AC-4(1)
|
Information Flow Enforcement
Object Security Attributes
|
FDP_IFC.2
|
Information Flow Control Policy
Complete Information Flow Control
|
AC-3
|
Access Enforcement
|
AC-3(3)
|
Access Enforcement
Mandatory Access Control
|
AC-4
|
Information Flow Enforcement
|
FDP_IFF.1
|
Information Flow Control Functions
Simple Security Attributes
|
AC-3
|
Access Enforcement
|
AC-3(3)
|
Access Enforcement
Mandatory Access Control
|
AC-4
|
Information Flow Enforcement
|
AC-4(1)
|
Information Flow Enforcement
Object Security Attributes
|
AC-4(2)
|
Information Flow Enforcement
Processing Domains
|
AC-4(7)
|
Information Flow Enforcement
One-Way Flow Mechanisms
|
AC-16
|
Security Attributes
|
SC-7
|
Boundary Protection
|
FDP_IFF.2
|
Information Flow Control Functions
Hierarchical Security Attributes
|
AC-3
|
Access Enforcement
|
AC-3(3)
|
Access Enforcement
Mandatory Access Control
|
AC-4(1)
|
Information Flow Enforcement
Object Security Attributes
|
AC-16
|
Security Attributes
|
FDP_IFF.3
|
Information Flow Control Functions
Limited Illicit Information Flows
|
SC-31
|
Covert Channel Analysis
|
SC-31(2)
|
Covert Channel Analysis
Maximum Bandwidth
|
FDP_IFF.4
|
Information Flow Control Functions
Partial Elimination of Illicit Information Flows
|
SC-31
|
Covert Channel Analysis
|
SC-31(2)
|
Covert Channel Analysis
Maximum Bandwidth
|
FDP_IFF.5
|
Information Flow Control Functions
No Illicit Information Flows
|
SC-31
|
Covert Channel Analysis
|
SC-31(2)
|
Covert Channel Analysis
Maximum Bandwidth
|
FDP_IFF.6
|
Information Flow Control Functions
Illicit Information Flow Monitoring
|
SC-31
|
Covert Channel Analysis
|
SI-4(18)
|
Information System Monitoring
Analyze Traffic / Covert Exfiltration
|
FDP_ITC.1
|
Import from Outside of the TOE
Import of User Data without Security Attributes
|
AC-4(9)
|
Information Flow Enforcement
Human Reviews
|
AC-4(12)
|
Information Flow Enforcement
Data Type Identifiers
|
FDP_ITC.2
|
Import from Outside of the TOE
Import of User Data with Security Attributes
|
AC-4(18)
|
Information Flow Enforcement
Security Attribute Binding
|
AC-16
|
Security Attributes
|
SC-16
|
Transmission of Security Attributes
|
FDP_ITT.1
|
Internal TOE Transfer
Basic Internal Transfer Protection
|
SC-8
|
Transmission Confidentiality and Integrity
|
SC-8(1)
|
Transmission Confidentiality and Integrity
Cryptographic or Alternate Physical Protection
|
SC-5
|
Denial of Service Protection
|
FDP_ITT.2
|
Internal TOE Transfer
Transmission Separation by Attribute
|
SC-8
|
Transmission Confidentiality and Integrity
|
SC-8(1)
|
Transmission Confidentiality and Integrity
Cryptographic or Alternate Physical Protection
|
SC-5
|
Denial of Service Protection
|
AC-4(21)
|
Information Flow Enforcement
Physical / Logical Separation of Information Flows
|
FDP_ITT.3
|
Internal TOE Transfer
Integrity Monitoring
|
SI-7
|
Software, Firmware, and Information Integrity
|
SI-7(1)
|
Software, Firmware, and Information Integrity
Integrity Checks
|
SC-8(1)
|
Transmission Integrity
Cryptographic or Alternate Physical Protection
|
SI-7(5)
|
Software, Firmware, and Information Integrity
Automated Response to Integrity Violations
|
FDP_ITT.4
|
Internal TOE Transfer
Attribute-Based Integrity Monitoring
|
SI-7
|
Software, Firmware, and Information Integrity
|
SI-7(1)
|
Software, Firmware, and Information Integrity
Integrity Checks
|
SC-8(1)
|
Transmission Integrity
Cryptographic or Alternate Physical Protection
|
AC-4(21)
|
Information Flow Enforcement
Physical / Logical Separation of Information Flows
|
SI-7(5)
|
Software, Firmware, and Information Integrity
Automated Response to Integrity Violations
|
FDP_RIP.1
|
Residual Information Protection
Subset Residual Information Protection
|
SC-4
|
Information in Shared Resources
|
FDP_RIP.2
|
Residual Information Protection
Full Residual Information Protection
|
SC-4
|
Information in Shared Resources
|
FDP_ROL.1
|
Rollback
Basic Rollback
|
CP-10(2)
|
Information System Recovery and Reconstitution
Transaction Recovery
|
FDP_ROL.2
|
Rollback
Advanced Rollback
|
CP-10(2)
|
Information System Recovery and Reconstitution
