B.4.3. Security Objectives for Both the Target of Evaluation and the Environment

This section specifies the security objectives that are jointly addressed by the target of evaluation and the environment. While normally security objectives are assigned to the target of evaluation or the environment, but not both, the CIMC-BR-PP introduces this set of jointly addressed security objectives. That information serves to differentiate the specific expectations for the target of evaluation and its environment relative to these objectives.
O. Configuration Management
Implement a configuration management plan. Implement configuration management to assure identification of system connectivity (software, hardware, and firmware), and components (software, hardware, and firmware), auditing of configuration data, and controlling changes to configuration items.
O. Data Import/Export
Protect data assets when they are being transmitted to and from the target of evaluation, either through intervening untrusted components or directly to/from human users.
O. Detect Modifications of Firmware, Software, and Backup Data
Provide integrity protection to detect modifications to firmware, software, and backup data.
O. Individual Accountability and Audit Records
Provide individual accountability for audited events. Record in audit records: date and time of action and the entity responsible for the action.
O. Integrity Protection of User Data and Software
Provide appropriate integrity protection for user data and software.
O. Limitation of Administrative Access
Design administrative functions so that administrators, operators, officers, and auditors do not automatically have access to user objects, except for necessary exceptions. Control access to the system by operators and administrators who troubleshoot the system and perform system updates.
O. Maintain User Attributes
Maintain a set of security attributes — which may include role membership or access privileges — associated with individual users. This is in addition to user identity.
O. Manage Behavior of Security Functions
Provide management functions to configure, operate, and maintain the security mechanisms.
O. Object and Data Recovery Free from Malicious Code
Recover to a viable state after malicious code is introduced and damage occurs. That state must be free from the original malicious code.
O. Procedures for Preventing Malicious Code
Incorporate malicious code prevention procedures and mechanisms.
O. Protect Stored Audit Records
Protect audit records against unauthorized access, modification, or deletion to ensure accountability of user actions.
O. Protect User and Target Security Functions Data During Internal Transfer
Ensure the integrity of user and target security functions data transferred internally within the system.
O. Require Inspection for Downloads
Require inspection of downloads/transfers.
O. Respond to Possible Loss of Stored Audit Records
Respond to possible loss of audit records when audit trail storage is full or nearly full by restricting auditable events.
O. Restrict Actions Before Authentication
Restrict the actions a user may perform before the target of evaluation authenticates the identity of the user.
O. Security-Relevant Configuration Management
Manage and update system security policy data and enforcement functions, and other security-relevant configuration data, to ensure they are consistent with organizational security policies.
O. Timestamps
Provide timestamps to ensure that the sequencing of events can be verified.
O. User Authorization Management
Manage and update user authorization and privilege data to ensure they are consistent with organizational security and personnel policies.
O. React to Detected Attacks
Implement automated notification (or other responses) to the target security functions-discovered attacks in an effort to identify attacks and to create an attack deterrent.