Re: I-0394: Iteration Must Cover All Scopes

Subject: Re: I-0394: Iteration Must Cover All Scopes
From: "Interpretations Working Group" <iwg@gibraltar.ncsc.mil>
Date: Fri, 17 Nov 2000 08:46:39 -0800
Content-type: Multipart/Mixed; boundary=Message-Boundary-31181
Priority: normal

[0117] (97 lines) iwg@gibraltar.ncsc.mil 11/06/00  1828.13 gmt Mon Common_Criteria
Subject: Re: I-0394: Iteration Must Cover All Scopes


  [NOTE: This proposal is being re-posted after being updated to reflect
  comments the IWG received on its previous posting, or comments arising
  from further IWG discussion of the proposal.]

  This transaction consists of a proposal for a National Interpretation of
  a Common Criteria document. It is being posted in accordance with the
  procedures of the IWG.

  Comments on this proposal are welcomed and should be posted to this
  transaction chain.  If any party wishes to post a comment anonymously,
  the comment should be mailed to IWG@gibraltar.ncsc.mil in a form
  suitable for posting.  All comments should be posted no later than
  Friday, December 1, 2000.

                 CCITSE/CEM  NIAP INTERPRETATION (PROPOSED)

     _________________________________________________________________

                    I-0394: Iteration Must Cover All Scopes
     _________________________________________________________________

NUMBER:               I-0394
STATUS:               Reposted for External Review
TYPE:                 NIAP Interpretation

TITLE:                Iteration Must Cover All Scopes
COMMENTS DUE BY:       Wednesday, August 30, 2000 to IWG@gibraltar.ncsc.mil

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 2.1.4.1
                      CEM v1.0 Part 2 Subclause 3.4.5 APE_REQ.1
                      CEM v1.0 Part 2 Subclause 4.4.6 ASE_REQ.1
RELATED TO:
     I-0362           Scope Of Permitted Refinements

ISSUE:

   The question of "narrowing of scope" (i.e., limiting the applicability
   of an element) has recently been debated as to whether it is an
   acceptable refinement. The approach taken in CCIMB-INTERP-0098/0099
   indicates that it is not. However, the CEM provides a situation in
   which iteration can be used to narrow scope. It is not clear from the
   CC and the CEM that all aspects of a requirement must be covered.

STATEMENT OF INTERPRETATION:

   If iteration is used to narrow applicability to a portion of the TOE,
   the collection of all the iterations must cover all aspects of the
   requirement.

SPECIFIC INTERPRETATION:

   To address this intepretation, CC v2.1 Part 2 Subclause 2.1.4.1,
   paragraph 75 is reworded as follows (additions marked _thusly_;
   deletions marked _[DEL:_ thusly _:DEL]_ ):

     Where necessary to cover different aspects of the same requirement
     (e.g. identification of more than one type of user), repetitive use
     of the same component from this part of the CC to cover each aspect
     is permitted. _If iteration is used to narrow the applicability,
     the collection of all iterations of the same requirement must cover
     all aspects_.

   The following change is made to both CEM v1.0 Part 2 Section 3.4.5
   APE_REQ.1-11 Paragraph 225 "d)" and CEM v1.0 Part 2 Section 4.4.6
   ASE_REQ.1-12 Paragraph 415 "d)": (additions marked _thusly_; deletions
   marked _[DEL:_ thusly _:DEL]_ ):

     d) for an iteration, that each iteration of a component is
     different from each other iteration of that component (at least one
     element of a component is different from the corresponding element
     of the other component), or that the component applies to a
     different part of the TOE. _In the latter case, there must be
     sufficient iterations that all aspects of the requirement are
     covered._

PROJECTED IMPACT:

   Negligible impact anticipated.

SUPPORT:

   Narrowing of scope is clearly not the intent of iteration. CC v2.1
   Part 2 Subclause 2.1.4.1, says:

     Where necessary to cover different aspects of the same requirement
     (e.g. identification of more than one type of user), repetitive use
     of the same component from this part of the CC to cover each aspect
     is permitted.

   The key part of this is "to cover each aspect". This implies that all
   aspects of the requirement must be covered by the collection of the
   iterations. Making that particular characteristic of iteration clear
   is the goal of this interpretation.



---[0117]--- (pref = [0102])

0394.pdf

Prev by Date: Welcome to CC-CMT
Next by Date: I-0395: Security Attributes Include Attributes Of Information And Resources
Prev by thread: I-0395: Security Attributes Include Attributes Of Information And Resources
Next by thread: Welcome to CC-CMT

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov