Re: CC request for interpretation: TSF required during maintenance mode?

Subject: Re: CC request for interpretation: TSF required during maintenance mode?
From: "NIAP Interpretations Board" <ccevs-nib@nist.gov>
Date: Thu, 18 Jul 2002 11:26:30 -0700
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal
Reply-to: cc-cmt@nist.gov


There must be a distinction between "operational" and "maintenance" modes 
because the CC uses distinct terms. There can be multiple operational 
modes and multiple maintenance modes. In general, the NIB feels that a 
particular mode is a "maintenance" mode if one or more of the SFPs is 
"offline", i.e., not enforced. This could be the state while the characteristics of 
a policy are being modified such that suspension of enforcement is 
necessary, or it could be a state where the policy may be inconsistent 
(internally or with some other policy) and must be amended before its 
enforcement can resume. The ST author may define a mode as 
"maintenance" or "operational", and the evaluator may accept or challenge 
the definition.

A secure state is one in which the SFPs cannot be violated. This occurs 
when all SFPs are operational and being enforced; it also occurs when 
unauthorized users are denied access to the system while the enforcement 
of one or more policies is suspended. As with modes, the ST author may 
define a state as secure, and the evaluator may accept or challenge the 
definition.

Prev by Date: Re: I-0356: FDP_RIP Annex: Reuse Of Subject Data Notes
Next by Date: Re: Guidance for AMP
Prev by thread: Re: CC request for interpretation: TSF required during maintenance mode?
Next by thread: guidance for AMP

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov