The followings are my examples for Access Control SFRs using the “Plain English” approach.
The original FDP_ACC.1 in CCv3 is:
FDP_ACC.1 Access control
Hierarchical to: No other components.
Dependencies: FDP_ISA.1 Security attribute initialisation
FDP_ACC.1.1 The TSF shall [selection: allow, disallow] an operation of a subject on an
object [selection: if, if and only if] [assignment: rules for operations, based
on security attributes of the subjects and objects].
1.1.1.1
FDP_ACC.1 (1) Access control
FDP_ACC.1.1
The TSF shall allow an operation blocking or unblocking of a
subject Network Transmission or Receiving Process bound to a
user on an object Inbound or Outbound Network Traffic
[selection: if] [assignment: The TSF shall enforce network
information flow rules, based on the security attributes of the
subjects and objects.]
Dependencies: FDP_ISA.1(1&2) Security attribute initialization
The original Security Attribute Initialization SFR in CCv3 is:
FDP_ISA.1 Security attribute initialisation
Hierarchical to: No other components.
Dependencies: FDP_ACC.1 Access control
FDP_ISA.1.1
The TSF shall [selection: use the following rules [assignment: rules] to
assign an initial value , assign the value [assignment: value]] to the
security attribute [assignment: security attribute] whenever a
[assignment: object or subject] is created.
Here is my proposal to the corresponding SAI SFR for FDP_ACC.1(1) above:
FDP_ISA.1(1) Security attribute initialization
FDP_ISA.1.1 The TSF shall [selection: use the following rules [assignment: Use the
current configuration setting of the security attributes for a Network
Transmission or Receiving Process bound to a user at any time] to
assign the value [assignment: current configured value]] to the security
attribute [assignment: any in the following list – port, protocol, source
and destination IP or MAC address, other security attributes]
whenever a [assignment: Network Transmission or Receiving Process
bound to a user] is created.
1.1.1.2
FDP_ACC.1 (2) Access control
FDP_ACC.1.1
The TSF shall allow an operation Configuration of a subject the
Network Interface Configuration Process bound to a user on an
object in the following list: port, protocol, service, IP address,
MAC address, other security attributes of the subject,
[selection: if] [assignment: The user bound to the Network
Interface Configuration Process is properly authenticated,
based on the security attributes of the subjects and objects.]
Dependencies: FDP_ISA.1(2) Security attribute initialization
Here is the corresponding ISA SFR to FDP_ACC.1 (2)
FDP_ISA.1(2) Security attribute initialisation
FDP_ISA.1.1
1.1.1.3
The TSF shall [selection: use the following rules [assignment: Disable all
unused ports, protocols, services at startup] to assign an initial value
‘disabled’] to the security attribute [assignment: any of the following
security attributes – unused port, protocol, service] whenever a
[assignment: Network Interface Configuration Initialization Process]
is created.
FDP_ACC.1 (3) Access control
FDP_ACC.1.1
The TSF shall allow an operation in the following sets for the
corresponding subjects and objects listed later:
1) print, copy, scan, fax, configuration, update, view, modify, delete, store,
retrieve, other operations
2) configuration, update, view, modify, delete, store, retrieve, other operations
3) installation, configuration, update, modify, other operations
of a subject a process bound to a human user, PC/ workstation, or server
on an object in the following list corresponding to operation sets listed above:
1) User Document Data,
2) User Function Data, Management Data
3) firmware
[selection: if and only if] [assignment: The user bound to the subject is properly
authenticated, based on the security attributes of the subjects and
objects.]
Dependencies: FDP_ISA.1 Security attribute initialization
PP Application Notes:
1) The security attributes of the object could include: the PIN code or password
and/or other information used for authorization of the operation on the object.
Here is my proposal to the corresponding SAI SFR for FDP_ACC.1(3) above:
FDP_ISA.1(3) Security attribute initialization
FDP_ISA.1.1
1.1.1.4
The TSF shall [selection: use the following rules [assignment: a role-based
access control ] to assign the value [assignment: value]] to the security
attribute [assignment: any security attribute in the following list –
Security Role, other security attributes] whenever a [assignment: a
process bound to a human user, PC/workstation, or server] is created.
FDP_ACC.1 (4) Access control
FDP_ACC.1.1
The TSF shall allow an operation Encryption of a subject Process
that transmits or receives Management Data on an object User Credentials
[selection: if and only if] [assignment: When user credentials are being
transmitted over a communication path, based on the security attributes of the
subjects and objects.]
Dependencies: FDP_ISA.1(4 & 5) Security attribute initialization
Here is my proposal to the corresponding SAI SFR for FDP_ACC.1(4) above:
FDP_ISA.1(4) Security attribute initialisation
FDP_ISA.1.1
The TSF shall [selection: use the following rules [assignment: Use the
current configuration settings of the security attributes of a Process
that transmits or receives Management Data] to assign the value
[assignment: current configured value] to the security attribute
[assignment: any of the security attributes – protocol, encryption key,
encryption algorithm of the protocol] whenever a [assignment: a
Process that transmits or receives Management Data] is created.
FDP_ISA.1(5) Security attribute initialisation
FDP_ISA.1.1
The TSF shall [selection: use the following rules [assignment: Use an input
value by an authorized user at initial configuration according to
operational environment’s network security policy] to assign an initial
value [assignment: an input value by an authorized user] to the security
attribute [assignment: any of the following security attributes –
protocol, encryption key, encryption algorithm of the protocol]
whenever a [assignment: Network Interface Configuration
Initialization Process] is created.