A.PROPER_ADMIN considerations for cloud deployment #9
Description
When the TOE is deployed in an on-premise environment, it is ok for the scope of A.PROPER_ADMIN to be limited to a legitimate administrator not abusing their privileges. However, in a cloud deployment we also introduce the threat of a malicious but unprivileged user being able to become a malicious administrator through credential disclosure or privilege escalation.
It is recommended that the assumption be updated to say something about the idea that access to the TOE and its underlying platform is adequately protected through physical security and secure credential storage. This is appropriate for both cloud and non-cloud settings and would allow the PP to better accommodate the cloud use case.