• No results found

Part 2: Security functional requirements Cryptographic key management

7 Class FIA: Identification and authentication

7.4 User authentication (FIA_UAU)

FIA_UAU User authentication

Family behaviour

268 This family defines the types of user authentication mechanisms supported by the TSF. This family also defines the required attributes on which the user authentication mechanisms must be based.

Component levelling

269 FIA_UAU.1 Timing of authentication, allows a user to perform certain actions prior to the authentication of the user’s identity.

270 FIA_UAU.2 User authentication before any action, requires that users authenticate themselves before any action will be allowed by the TSF.

271 FIA_UAU.3 Unforgeable authentication, requires the authentication mechanism to be able to detect and prevent the use of authentication data that has been forged or copied.

272 FIA_UAU.4 Single-use authentication mechanisms, requires an authentication mechanism that operates with single-use authentication data.

273 FIA_UAU.5 Multiple authentication mechanisms, requires that different authentication mechanisms be provided and used to authenticate user identities for specific events.

274 FIA_UAU.6 Re-authenticating, requires the ability to specify events for which the user needs to be re-authenticated.

275 FIA_UAU.7 Protected authentication feedback, require that only limited feedback information is provided to the user during the authentication.

2

4 FIA_UAU User authentication

1

5 3

6

7

User authentication (FIA_UAU) 7 - Class FIA: Identification and authentication

Management: FIA_UAU.1

276 The following actions could be considered for the management functions in FMT:

a) management of the authentication data by an administrator;

b) management of the authentication data by the associated user;

c) managing the list of actions that can be taken before the user is authenticated.

Management: FIA_UAU.2

277 The following actions could be considered for the management functions in FMT:

a) management of the authentication data by an administrator;

b) management of the authentication data by the user associated with this data.

Management: FIA_UAU.3, FIA_UAU.4, FIA_UAU.7

278 There are no management activities foreseen.

Management: FIA_UAU.5

279 The following actions could be considered for the management functions in FMT:

a) the management of authentication mechanisms;

b) the management of the rules for authentication.

Management: FIA_UAU.6

280 The following actions could be considered for the management functions in FMT:

a) if an authorised administrator could request re-authentication, the management includes a re-authentication request.

Audit: FIA_UAU.1

281 The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

a) Minimal: Unsuccessful use of the authentication mechanism;

b) Basic: All use of the authentication mechanism;

c) Detailed: All TSF mediated actions performed before authentication of the user.

7 - Class FIA: Identification and authentication User authentication (FIA_UAU)

Page 88 of 354 Version 2.1 August 1999

Audit: FIA_UAU.2

282 The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

a) Minimal: Unsuccessful use of the authentication mechanism;

b) Basic: All use of the authentication mechanism.

Audit: FIA_UAU.3

283 The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

a) Minimal: Detection of fraudulent authentication data;

b) Basic: All immediate measures taken and results of checks on the fraudulent data.

Audit: FIA_UAU.4

284 The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

a) Minimal: Attempts to reuse authentication data.

Audit: FIA_UAU.5

285 The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

a) Minimal: The final decision on authentication;

b) Basic: The result of each activated mechanism together with the final decision.

Audit: FIA_UAU.6

286 The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

a) Minimal: Failure of reauthentication;

b) Basic: All reauthentication attempts.

Audit: FIA_UAU.7

287 There are no auditable events foreseen.

User authentication (FIA_UAU) 7 - Class FIA: Identification and authentication

FIA_UAU.1 Timing of authentication

Hierarchical to: No other components.

FIA_UAU.1.1 The TSF shall allow [assignment: list of TSF mediated actions] on behalf of the user to be performed before the user is authenticated.

FIA_UAU.1.2 The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user.

Dependencies: FIA_UID.1 Timing of identification FIA_UAU.2 User authentication before any action

Hierarchical to: FIA_UAU.1

FIA_UAU.2.1 The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user.

Dependencies: FIA_UID.1 Timing of identification FIA_UAU.3 Unforgeable authentication

Hierarchical to: No other components.

FIA_UAU.3.1 The TSF shall [selection: detect, prevent] use of authentication data that has been forged by any user of the TSF.

FIA_UAU.3.2 The TSF shall [selection: detect, prevent] use of authentication data that has been copied from any other user of the TSF.

Dependencies: No dependencies

FIA_UAU.4 Single-use authentication mechanisms Hierarchical to: No other components.

FIA_UAU.4.1 The TSF shall prevent reuse of authentication data related to [assignment:

identified authentication mechanism(s)].

Dependencies: No dependencies FIA_UAU.5 Multiple authentication mechanisms

Hierarchical to: No other components.

FIA_UAU.5.1 The TSF shall provide [assignment: list of multiple authentication mechanisms]

to support user authentication.

7 - Class FIA: Identification and authentication User authentication (FIA_UAU)

Page 90 of 354 Version 2.1 August 1999

FIA_UAU.5.2 The TSF shall authenticate any user’s claimed identity according to the [assignment: rules describing how the multiple authentication mechanisms provide authentication].

Dependencies: No dependencies FIA_UAU.6 Re-authenticating

Hierarchical to: No other components.

FIA_UAU.6.1 The TSF shall re-authenticate the user under the conditions [assignment: list of conditions under which re-authentication is required].

Dependencies: No dependencies FIA_UAU.7 Protected authentication feedback

Hierarchical to: No other components.

FIA_UAU.7.1 The TSF shall provide only [assignment: list of feedback] to the user while the authentication is in progress.

Dependencies: FIA_UAU.1 Timing of authentication

User identification (FIA_UID) 7 - Class FIA: Identification and authentication

Related documents