El Banco Emisor carga el monto de la transacción (precio de venta + cuotas por servicio e intereses sobre el saldo) a la cuenta del tarjetahabiente y le envía su estado de

All objectives refer to AIX (BAS mode) and Trusted AIX (LAS mode) unless otherwise stated. All objectives for VIOS are explicitly marked as VIOS only. VIOS does not share objectives with either AIX or Trusted AIX.

[OSPP]_O.AUDITING

The TSF must be able to record defined security-relevant events (which usually include security-critical actions of users of the TOE). The TSF must protect this information and present it to authorized users if the audit trail is stored on the local system. The information recorded for security-relevant events must contain the time and date the event happened and, if possible, the identification of the user that caused the event, and must be in sufficient detail to help the authorized user detect attempted security violations or potential

misconfiguration of the TOE security features that would leave the IT assets open to compromise.

[OSPP]_O.CRYPTO.NET

The TSF must allow authorized users to remotely access the TOE using a

cryptographically-protected network protocol that ensures integrity and confidentiality of the transported data and is able to authenticate the end points of the communication. Note that the same protocols may also be used in the case where the TSF is physically separated into multiple parts that must communicate securely with each other over untrusted network connections.

[OSPP]_O.DISCRETIONARY.ACCESS

The TSF must control access of subjects and/or users to named resources based on identity of the object. The TSF must allow authorized users to specify for each access mode which users/subjects are allowed to access a specific named object in that access mode.

[OSPP]_O.NETWORK.FLOW

The TOE shall mediate communication between sets of TOE network interfaces, between a network interface and the TOE itself, and between subjects in the TOE and the TOE itself in accordance with its security policy.

[OSPP]_O.SUBJECT.COM

The TOE shall mediate communication between subjects acting with different subject security attributes in accordance with its security policy.

[OSPP]_O.I&A

The TOE must ensure that users have been successfully authenticated before allowing any action the TOE has defined to provide to authenticated users only.

[OSPP]_O.MANAGE

The TSF must provide all the functions and facilities necessary to support the authorized users that are responsible for the management of TOE security mechanisms and must ensure that only authorized users are able to access such functionality.

[OSPP]_O.TRUSTED_CHANNEL

The TSF must be designed and implemented in a manner that allows for establishing a trusted channel between the TOE and a remote trusted IT system that protects the user data and TSF data transferred over this channel from disclosure and undetected modification and prevents masquerading of the remote trusted IT system.

[OSPP-AM]_O.ROLE.DELEGATE

The TOE must allow roles assigned to users for performing security-relevant management tasks to be delegated to other users in accordance with the security policy.

[OSPP-AM]_O.ROLE.MGMT

The TOE must allow security management actions based on roles to be assigned to different users.

[OSPP-AM]_O.ROLE.APPROVE

The TOE must prevent the execution of user actions allowed by a specific right until a second user with a different right approves this action.

[OSPP-CRYPTO]_O.CRYPTO.BASIC

The TSF must provide the following cryptographic services for general use by authorized entities:

● symmetric and asymmetric ciphers,

● message digest generation,

● symmetric and asymmetric key generation.

[OSPP-IV]_O.INTEGRITY.TSF

The TOE shall be able to verify the integrity of both TSF code and TSF data to ensure that they have not been modified when compared to the integrity information in the integrity database.

[OSPP-IV]_O.INTEGRITY.USERDATA

The TOE shall be able to verify the integrity of user data to ensure that it has not been modified when compared to the integrity information in the integrity database.

[OSPP-IV]_O.INTEGRITY.ACTION

The TOE shall perform pre-defined actions upon detection of a breach of integrity.

[OSPP-IV]_O.INTEGRITY.MANAGE

The TOE shall be able to allow authorized users to update the integrity verification database covering TSF data, the TSF code, and user data.

Also, the TOE shall be able to allow authorized users to configure actions to be performed upon the detection of a breach of integrity.

[OSPP-LS]_O.LS.CONFIDENTIALITY

LAS mode only: The TOE will control information flow between entities and resources based on the sensitivity labels of users and resources.

[OSPP-LS]_O.LS.PRINT

LAS mode only: The TOE will provide the capability to mark printed output with accurate labels based on the sensitivity label of the subject requesting the output.

[OSPP-LS]_O.LS.LABEL

LAS mode only: The TOE will provide the capability to label all subjects, and all objects accessible by subjects, to restrict information flow based on the sensitivity labels.

