This transaction consists of a proposal for a National Interpretation of a Common Criteria document. It is being posted in accordance with the procedures of the IWG. Comments on this proposal are welcomed and should be posted to this transaction chain. If any party wishes to post a comment anonymously, the comment should be mailed to IWG@gibraltar.ncsc.mil in a form suitable for posting. All comments should be posted no later than Tuesday, May 29, 2001. CCITSE/CEM NIAP INTERPRETATION (PROPOSED) _________________________________________________________________ I-0412: Configuration Items In The Absence Of Configuration Management _________________________________________________________________ TYPE: NIAP Interpretation NUMBER: I-0412 STATUS: Ready for External Review TITLE: Configuration Items In The Absence Of Configuration Management WOULD SUPERSEDE: I-0338 Configuration Items In The Absence Of Explicit Scope SOURCE REFERENCE: CC v2.1 Part 3 Subclause 8.2 ACM_CAP CC v2.1 Part 3 Subclause 8.2 ACM_CAP.2 RELATED TO: I-0338 Configuration Items In The Absence Of Explicit Scope ISSUE: The content and presentation of evidence elements introduced at ACM_CAP.2 all deal with uniquely identifying all items that make up the TOE and having their descriptions in a configuration list. This configuration list is contained in the CM documentation, which is required by ACM_CAP.2.3D. However, there are no requirements that formal configuration management (as is implied by the term "CM System") be performed on any of these items. Hence, the use of the term "CM system" creates confusion. STATEMENT ACM_CAP.2 does not require the presence of a CM system. SPECIFIC INTERPRETATION: To address this intepretation, the following changes are made to CC v2.1 Part 3: * Delete ACM_CAP.2.2D. * Replace ACM_CAP.2.6C with the following (additions shown _thusly_; deletions shown _[DEL:_ thusly _:DEL]_ ): ACM_CAP.2.6C_-NIAP-0412_ The _[DEL:_ CM system _:DEL]_ _configuration list_ shall uniquely identify all configuration items. Additionally, the following change is made to the Part 2, Subclause 8.2, Paragraph 254 (additions shown _thusly_; deletions shown _[DEL:_ thusly _:DEL]_ ): _[DEL:_ ACM_CAP.2.6C _:DEL]_ _ACM_CAP.2.6C-NIAP-0412_ introduces a requirement that the _[DEL:_ CM system _:DEL]_ _configuration list_ uniquely identify all configuration items. This also requires that modifications to configuration items result in a new, unique identifier being assigned. FURTHER CONSIDERATIONS: As this makes changes to components included in EAL1 through EAL4, the CEM must be examined to determine if these changes impact the v1.0 wording. The CEM also must be updated to reflect the replaced element names, and to remove work units for deleted elements. PROJECTED IMPACT: Negligible impact anticipated. SUPPORT: The use of the term "CM system" in ACM_CAP.2 implies a dependence upon a formal CM system. However, there is no requirement for such a system at ACM_CAP.2, as confirmed by the Common Evaluation Methodology v1.0 Part 2. In the methodology for ACM_CAP.2, the CEM does not impose any evaluator actions with respect to verifying use or presence of a CM system. In fact, the EAL2 work unit for ACM_CAP.2.6C (the only content and presentation of evidence element to refer to a CM system) requires a check only on the configuration list, not the CM system. The requirements of the CEM lead to the conclusion that the goal of ACM_CAP.2 is to ensure that an unambiguous list of all configuration items that comprise the TOE be maintained, but not that there necessarily be a full blown CM system in place to manage changes to those components. This interpretation adjusts the wording of ACM_CAP.2 to clarify this intent.