[The following is the ASCII version of the proposal. A pretty-printed PDF version is attached.] [NOTE: This proposal may reflect minor changes from the previous public review version. However, there have been no substantive changes to either the statement of interpretation or the specific changes since the previous public review version.] The following is a proposal for a NIAP Interpretation of a Common Criteria document that has been approved by the IWG and is being submitted to CCEVS management for approval. It is being posted for informational purposes. CCITSE/CEM NIAP INTERPRETATION (PROPOSED) _________________________________________________________________ I-0409: Other Properties In FMT_MSA.3 Should Be Specified By Assignment _________________________________________________________________ TYPE: NIAP Interpretation NUMBER: I-0409 STATUS: Ready to Prepare for Management/CCIMB TITLE: Other Properties In FMT_MSA.3 Should Be Specified By Assignment PREVIOUS POSTING: [cc-cmt 00060] SOURCE REFERENCE: CC v2.1 Part 2 Subclause 8.2 FMT_MSA.3 CC v2.1 Part 2 Subclause H.2 FMT_MSA.3 RELATED TO: <None> ISSUE: The normal CC paradigm is to have PP/ST authors specify "other" information through assignment. This element is an anomaly; the Part 2 annex explicitly calls out the use of refinement to specify the other property. STATEMENT In FMT_MSA.3.1, the selection of "other property" for the default values is specified by assignment. SPECIFIC INTERPRETATION To address this interpretation, the following changes are made to CC v2.1 Part 2 (additions marked _thusly_; deletions marked _[DEL:_ thusly _:DEL]_ ): * FMT_MSA.3 is relabeled as FMT_MSA.3-NIAP-0409. Unless otherwise noted in these changes, all normative and informative material associated with FMT_MSA.3 is incorporated unchanged into FMT_MSA.3-NIAP-0409, and all references to FMT_MSA.3 in the CC, CEM, or other Common Criteria documentation is changed to refer to FMT_MSA.3-NIAP-0409. * Subclause 8.2, FMT_MSA.3, element FMT_MSA.3.1 is modified as follows: FMT_MSA.3.1_-NIAP-0409_ The TSF shall enforce the [assignment: access control SFP, information flow control SFP] to provide [selection: restrictive, permissive, _[assignment:_ other property_]_] default values for security attributes that are used to enforce the SFP. * Subclause H.2, FMT_MSA.3, Operations, is modified as follows: Operations Assignment: In FMT_MSA.3.1_-NIAP-0409_,the PP/ST author should list the access control SFP or the information flow control SFP for which the security attributes are applicable. Selection: In FMT_MSA.3.1_-NIAP-0409_, the PP/ST author should select whether the default property of the access control attribute will be restrictive, permissive, or another property. _[DEL:_ In case of another property, the PP/ST author should refine this to a specific property. _:DEL]_ _Assignment:_ _In FMT_SMA.3.1-NIAP-0409, if the PP/ST author selects another property, the PP/ST author should specify the desired characteristics of the default values._ Assignment: In FMT_MSA.3.2 the PP/ST author should specify the roles that are allowed to modify the values of the security attributes. The possible roles are specified in FMT_SMR.1. PROJECTED IMPACT: Negligible impact anticipated. SUPPORT: In the Common Criteria, when arbitrary information is added, this is typically done through the assignment operation. Refinement is used in those cases where additional implementation detail is provided. This particular issue appears to be due to a case where the CC authors mistakenly used refinement instead of assignment, probably to avoid embedding an assignment within a selection. This interpretation corrects the error by making the assignment explicit.