Specifications
38
5.2 Security Objectives for the Environment
The assumptions identified above are incorporated as security objectives for the environment.
They levy additional requirements on the environment, which are largely satisfied through
procedural or administrative measures. Table 13 identifies the security objectives for the
environment.
Table 12 Security Objectives for the Environment
Name
IT Environment Security Objective
OE.AUDIT_PROTECTION
The IT Environment will provide the capability to protect audit
information and the authentication credentials.
OE.AUDIT_REVIEW
The IT Environment will provide the capability to selectively
view audit information.
OE.MANAGE
The TOE IT environment will augment the TOE functions and
facilities necessary to support the administrators in their
management of the security of the TOE, and restrict these
functions and facilities from unauthorized use.
OE.NO_EVIL
Sites using the TOE shall ensure that administrators are non-
hostile, appropriately trained and follow all administrator
guidance.
OE.NO_GENERAL_PURPOSE
There are no general-purpose computing or storage repository
capabilities (e.g., compilers, editors, or user applications)
available on the TOE.
OE.PHYSICAL
The environment provides physical security, commensurate
with the value of the TOE and the data it contains.
OE.PROTECT_MGMT_COMMS
The IT environment shall protect the transport of audit records
to the audit server, remote network management, and
authentication server communications with the TOE and time
service in a manner that is commensurate with the risks posed
to the network.
OE.RESIDUAL_INFORMATION
The TOE IT Environment will ensure that any information
contained in a protected resource within its Scope of Control is
not released when the resource is reallocated.
OE.SELF_PROTECTION
The IT environment will maintain a domain for its own
execution that protects itself and its resources from external
interference, tampering, or unauthorized disclosure through its
own interfaces.
OE.TOE_ACCESS
The IT environment will provide mechanisms that support the
TOE in providing user’s logical access to the TOE.