NIB Posting Introduction

Subject: NIB Posting Introduction
From: "NIAP Interpretations Board" <ccevs-nib@nist.gov>
Date: Wed, 10 Jul 2002 11:42:30 -0700
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal
Reply-to: cc-cmt@nist.gov

[version 6 2002-01-14]

Greetings to readers of the CC-CMT list from the CCEVS NIAP Interpretations
Board (NIB) [Note: Before November 2001, the entity that performed the 
function
roughly equivalent to the NIB was the Interpretations Working Group (IWG).]

The purpose of this message is to alert readers that the NIB will soon be
posting the latest set of proposed NIAP interpretations (NIs) that it has
developed under the CCEVS scheme.  Because of the importance of a public
discussion of proposed NIAP interpretations, the NIB is soliciting comments 
on
these proposed NIs in the form of postings on this list.

In commenting on the proposed NIs, please remember that this list is for
NON-PROPRIETARY discussions only.  Please do NOT post any proprietary
information here.  Please contact CCEVS management at the email 
addresses
identified below if you have proprietary information that you believe is
relevant to any of the proposed NIs posted here.

This list is archived and postings are saved in the NIST listproc archive at:

(http://www.nist.gov/itl/div896/emaildir/cc-cmt/maillist.html).

To assist readers in reviewing the proposed NIs, the following information is
provided.

NIAP INTERPRETATIONS

One of the responsibilities of the NIB is the development of NIAP
interpretations (NIs) of the Common Criteria (CC) and the Common Evaluation
Methodology (CEM).  The sources of NIs include (1) issues that are raised 
from
interim decisions produced by CCEVS for individual evaluations (called
Observation Decisions), and (2) sections of the CC and CEM that the NIB has
found to be confusing based on its review during NIB meetings.  As part of the
NI development process, the NIB distributes the proposed NIs on this list for
public review and comment.

POSTING INFORMATION

The following describes each section of a proposed NI posting:

NUMBER

The NIB maintains a database (called the "NIB/IWG Queue") of the CC-
related and
CEM-related issues that it is investigating. Whenever the NIB identifies a new
issue, that issue is assigned a number of the form "I-nnnn" and added to the
Queue.  NIB members develop NIs from the issues in the Queue.  The
"I-nnnn" number associated with an NI is the number of the associated issue 
in
the IWG Queue.

Note that the order in which the NIB works on Queue entries is not the same 
as
the order in which issues are added to the Queue.  Consequently, the "I-nnnn"
numbers of proposed NIs posted on this list will not necessarily be in
sequential order.

Approved NIs (and other publicly available Queue entries) are available at
the following site:

http://niap.nist.gov/cc-scheme/iwg-cc-public/index.html

STATUS

Each entry in the IWG Queue is assigned a status that indicates the 
proposed
NI's progress through the NI development process.

When a Queue entry is ready for public review, it is assigned a status of
"Posted for External Review" and posted to this mailing list.  Thereafter, it
remains publicly viewable, although its status may change to one indicating
that the Queue entry is undergoing revision or a new review, that it has
become a NIAP interpretation, or that it has been superseded, withdrawn,
or tabled.

TYPE

There are two types of interpretations that will be posted for public review:
NIAP Interpretations (discussed above) and Requests for Interpretation.

Sometimes a CC or CEM issue is identified that the NIB is unable to resolve
through an NI.  In this case, the NIB will submit a Request for Interpretation
(RI) to the Common Criteria Interpretation Management Board (CCIMB), the
international body responsible for CC and CEM interpretations.  Similarly to
NIs, the NIB will post RIs to this list for public review and comment prior to
submitting them to the CCIMB.

TITLE

This entry provides the title of the proposed NI (or RI).

COMMENTS DUE DATE

This section indicates the date by which the NIB will accept public comments
for the posting.  This date is usually a few days prior to the NIB's next
meeting.  Readers of the list should provide their comments by this date so
that the NIB can consider them during its meeting.

If a public reviewer wishes to make a comment privately, it should be mailed
to Daniel Faigin, the NIB recordkeeper, at faigin@aero.org, in a form
suitable for the NIB to post as an anonymous comment to the list at large.

SOURCE REFERENCE

Citations of the Common Criteria and/or the Common Evaluation Methodology
(CEM) sections affected by, or related to, this proposed NI or RI.

RELATED TO

This entry identifies other Queue entries related to the proposed NI.

ISSUE

This section provides a short and succinct statement of the issue.

STATEMENT OF INTERPRETATION

This section provides a high-level statement of the proposed NI.

SPECIFIC INTERPRETATION

This section describes the specific changes to be made to the source criteria
(i.e., CC and/or CEM) to address the NIAP interpretation.  These changes
to the source criteria may result in modifications to existing CC classes, CC
families, CC components, CC elements, CC EALs and/or CEM work units; or 
they
may result in the addition of new CC classes, CC families, CC components, 
CC
elements, CC EALs, and/or CEM work units.

To clarify the CC or CEM sections that have been modified or to which new
information has been added, the NIB has developed a labeling convention.  A
description of the labeling convention is available at the following URL:

http://www.nist.gov/itl/div896/emaildir/cc-cmt/msg00017.html

Note: Criteria changes in approved interpretations are to be treated as
explicitly stated requirements. CCEVS Scheme Policy is that the 
interpretation
development process (the IWG and superseding processes) and the content 
of the
interpretation provides an equivelent level to the APE_SRE/ASE_SRE 
evaluation
for the changes. When the criteria changes from an interpretation are used in
a PP or ST, no justification other than indicating the changes arise from an
approved CCEVS interpretation are required.

PROJECTED IMPACT

This section identifies anticipated impacts of the NIAP interpretation on
future evaluations, from the point of view of the validation community. There
may be additional impacts on developers not captured in this statement.

SUPPORT

This section provides supporting information and rationale behind the NIAP
interpretation.

CCEVS MANAGEMENT CONTACTS

CCEVS management can be contacted at the following email addresses:

 Jean Schaffer, Director, CCEVS Validation Body:  jhschaf@missi.ncsc.mil
 Arnold Johnson, Deputy Director, CCEVS Validation Body: 
arnold.johnson@nist.gov
Prev by Date: Testing allowed by privileged programs?
Next by Date: I-0459: CM Systems May Have Varying Degrees Of Rigor And Function
Prev by thread: Re: I-0463: Hardware Inclusion In A TOE With FPT_SEP
Next by thread: Testing allowed by privileged programs?
Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov