RI: "parts" of the TOE

Subject: RI: "parts" of the TOE
From: "Knoke, Jim" <Jim.Knoke@GetronicsGov.com>
Date: Thu, 27 Jun 2002 07:08:51 -0400
content-class: urn:content-classes:message
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="iso-8859-1"
Thread-Index: AcIdy2BGEZUxH4mZEdapc3CXZsEAAA==
Thread-Topic: RI: "parts" of the TOE


FPT_ITT and FPT_TRC involve "parts" of the TOE. Paragraph 1210 of CC
part 2 implies that almost any subcomponent of the TOE could be
considered a separate "part". How does one determine the granularity of
"parts" in the TOE? Does the PP or ST have to discuss the threats and
environment in such a way that the granularity is obvious? If the
environment is very hostile, couldn't the TOE rely on physical
protections to protect transfers between "closely bound" subcomponents
(e.g., transfers over a system bus)?

In my product, the most likely candidates for separate parts would be
serial terminals and parallel printers. I would like to claim that these
components reside in the same facility as the main system cabinet and
that some combination of physical, personnel, and procedural controls
provide the protection of transfers to and from those components. I
would not like to incur the expense of adding cryptography to every such
transfer.

Jim Knoke
Getronics Government Solutions, LLC
2525 Network Place   MS-350
Herndon, VA  20171
(703) 563-8086
Jim.Knoke@GetronicsGov.com

Prev by Date: RE: Request for interpretation: treatment of hardware needed by software product
Next by Date: Satisfying requirements trivially
Prev by thread: Re: Satisfying requirements trivially
Next by thread: Re: RI: "parts" of the TOE

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov