[cPP CHANGE] Move Management from Module to Base #163
Description
What is the change request for the cPP? Please describe.
There are management functions within the Server Module under FMT_SMF.1.1/Server that are more appropriate to the Base PP's FMT_SMF.1.1. The Server Module does not cover user based FIA SFRs but the Base PP does.
◦ change administrative passwords,
◦ configure and change recovery credentials,
◦ configure number of authentication attempts and failed authentication behavior,
Describe the solution you'd like
Delete the above from the Server Module and add them to the Base PP.
Include guidance that "configure number of authentication attempts and failed authentication behavior," needs to be claimed when FIA_AFL.1 is claimed.
Modify "change administrative passwords" to "change administrative credentials". This is because the PP covers more than just password based credentials. Include guidance that "change administrative credentials" needs to be claimed when FIA_UAU_EXT.2 is claimed and the credential can be managed through a TOE interface. This means that credentials managed outside the TOE (e.g. directory or configuration file accessed through the platform) does not mean this needs to be claimed.