I-0395: Security Attributes Include Attributes Of Information And Resources

Subject: I-0395: Security Attributes Include Attributes Of Information And Resources
From: "Interpretations Working Group" <iwg@gibraltar.ncsc.mil>
Date: Thu, 11 Jan 2001 15:13:47 -0800
Content-type: Multipart/Mixed; boundary=Message-Boundary-1884
Priority: normal

[The following is the ASCII version of the proposal as posted on Gibraltar. A
pretty-printed PDF version is attached.]

  [NOTE: This proposal is being re-posted after being updated to reflect
  comments the IWG received on its previous posting, or comments arising
  from further IWG discussion of the proposal.]

  This transaction consists of a proposal for a National Interpretation of
  a Common Criteria document. It is being posted in accordance with the
  procedures of the IWG.

  Comments on this proposal are welcomed and should be posted to this
  transaction chain.  If any party wishes to post a comment anonymously,
  the comment should be mailed to IWG@gibraltar.ncsc.mil in a form
  suitable for posting.  All comments should be posted no later than
  Monday, February 5, 2001.


                 CCITSE/CEM  NIAP INTERPRETATION (PROPOSED)


     _________________________________________________________________

  I-0395: Security Attributes Include Attributes Of Information And Resources
     _________________________________________________________________

NUMBER:               I-0395
STATUS:               Posted for External Review
TYPE:                 NIAP Interpretation

TITLE:                Security Attributes Include Attributes Of Information And
                      Resources
COMMENTS DUE BY:       Friday, December 1, 2000 to IWG@gibraltar.ncsc.mil

SOURCE REFERENCE:     CC v2.1 Part 1 Subclause 2.3
RELATED TO:
     I-0351           User Attributes To Be Bound Should Be Specified

ISSUE:

   There is a discrepancy between the definition of "Security attribute"
   in Part 1 and the use of the term in other portions of the CC, where
   security attributes are referred to in the context of information and
   resources.

STATEMENT OF INTERPRETATION:

   The term "security attribute" also applies to security-related
   characteristics associated with information (under an information flow
   policy) and resources.

SPECIFIC INTERPRETATION:

   To address this interpretation, the following changes are made to CC
   v2.1, Part 1: (additions marked _thusly_; deletions marked _[DEL:_
   thusly _:DEL]_ )


     * Subclause 2.3, paragraph 46 is changed as follows:

     _Security attribute_--_[DEL:_ Information associated with _:DEL]_
     _Characteristics of_ subjects, users_,_ _[DEL:_ and/or _:DEL]_
     objects_, information, and/or resources_ that is used for the
     enforcement of the TSP.

PROJECTED IMPACT:

   Negligible impact anticipated.

SUPPORT:

   The modification of this definition extends the definition of
   "security attribute" to "information" (as used in FDP_IFC and FDP_IFF)
   and resources. The definition is also changed to eliminate using the
   term "information" in two different contexts.

0395.pdf

Prev by Date: I-0382: TSF Architectural Protections Are Really Assurances
Next by Date: U.S. NATIONAL INTERPRETATION PROCESS: WHAT IS IT ALL ABOUT?
Prev by thread: I-0395: Security Attributes Include Attributes Of Information And Resources
Next by thread: Re: I-0394: Iteration Must Cover All Scopes

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov