CIMC TOE Access Control Policy
The TOE shall support the administration and enforcement of a CIMC TOE access control
policy that provides the capabilities described below.
Subjects (human users) will be granted access to objects (data/files) based upon the:
Identity of the subject requesting access,
1.
Role (or roles) the subject is authorized to assume,
2.
Type of access requested,
3.
Content of the access request, and,
4.
Possession of a secret or private key, if required.
5.
Subject identification includes:
•
Individuals with different access authorizations
•
Roles with different access authorizations
•
Individuals assigned to one or more roles with different access authorizations
Access type, with explicit allow or deny:
•
Read
•
Write
•
Execute
For each object, an explicit owning subject and role will be identified. Also, the assignment
and management of authorizations will be the responsibility of the owner of an object or a
role(s), as specified in this PP.
Appendix A
Common Criteria Environment: Security Requirements
Security Requirements for the IT Environment
687