMT_SMR.1.1
The TSF shall maintain the roles [
administrators
].
FMT_SMR.1.2
The TSF shall be able to associate users with roles.
5.2.5
Protection of the TSF (FPT)
5.2.5.1
Failure with Preservation of Secure State (FPT_FLS_EXT.1)
FPT_FLS_EXT.1.1
The TSF shall preserve a secure state when the following types of failures occur:
failure of the power‐on self‐test and [
failure of the anti-tamper function
].
5.2.5.2
No Access to TOE (FPT_NTA_EXT.1)
FPT_NTA_EXT.1.1
TOE firmware, software, and memory shall not be accessible via the TOE’s
external ports, with the following exceptions: [
the Extended Display
Identification Data (EDID) memory of Video TOEs may be accessible from
connected computers; the configuration data, settings, and logging data that
may be accessible by authorized administrators
].
5.2.5.3
Passive Detection of Physical Attack (FPT_PHP.1)
FPT_PHP.1.1
The TSF shall provide unambiguous detection of physical tampering that might
compromise the TSF.
FPT_PHP.1.2
The TSF shall provide the capability to determine whether physical tampering
with the
TSF’s devices or TSF’s elements has occurred.
5.2.5.4
Resistance to Physical Attack (FPT_PHP.3)
FPT_PHP.3.1
The TSF shall resist [
a physical attack for the purpose of gaining access to the
internal components, to damage the anti‐tamper battery, to drain or exhaust