[OSPP-VIRT]_O.COMP.INFO_FLOW_CTRL

The TOE will control information flow between compartments under the control of the TOE, based on security attributes of these compartments and potentially other TSF data (e.g., security attributes of objects). This information flow control policy must be able to allow the isolation of individual compartments from other compartments controlled by the TOE.

[OSPP-VIRT]_O.COMP.RESOURCE_ACCESS

The TOE will control access of compartments to objects and resources under its control based on:

● security attributes of the objects,

● security attributes of the compartment that attempts to access the object, and

● the type of access attempted.

The rules that determine access may be based on the value of other TSF data. Access must be controlled down to individual compartments and objects.

[OSPP-VIRT]_O.COMP.IDENT

For each access request, the TOE is able to identify the compartment requesting to access resources, objects or information.

[ST]_O.DISK.OVERWRITTEN

The TOE shall offer administrators a mechanism to overwrite user-accessible blocks of SCSI hard disk drives with predefined bit patterns.

[ST]_O.MANDATORY_INTEGRITY

LAS mode only: The TOE shall control access to resources based on the integrity level of the information being accessed and the integrity level of the subject attempting to access that information.

[ST]_O.ROLE

The TOE shall prevent users from gaining access to and performing operations on its resources/objects unless they have been granted access by the resource/object owner or they have been assigned to a role (by an authorized administrator) which permits those operations.

[ST]_O.ROLE.AUTHORIZATIONS

The TOE shall ensure that only authorized users gain access to protected TOE resources and that this access is controlled by authorized administrators.

[ST]_O.ROLE.CONSISTENT_DB

The TOE shall detect inconsistencies, corruption, and inaccessibility in the RBAC-related databases and enforce a fail secure policy.

[ST]_O.ROLE.HIERARCHY

The TOE shall allow hierarchical definitions of roles. Hierarchical definition of roles means the ability to define roles in terms of other roles.

[ST]_O.ROLE.SEP_DUTY

The TOE shall provide the capability of enforcing 'separation of duties', so that no single user has to be granted the right to perform all operations on important information.

[ST]_O.STACK.NO_EXEC

The TOE shall offer a mechanism to prevent the execution of code on the stack of selected processes.

[ST]_O.TCB.ACCESS

The TOE shall control write and/or execute access to resources protected as part of the trusted computing base as specified by an authorized administrator.

[ST]_O.TN.ACCESS

LAS mode only: The TOE shall control access between the TOE and other systems based on host security attributes and the network interface on which packets are sent or received.

[ST]_O.VIOS.I&A

VIOS only: The TSF shall ensure that users have been successfully authenticated before allowing any action the TOE has defined to provide to authenticated users only.

[ST]_O.VIOS.MANAGE

VIOS only: The TSF shall provide all the functions and facilities necessary to support the authorized users that are responsible for the management of TOE security mechanisms and shall ensure that only authorized users are able to access such functionality.

[ST]_O.VIOS.NET.PROTECTED

VIOS only: The TSF shall control access between VIOS Ethernet adapter device drivers and VIOS Ethernet device drivers acting on behalf of groups of LPAR partitions sharing a virtual network. The TSF shall allow authorized users to specify which VIOS Ethernet adapter device drivers may be accessed by a VIOS Ethernet device driver acting on behalf of a group of LPAR partitions sharing a virtual network.

[ST]_O.VIOS.ROLE

VIOS only: The TOE shall prevent users from gaining access to and performing operations on its resources/objects unless they have been granted access by the resource/object owner or they have been assigned to a role (by an authorized administrator) which permits those operations.

[ST]_O.VIOS.ROLE.HIERARCHY

VIOS only: The TOE shall allow hierarchical definitions of roles. Hierarchical definition of roles means the ability to define roles in terms of other roles.

[ST]_O.VIOS.ROLE.SEP_DUTY

VIOS only: The TOE shall provide the capability of enforcing 'separation of duties', so that no single user has to be granted the right to perform all operations on important information.

[ST]_O.VIOS.VOL.PROTECTED

VIOS only: The TSF shall control access between LPAR partitions and logical/physical volumes and VIOS SCSI device drivers acting on behalf of a group of LPAR partitions. The TSF shall allow authorized users to specify which logical/physical volumes may be accessed by the VIOS SCSI device drivers.