[The following is the ASCII version of the proposal as posted on Gibraltar. A pretty-printed PDF version is attached.] [NOTE: This proposal is being re-posted after being updated to reflect comments the IWG received on its previous posting, or comments arising from further IWG discussion of the proposal.] This transaction consists of a proposal for a National Interpretation of a Common Criteria document. It is being posted in accordance with the procedures of the IWG. Comments on this proposal are welcomed and should be posted to this transaction chain. If any party wishes to post a comment anonymously, the comment should be mailed to IWG@gibraltar.ncsc.mil in a form suitable for posting. All comments should be posted no later than Monday, February 5, 2001. CCITSE/CEM NIAP INTERPRETATION (PROPOSED) _________________________________________________________________ I-0395: Security Attributes Include Attributes Of Information And Resources _________________________________________________________________ NUMBER: I-0395 STATUS: Posted for External Review TYPE: NIAP Interpretation TITLE: Security Attributes Include Attributes Of Information And Resources COMMENTS DUE BY: Friday, December 1, 2000 to IWG@gibraltar.ncsc.mil SOURCE REFERENCE: CC v2.1 Part 1 Subclause 2.3 RELATED TO: I-0351 User Attributes To Be Bound Should Be Specified ISSUE: There is a discrepancy between the definition of "Security attribute" in Part 1 and the use of the term in other portions of the CC, where security attributes are referred to in the context of information and resources. STATEMENT OF INTERPRETATION: The term "security attribute" also applies to security-related characteristics associated with information (under an information flow policy) and resources. SPECIFIC INTERPRETATION: To address this interpretation, the following changes are made to CC v2.1, Part 1: (additions marked _thusly_; deletions marked _[DEL:_ thusly _:DEL]_ ) * Subclause 2.3, paragraph 46 is changed as follows: _Security attribute_--_[DEL:_ Information associated with _:DEL]_ _Characteristics of_ subjects, users_,_ _[DEL:_ and/or _:DEL]_ objects_, information, and/or resources_ that is used for the enforcement of the TSP. PROJECTED IMPACT: Negligible impact anticipated. SUPPORT: The modification of this definition extends the definition of "security attribute" to "information" (as used in FDP_IFC and FDP_IFF) and resources. The definition is also changed to eliminate using the term "information" in two different contexts.