Archived
TD0370: Management Function Update
Publication Date
2018.11.16
Protection Profiles
PP_MDM_V3.0
Other References
FMT_SMF.1.1(2)
Issue Description
There is no mechanism for vendors to include additional management functions supported. Resolution
FMT_SMF.1.1(2) is replaced as follows (changes in bold font): FMT_SMF.1.1(2) The MDM Server shall be capable of performing the following management functions: a. choose X.509v3 certificates for MDM Server use b. configure the [selection: devices specified by [selection: IMEI, [assignment: a unique device ID]], specific device models, a number of devices, specific time period] and [selection: [assignment: other features], no other features] allowed for enrollment, [selection: c. allow the administrator to choose whether to accept the certificate when connection cannot be made to establish validity, d. configure the TOE unlock banner, e. configure periodicity of the following commands to the agent: [assignment: list of commands], f. configure the privacy-sensitive information that will and will not be collected from particular mobile devices, g. configure the length of time the enrollment authenticator is valid, h. [assignment: other management functions] i. no other management functions]. Justification
Inclusion of an assignment allows vendors to claim additional management functions. |