@@ -1085,21 +1085,27 @@ The product shall implement mandatory hardware-enforced access control to memory
#### 5.2.X.x **MI-CCON**: Prevent creation of more than one user account
The manufacturer shall implement MI-SCCA.
The product shall prevent the creation of a user account if one already exists.
The product shall implement mechanisms to prevent the creation of a user account if one already exists.
* Test: create one user account, then attempt to create a second
* Result: first user account creation succeeds, second fails
* Output: error message
* Applicability: Has user accounts
* Reference: TR-MISO
* Objective: Prevent unauthorized access of memory
* Preparation: List all user accounts and verify there is exactly one
* Activities: Attempt to create a second user account, then list user accounts again
* Verdict: Creation of second user account fails and list of user accounts shows one account and is identical before and after test => PASS, otherwise FAIL
* Evidence: List of user accounts before and after test, output of test
#### 5.2.X.x **MI-UCON**: Prevent concurrent user account usage
The manufacturer shall implement MI-SCCA.
The product shall prevent a user account from logging in if another user account is already logged in.
The product shall implement MI-MMAC.
The product shall implement mechanisms to reject a user account from logging in if a different user account is already logged in.
* Applicability: Has user accounts
* Reference: TR-MISO
* Objective: Prevent unauthorized access of memory
* Preparation: List all user accounts and verify they are zero
* Activities: Attempt to create a second user account, then list user accounts again
* Verdict: Creation of second user account fails and list of user accounts shows one account and is identical before and after test => PASS, otherwise FAIL
* Evidence: List of user accounts before and after test, output of test
* Test: with one user logged in, attempt to log in as a second user
