The followings are my examples for Access Control SFRs using the “Plain English” approach. The original FDP_ACC.1 in CCv3 is: FDP_ACC.1 Access control Hierarchical to: No other components. Dependencies: FDP_ISA.1 Security attribute initialisation FDP_ACC.1.1 The TSF shall [selection: allow, disallow] an operation of a subject on an object [selection: if, if and only if] [assignment: rules for operations, based on security attributes of the subjects and objects]. 1.1.1.1 FDP_ACC.1 (1) Access control FDP_ACC.1.1 The TSF shall allow an operation blocking or unblocking of a subject Network Transmission or Receiving Process bound to a user on an object Inbound or Outbound Network Traffic [selection: if] [assignment: The TSF shall enforce network information flow rules, based on the security attributes of the subjects and objects.] Dependencies: FDP_ISA.1(1&2) Security attribute initialization The original Security Attribute Initialization SFR in CCv3 is: FDP_ISA.1 Security attribute initialisation Hierarchical to: No other components. Dependencies: FDP_ACC.1 Access control FDP_ISA.1.1 The TSF shall [selection: use the following rules [assignment: rules] to assign an initial value , assign the value [assignment: value]] to the security attribute [assignment: security attribute] whenever a [assignment: object or subject] is created. Here is my proposal to the corresponding SAI SFR for FDP_ACC.1(1) above: FDP_ISA.1(1) Security attribute initialization FDP_ISA.1.1 The TSF shall [selection: use the following rules [assignment: Use the current configuration setting of the security attributes for a Network Transmission or Receiving Process bound to a user at any time] to assign the value [assignment: current configured value]] to the security attribute [assignment: any in the following list – port, protocol, source and destination IP or MAC address, other security attributes] whenever a [assignment: Network Transmission or Receiving Process bound to a user] is created. 1.1.1.2 FDP_ACC.1 (2) Access control FDP_ACC.1.1 The TSF shall allow an operation Configuration of a subject the Network Interface Configuration Process bound to a user on an object in the following list: port, protocol, service, IP address, MAC address, other security attributes of the subject, [selection: if] [assignment: The user bound to the Network Interface Configuration Process is properly authenticated, based on the security attributes of the subjects and objects.] Dependencies: FDP_ISA.1(2) Security attribute initialization Here is the corresponding ISA SFR to FDP_ACC.1 (2) FDP_ISA.1(2) Security attribute initialisation FDP_ISA.1.1 1.1.1.3 The TSF shall [selection: use the following rules [assignment: Disable all unused ports, protocols, services at startup] to assign an initial value ‘disabled’] to the security attribute [assignment: any of the following security attributes – unused port, protocol, service] whenever a [assignment: Network Interface Configuration Initialization Process] is created. FDP_ACC.1 (3) Access control FDP_ACC.1.1 The TSF shall allow an operation in the following sets for the corresponding subjects and objects listed later: 1) print, copy, scan, fax, configuration, update, view, modify, delete, store, retrieve, other operations 2) configuration, update, view, modify, delete, store, retrieve, other operations 3) installation, configuration, update, modify, other operations of a subject a process bound to a human user, PC/ workstation, or server on an object in the following list corresponding to operation sets listed above: 1) User Document Data, 2) User Function Data, Management Data 3) firmware [selection: if and only if] [assignment: The user bound to the subject is properly authenticated, based on the security attributes of the subjects and objects.] Dependencies: FDP_ISA.1 Security attribute initialization PP Application Notes: 1) The security attributes of the object could include: the PIN code or password and/or other information used for authorization of the operation on the object. Here is my proposal to the corresponding SAI SFR for FDP_ACC.1(3) above: FDP_ISA.1(3) Security attribute initialization FDP_ISA.1.1 1.1.1.4 The TSF shall [selection: use the following rules [assignment: a role-based access control ] to assign the value [assignment: value]] to the security attribute [assignment: any security attribute in the following list – Security Role, other security attributes] whenever a [assignment: a process bound to a human user, PC/workstation, or server] is created. FDP_ACC.1 (4) Access control FDP_ACC.1.1 The TSF shall allow an operation Encryption of a subject Process that transmits or receives Management Data on an object User Credentials [selection: if and only if] [assignment: When user credentials are being transmitted over a communication path, based on the security attributes of the subjects and objects.] Dependencies: FDP_ISA.1(4 & 5) Security attribute initialization Here is my proposal to the corresponding SAI SFR for FDP_ACC.1(4) above: FDP_ISA.1(4) Security attribute initialisation FDP_ISA.1.1 The TSF shall [selection: use the following rules [assignment: Use the current configuration settings of the security attributes of a Process that transmits or receives Management Data] to assign the value [assignment: current configured value] to the security attribute [assignment: any of the security attributes – protocol, encryption key, encryption algorithm of the protocol] whenever a [assignment: a Process that transmits or receives Management Data] is created. FDP_ISA.1(5) Security attribute initialisation FDP_ISA.1.1 The TSF shall [selection: use the following rules [assignment: Use an input value by an authorized user at initial configuration according to operational environment’s network security policy] to assign an initial value [assignment: an input value by an authorized user] to the security attribute [assignment: any of the following security attributes – protocol, encryption key, encryption algorithm of the protocol] whenever a [assignment: Network Interface Configuration Initialization Process] is created.