I-0395: Security Attributes Include Attributes Of Information And Resources

Subject: I-0395: Security Attributes Include Attributes Of Information And Resources
From: "Interpretations Working Group" <iwg@gibraltar.ncsc.mil>
Date: Fri, 17 Nov 2000 08:46:39 -0800
Content-type: Multipart/Mixed; boundary=Message-Boundary-29128
Priority: normal

[0118] (69 lines) iwg@gibraltar.ncsc.mil 11/06/00  1829.20 gmt Mon Common_Criteria
Subject: I-0395: Security Attributes Include Attributes Of Information And Resources


  This transaction consists of a proposal for a National Interpretation of
  a Common Criteria document. It is being posted in accordance with the
  procedures of the IWG.

  Comments on this proposal are welcomed and should be posted to this
  transaction chain.  If any party wishes to post a comment anonymously,
  the comment should be mailed to IWG@gibraltar.ncsc.mil in a form
  suitable for posting.  All comments should be posted no later than
  Friday, December 1, 2000.

                 CCITSE/CEM  NIAP INTERPRETATION (PROPOSED)

     _________________________________________________________________

  I-0395: Security Attributes Include Attributes Of Information And Resources
     _________________________________________________________________

NUMBER:               I-0395
STATUS:               Ready for External Review
TYPE:                 NIAP Interpretation

TITLE:                Security Attributes Include Attributes Of Information
And
                      Resources

SOURCE REFERENCE:     CC v2.1 Part 1 Subclause 2.3
RELATED TO:
     I-0351           User Attributes To Be Bound Should Be Specified

ISSUE:

   There is a discrepancy between the definition of "Security attributes"
   in Part 1 and the usage of the terms in other portions of the CC,
   where security attributes are referred to in the context of
   information and resources.

STATEMENT OF INTERPRETATION:

   The term "security attributes" also applies to security-related
   characteristics associated with information (under an information flow
   policy) and resources.

SPECIFIC INTERPRETATION:

   To address this interpretation, the following changes are made to CC
   v2.1, Part 1: (additions marked _thusly_; deletions marked _[DEL:_
   thusly _:DEL]_ )

     * Subclause 2.3, paragraph 46 is changed as follows:

     Security attribute--_[DEL:_ Information associated with _:DEL]_
     _Characteristics of_ subjects, users_,_ _[DEL:_ and/or _:DEL]_
     objects_, information, and/or resources_ that is used for the
     enforcement of the TSP.

PROJECTED IMPACT:

   Negligible impact anticipated.

SUPPORT:

   The modification of this definition extends the definition of
   attributes to "information" (as used in FDP_IFC and FDP_IFF) and
   resources. The definition is then changed to eliminate using the term
   "information" in two different contexts.



---[0118]---

0395.pdf

Prev by Date: Re: I-0394: Iteration Must Cover All Scopes
Next by Date: I-0387: Auditing Of Audit Storage Failures
Prev by thread: Re: I-0387: Auditing Of Audit Storage Failures
Next by thread: I-0395: Security Attributes Include Attributes Of Information And Resources

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov