Management Functions
Updated 25 September 2024
Management functions, like Audit Events, are associated with SFRs. But NIAP PPs do not enforce this association. Management Functions may be expressed as plain text or a list of selections. The most complicated PPs generally express management functions in a Management Function Table.
In the XML, the SFR that includes the management function table should look something like this:
<f-component cc-id="fmt_smf_ext.1" name="Specification of Management Functions">
<f-element id="fmt-smf-ext-1e1">
<title>The TSF shall be capable of performing the following management functions: <h:br/><h:br/>
<h:b><ctr id="fmt_smf" ctr-type="Table">: Management Functions</ctr></h:b><h:br/><h:br/> <!-- Define the table -->
Status Markers:<h:br/> M - Mandatory<h:br/> O - Optional/Objective<h:br/> <!-- Display Status Markers -->
<management-function-set default="O"> <!-- Define columns and headers -->
<manager cid="I">Impl.</manager>
<manager cid="U">User Only</manager>
<manager cid="A">Admin</manager>
<manager cid="AO">Admin Only</manager>
.
<management-function> ... </management-function> <!-- All the management functions -->
.
</management-function-set>
</title>
</f-element>
</f-component>The above XML produces a table that looks like this (the first management function is included):
The <management-function-set> tag defines the columns and column headings. The columns can really be for anything, but generally indicate whether implementation of the management function is mandatory or optional, and what entities are permitted or required to be able to exercise the function.
The default attribute indicates the value for columns that are not specified within the individual <management-function> elements.
There is also a notes-in-table attribute. When set to yes, this attribute indicates that management-function-specific app-notes are presented as a column in the table. By default, app-notes appear after the table.
The <manager> tag is used to define the columns and assign identifiers for each column. These are used in the <management-function> tags to set the values for each column. See below.
Each management function is represented in XML by a <management-function> tag. Each function is defined by a text description, a set of column assignments, an optional application note, and an Evaluation Activity.
<management-function id="mf-pwd">
<text> <!-- Management function text -->
configure password policy:
<h:ol type="a">
<h:li>minimum password length</h:li>
<h:li>minimum password complexity</h:li>
<h:li>maximum password lifetime</h:li>
</h:ol>
</text>
<M ref="I"/> <NA ref="U"/><M ref="A"/><M ref="AO"/> <!-- Column values -->
<app-note>
Function <xref to="mf-pwd"/> must be included in the selection if blah blah is supported.
</app-note>
</app-note>
<aactivity> <!-- Evaluation Activities -->
<TSS>The evaluator shall verify
the TSS defines the allowable policy options: the range of values for both
password length and lifetime, and a description of complexity to include character
set and complexity policies (e.g., configuration and enforcement of number of
uppercase, lowercase, and special characters per password).
</TSS>
<Tests>The evaluator shall exercise the TSF configuration as the administrator and
perform positive and negative tests, with at least two values set for each
variable setting, for each of the following: <h:br/>
<h:ul>
<h:li>minimum password length</h:li>
<h:li>minimum password complexity</h:li>
<h:li>maximum password lifetime</h:li>
</h:ul>
</Tests>
</aactivity>
</management-function>The <management-function> tag may be followed immediately by one or more <depends> tags to indicate conditions under which the management function should be claimed. For example, a management function could be dependent on an SFR being claimed, or a selection elsewhere in the document. If there is no <depends> tag for a management function, it is assumed to be mandatory. If claiming of the function is at the discretion of the ST Author, then the <depends><optional/></depends> construct should be used.
All dependencies should be documented in the app-notes for the affected management functions. There is no automated documentation yet for these dependencies.
<management-function id="mf-determine-update-failure-action">
<depends on-sfr="sel-tud2-admin-det"/>
<depends on-sfr="sfr-fpt-tud-ext-3"/>
<text>
Ability to determine the action to take on update failure.
</text>
<O ref="A">
<depends on-sel="sel-tud2-admin-det"/>
<depends on-sel="sel-tud3-admin-det"/>
</O>
<O ref="U">
<depends on-sel="sel-tud2-user-det"/>
<depends on-sel="sel-tud3-user-det"/>
</O>
<app-note>
This Function must be claimed if FPT_TUD_EXT.2 or FPT_TUD_EXT.3 are claimed in
the ST.<h:p/>
The Administrator Option must be selected if "<h:i>by express determination of an [Administrator]</h:i>"
is selected in FPT_TUD_EXT.2.5 or FPT_TUD_EXT.3.4. <h:p/>
The User Option must be selected if "<h:i>by express determination of an [User]</h:i>"
is selected in FPT_TUD_EXT.2.5 or FPT_TUD_EXT.3.4.
</app-note>
<aactivity>
blah blah blah
</aactivity>
</management-function>The <text> element is straightforward.
The column assignments are little more complicated.
<M ref="I"/> <NA ref="U"/><M ref="A"/><M ref="AO"/>The above means that the column with cid="I" gets the value "M." The column with cid="U" gets the value "NA." And so on.
The following status marker tags are defined:
O - Optional/Conditional/Selection-based
M - Mandatory
NA - Not applicable
X - Not permitted
The <O> tag may have one or more associated dependencies (see the above example). These are required, for example, when an Admin must exercise the management function based on a selection.
<O ref="A">
<depends on-sel="sel-admin-rules"/>
</O>There is no need to specify <depends><optional/></depends> to indicate that the role-to-function mapping is at the discretion of the ST Author. The <O> tag already indicates that the mapping is optional by default.
All dependencies should be documented in the app-notes for the affected management functions.
The contents of the <app-note> elements for each management function are displayed after the Management Function Table unless otherwise indicted by the notes-in-table attribute of the <management-function-set> tag. It is important to reference the Function Number of the Management Function in each AppNote so that readers know to which Function the AppNote refers.