Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 672

Security Requirements for the IT Environment
FMT_MOF.1.1 The IT environment shall restrict the ability to modify the behavior
of the functions listed in Table 4 to the authorized roles as specified in Table A-4.
Authorized Roles for Management of Security Functions Behavior
Table A-4
Section/Function
Security Audit
Identification and
Authentication
Account Administration
FMT_MSA.1 Management of security attributes
FMT_MSA.1.1 The IT environment shall enforce the CIMC IT Environment
Access Control Policy specified in "CIMC TOE Access Control Policy," on page 675
to restrict the ability to modify the security attributes [user definitions and role
assignments] to Administrators.
FMT_MSA.2 Secure security attributes
FMT_MSA.2.1 The IT environment shall ensure that only secure values are
accepted for security attributes.
FMT_MSA.3 Static attribute initialization
FMT_MSA.3.1 The IT environment shall enforce the CIMC IT Environment
Access Control Policy specified in "CIMC TOE Access Control Policy," on page 675
to provide [restrictive] default values for security attributes that are used to
enforce the SFP.
FMT_MSA.3.2 The IT environment shall allow the Administrator to specify
alternative initial values to override the default values when an object or
information is created.
FMT_MTD.1 Management of TSF data
672 Netscape Certificate Management System Administrator's Guide • February 2003
Function/Authorized Role
The capability to configure the audit parameters shall be restricted to
Administrators.
The capability to specify or change maximum authentication attempts shall be
restricted to Administrators.
The capability to change authentication mechanisms shall be restricted to
Administrators.
The capability to create user accounts and roles shall be restricted to
Administrators.
The capability to assign privileges to those accounts and roles shall be
restricted to Administrators.