Transaction Recovery
|
FDP_SDI.1
|
Stored Data Integrity
Stored Data Integrity Monitoring
|
SI-7
|
Software, Firmware, and Information Integrity
|
SI-7(1)
|
Software, Firmware, and Information Integrity
Integrity Scans
|
FDP_SDI.2
|
Stored Data Integrity
Stored Data Integrity Monitoring and Action
|
SI-7
|
Software, Firmware, and Information Integrity
|
SI-7(1)
|
Software, Firmware, and Information Integrity
Integrity Scans
|
SI-7(5)
|
Software, Firmware, and Information Integrity
Automated Response to Integrity Violations
|
FDP_UCT.1
|
Inter-TSF User Data Confidentiality Transfer Protection
Basic Data Exchange Confidentiality
|
SC-8
|
Transmission Confidentiality and Integrity
|
SC-8(1)
|
Transmission Confidentiality and Integrity
Cryptographic or Alternate Physical Protection
|
FDP_UIT.1
|
Inter-TSF User Data Integrity Transfer Protection
Data Exchange Integrity
|
SC-8
|
Transmission Confidentiality and Integrity
|
SC-8(1)
|
Transmission Confidentiality and Integrity
Cryptographic or Alternate Physical Protection
|
SI-7
|
Software, Firmware, and Information Integrity
|
SI-7(6)
|
Software, Firmware, and Information Integrity
Cryptographic Protection
|
FDP_UIT.2
|
Inter-TSF User Data Integrity Transfer Protection
Source Data Exchange Recovery
|
No Mapping.
|
FDP_UIT.3
|
Inter-TSF User Data Integrity Transfer Protection
Destination Data Exchange Recovery
|
No Mapping.
|
FIA_AFL.1
|
Authentication Failure
Authentication Failure Handling
|
AC-7
|
Unsuccessful Logon Attempts
|
FIA_ATD.1
|
User Attribute Definition
User Attribute Definition
|
AC-2
|
Account Management
|
IA-2
|
Identification and Authentication (Organizational Users)
|
FIA_SOS.1
|
Specification of Secrets
Verification of Secrets
|
IA-5
|
Authenticator Management
|
IA-5(1)
|
Authenticator Management
Password-Based Authentication
|
IA-5(12)
|
Authenticator Management
Biometric Authentication
|
FIA_SOS.2
|
Specification of Secrets
TSF Generation of Secrets
|
IA-5
|
Authenticator Management
|
IA-5(1)
|
Authenticator Management
Password-Based Authentication
|
IA-5(12)
|
Authenticator Management
Biometric Authentication
|
FIA_UAU.1
|
User Authentication
Timing of Authentication
|
AC-14
|
Permitted Actions without Identification or Authentication
|
IA-2
|
Identification and Authentication (Organizational Users)
|
IA-8
|
Identification and Authentication (Non-Organizational Users)
|
FIA_UAU.2
|
User Authentication
User Authentication Before Any Action
|
AC-14
|
Permitted Actions without Identification or Authentication
|
IA-2
|
Identification and Authentication (Organizational Users)
|
IA-8
|
Identification and Authentication (Non-Organizational Users)
|
FIA_UAU.3
|
User Authentication
Unforgeable Authentication
|
IA-2(8)
|
Identification and Authentication (Organizational Users)
Network Access To Privileged Accounts - Replay Resistant
|
IA-2(9)
|
Identification and Authentication (Organizational Users)
Network Access To Non-Privileged Accounts - Replay Resistant
|
FIA_UAU.4
|
User Authentication
Single-Use Authentication Mechanisms
|
IA-2(8)
|
Identification and Authentication (Organizational Users)
Network Access To Privileged Accounts - Replay Resistant
|
IA-2(9)
|
Identification and Authentication (Organizational Users)
Network Access To Non-Privileged Accounts - Replay Resistant
|
FIA_UAU.5
|
User Authentication
Multiple Authentication Mechanisms
|
IA-2(1)
|
Identification and Authentication (Organizational Users)
Network Access To Privileged Accounts
|
IA-2(2)
|
Identification and Authentication (Organizational Users)
Network Access To Non-Privileged Accounts
|
IA-2(3)
|
Identification and Authentication (Organizational Users)
Local Access To Privileged Accounts
|
IA-2(4)
|
Identification and Authentication (Organizational Users)
Local Access To Non-Privileged Accounts
|
IA-2(6)
|
Identification and Authentication (Organizational Users)
Network Access To Privileged Accounts - Separate Device
|
IA-2(7)
|
Identification and Authentication (Organizational Users)
Network Access To Non-Privileged Accounts - Separate Device
|
IA-2(11)
|
|
