Security Requirements for the IT EnvironmentAppendix A Common Criteria Environment: Security Requirements 671FIA_AFL.1.1 If authentication is not performed in a cryptographic module thathas been FIPS 140-1 validated to an overall Level of 2 or higher with Level 3 orhigher for Roles and Services, the IT environment shall detect when anAdministrator configurable maximum authentication attempts unsuccessfulauthentication attempts have occurred since the last successful authentication forthe indicated user identity.FIA_AFL.1.2 When the defined number of unsuccessful authentication attemptshas been met or surpassed, the IT environment shall [disable the correspondinguser account].FIA_ATD.1 User attribute definitionFIA_ATD.1.1 The IT environment shall maintain the following list of securityattributes belonging to individual users: the set of roles that the user is authorizedto assume, [and no other security attributes].FIA_UAU.1 Timing of authentication (iteration 1)FIA_UAU.1.1 The IT environment shall allow [HTTP and LDAP basedservices1 ] on behalf of the user to be performed before the user is authenticated.FIA_UAU.1.2 The IT environment shall require each user to be successfullyauthenticated before allowing any other IT environment-mediated actions onbehalf of that user.FIA_UID.1 Timing of identification (iteration 1)FIA_UID.1.1 The IT environment shall allow [HTTP and LDAP based services]on behalf of the user to be performed before the user is identified.FIA_UID.1.2 The IT environment shall require each user to be successfullyidentified before allowing any other IT environment-mediated actions on behalf ofthat user.FIA_USB.1 User-subject binding (iteration 1)FIA_USB.1.1 The IT environment shall associate the appropriate user securityattributes with subjects acting on behalf of that user.Security management (FMT)FMT_MOF.1 Management of security functions behavior (iteration 1)1. These are the services that are controlled by CMS6.1 and are not subject tomediation by the IT environment.
