B.5.2. Target of Evaluation Security Functional Requirements

This section specifies the security requirements that are applicable to CIMC functionality, such as key management, certificate registration, and CIMC configuration and management functions.
Note that the iteration identifiers in this section are consistent with the CIMC-BR-PP and as such include reference to those CIMC-BR-PP requirements for the IT environment (as opposed to the target of evaluation) reproduced in section and not necessarily considered requirements in the context of this security target.

Table B.2. CIMC Target of Evaluation Functional Security Requirements

Security Functional Class Security Functional Components
Security Audit (FAU)
FAU_GEN.1 Audit data generation (iteration 2)
FAU_GEN.2 User identity association (iteration 2)
FAU_SEL.1 Selective audit (iteration 2)
FAU_STG.1 Protected audit trail storage (iteration 2)
FAU_STG.4 Prevention of audit data loss (iteration 2)
Communication (FCO)
FCO_NRO_CIMC.3 Enforced proof of origin and verification of origin
FCO_NRO_CIMC.4 Advanced verification of origin
Cryptographic support (FCS)
FCS_CKM_CIMC.5 CIMC private and secret key zeroization
FCS_SOF_CIMC.1 CIMC Strength of Functions
User Data Protection (FDP)
FDP_ACC.1 Subset access control (iteration 2)
FDP_ACF.1 Security attribute based access control (iteration 2)
FDP_ACF_CIMC.2 User private key confidentiality protection
FDP_ACF_CIMC.3 User secret key confidentiality protection
FDP_CIMC_CER.1 Certificate Generation
FDP_CIMC_CRL.1 Certificate Revocation
FDP_CIMC_CSE.1 Certificate status export
FDP_CIMC_OCSP.1 Basic Response Validation
FDP_ETC_CIMC.5 Extended user private and secret key export
FDP_ITT.1 Basic internal transfer protection (iterations 3 and 4)
FDP_SDI_CIMC.3 Stored public key integrity monitoring and action
FDP_UCT.1 Basic data exchange confidentiality (iteration 2)
Identification and authentication (FIA)
FIA_UAU.1 Timing of authentication (iteration 2)
FIA_UID.1 Timing of identification (iteration 2)
FIA_USB.1 User-subject binding (iteration 2)
Security management (FMT)
FMT_MOF.1 Management of security functions behavior (iteration 2)
FMT_MOF_CIMC.3 Extended certificate profile management
FMT_MOF_CIMC.5 Extended certificate revocation list profile management
FMT_MOF_CIMC.6 OCSP Profile Management
FMT_MTD_CIMC.4 TSF private key confidentiality protection
FMT_MTD_CIMC.5 TSF secret key confidentiality protection
FMT_MTD_CIMC.7 Extended TSF private and secret key export
Protection of the target security functions (FPT)
FPT_CIMC_TSP.1 Audit log signing event
FPT_ITC.1 Inter-TSF confidentiality during transmission (iteration 2)
FPT_ITT.1 Basic internal TSF data transfer protection (iterations 3 and 4)
FPT_RVM.1 Non-bypassability of the TSP (iteration 2)
FPT_STM.1 Reliable time stamps (iteration 2)

B.5.2.1. Security Audit (FAU)

FAU_GEN.1 Audit data generation (iteration 2)
FAU_GEN.1.1
The target security functions shall be able to generate an audit record of the following auditable events:
  1. Startup and shutdown of the audit functions
  2. All auditable events for the [minimum] level of audit logging
FAU_GEN.1.2
The target security functions shall record within each audit record at least the following information:
  1. Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event
  2. For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [the information specified in the "Additional Details" column in Table B.3, “Auditable Events and Audit Data”]. Additionally, the audit shall not include plaintext private or secret keys or other critical security parameters.

Table B.3. Auditable Events and Audit Data

Section/Function Component Event Additional Details
Security Audit FAU_GEN.1 Audit data generation (iteration 2) Any changes to the audit parameters, such as audit frequency, type of event audited, or an attempt to delete the audit log
FPT_CIMC_TSP.1 Audit log signing event Digital signature, keyed hash, or authentication code shall be included in the audit log.
Local Data Entry All security-relevant data that is entered in the system The identity of the data entry individual if the entered data is linked to any other data, such as clicking an accept button. This shall be included with the accepted data.
Remote Data Entry All security-relevant messages that are received by the system
Data Export and Output All successful and unsuccessful requests for confidential and security-relevant information
Key Generation FCS_CKM.1 Cryptographic Key Generation Whenever the target security functions requests generation of a cryptographic key. (Not mandatory for single session or one-time use symmetric keys.) The public component of any asymmetric key pair generated
Private Key Load The loading of Component private keys
Private Key Storage All access to certificate subject private keys retained within the target of evaluation for key recovery purposes
Trusted Public Key Entry, Deletion and Storage All changes to the trusted public keys, including additions and deletions The public key and all information associated with the key
Secret Key Storage The manual entry of secret keys used for authentication
Private and Secret Key Export
FDP_ETC_CIMC.5 Extended user private and secret key export
FMT_MTD_CIMC.7 Extended TSF private and secret key export
The export of private and secret keys (keys used for a single session or message are excluded)
Certificate Registration FDP_CIMC_CER.1 Certificate Generation All certificate requests If accepted, a copy of the certificate. If rejected, the reason for rejection, such as invalid data or the request was rejected by an officer.
Certificate Status Change Approval All requests to change the status of a certificate Whether the request was accepted or rejected.
CIMC Configuration Any security-relevant changes to the configuration of the target security functions.
Certificate Profile Management FMT_MOF_CIMC.3 Extended certificate profile management All changes to the certificate Profile The changes made to the Profile
Revocation Profile Management All changes to the revocation profile The changes made to the Profile
Certificate Revocation List Profile Management FMT_MOF_CIMC.5 Extended certificate revocation list profile management All changes to the certificate revocation list profile The changes made to the profile
Online Certificate Status Protocol (OCSP) Profile Management FMT_MOF_CIMC.6 OCSP Profile Management All changes to the OCSP profile The changes made to the Profile

FAU_GEN.2 User identity association (iteration 2)
FAU_GEN.2.1
For audit events resulting from actions of identified users, the target security functions shall be able to associate each auditable event with the identity of the user that caused the event.
FAU_SEL.1 Selective audit (iteration 2)
FAU_SEL.1.1
The target security functions shall be able to select the set of audited events from the set of all auditable events based on the following attributes:
  1. [event type]
  2. [no additional attributes]
FAU_STG.1 Protected audit trail storage (iteration 2)
FAU_STG.1.1
The target security functions shall protect the stored audit records in the audit trail from unauthorized deletion.
FAU_STG.1.2
The target security functions shall be able to [detect] unauthorized modifications to the stored audit records in the audit trail.
FAU_STG.4 Prevention of audit data loss (iteration 2)
FAU_STG.4.1
The target security functions shall [prevent audited events, except those taken by the auditor,] and [no other action], if the audit trail is full.