Archived
TD0044: Update to FMT_SMF_EXT.1
Publication Date
2015.05.05
Protection Profiles
PP_MD_v2.0
Other References
PP_MD_v2.0
Issue Description
Function 5 of FMT_SMF_EXT.1 indicates that it is mandatory for the enterprise to be able to enable/disable a list of audio or visual collection devices across the device, and optionally on a per-app basis. Certain vendors can do this for the camera, but the microphone cannot be managed by the enterprise; instead it is controlled on a per-application basis under the control of the user. While this approach is acceptable to the PP author, it does not conform to the PP as currently written. Resolution
"The assignment in function 5 consists of at least one audio and/or visual device, such as camera and microphone, which can be enabled and disabled by either the user or administrator. Disablement of the microphone does not imply that the microphone may not be enabled in order to place emergency phone calls. If certain devices are able to be restricted to the enterprise (either device-wide or per-app) and others are able to be restricted to users, then this function should be iterated in the table with the appropriate table entries." Justification
It is acceptable for either the user or administrator to be able to enable or disable the selected audio or visual collection devices, either across the device or on a per-application basis (which means the product meets the intent of the requirement). |