Management activities are incorrectly handled in FPT_PHP.1. CC v2.1 indicates that FPT_PHP.1 is dependent on FMT_MOF.1. However, FPT_PHP.1 does not require user roles to be present in order to determine whether physical tampering has occurred, although a management function could be considered for such a role.

Interpretation

FPT_PHP.1 is not dependent on FMT_MOF.1, although inclusion of the FPT_PHP.1 component in a PP or ST could require a management function for the user or role that determines whether physical tampering has occurred.

Specific Changes

The following changes are made to CC v2.1 Part 2:

• Within subclause 10.7, in the section "Management: FPT_PHP.1" paragraph 408 is replaced with:

  The following actions could be considered for the management functions in FMT:

  a) management of the user or role that determines whether physical tampering has occurred.

• In the component FPT_PHP.1, the text following "Dependencies:" is replaced with:

  No dependencies

• In Annex J.7, paragraph 1223 is replaced with:

  FPT_PHP.1 should be used when threats from unauthorised physical tampering with parts of the TOE are not countered by procedural methods. It addresses the threat of undetected physical tampering with the TSF. Typically, an authorised user would be given the function to verify whether tampering took place. As written, this component simply provides a TSF capability to detect tampering. Specification of management functions in FMT_MOF.1 should be considered to specify who can make use of that capability, and how they can make use of that capability. If this function is realised by non-IT mechanisms (e.g. physical inspection) management functions are not required.

Rationale

No additional rationale required, the interpretation speaks for itself.