Re: I-0460: Empty Selections Or Assignments/One Or More

Subject: Re: I-0460: Empty Selections Or Assignments/One Or More
From: "NIAP Interpretations Board" <ccevs-nib@nist.gov>
Date: Thu, 18 Jul 2002 11:26:26 -0700
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal
Reply-to: cc-cmt@nist.gov


The CC does not state whether assignments can be completed by effectively 
choosing nothing. I-0460 makes it clear that assignments must be completed 
and rewrites every instance of this in the CC to be explicit. Since the CC is 
ambiguous the NIB believe that such exactitude is necessary. There are 
some requirements that would not be properly satisfied if their assignments 
were not filled-in; for example, actions to be taken upon authentication failure. 
An ST writer could take advantage of this and create a specification that was 
essential void of any meaningful controls. An even more 'crafty' ST writer 
could come up with some action that effectively translates to nothing; and the 
vendor can even more invisibly implement 'null' actions. It is up to the 
evaluators to detect these (and the validators to check their work).

Prev by Date: RE: I-0463: Hardware Inclusion In A TOE With FPT_SEP
Next by Date: Re: I-0356: FDP_RIP Annex: Reuse Of Subject Data Notes
Prev by thread: Re: I-0460: Empty Selections Or Assignments/One Or More
Next by thread: RE: I-0460: Empty Selections Or Assignments/One Or More

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov