Re: ADV_FSP.1-6

Subject: Re: ADV_FSP.1-6
From: "NIAP Interpretations Board" <ccevs-nib@nist.gov>
Date: Fri, 15 Nov 2002 12:35:08 -0800
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal
Reply-to: cc-cmt@nist.gov


With respect the question of whether, as part of evaluating an ST, the 
evaluator must check the guidance documentation and the FSP to make sure all 
the functions are described in the TSS, the answer is no.  The TSS does not 
have to describe all of the interfaces or security mechanisms; only those that 
relate to the satisfaction of components allocated to the TOE.  The TOE may 
contain additional security functions.  These must be described in the FSP in 
order to permit the evaluation to ascertain that they do not contribute to the 
satisfaction of the SFRs.

The comments also make it appear as if one is restricted by the CC on the 
cryptography functions that may be used.  This is incorrect.  The CC makes it 
clear, in paragraph 721 of Part 2, that the assigned standard may comprise 
none, one, or more actual standards publications.  In the case of none, it 
appears it would be sufficient to have the algorithm written down.

Prev by Date: Re: Can only part of the HW be included in the TSF?
Next by Date: I-0432: List Of Subjects And Objects Refers To Types Thereof
Prev by thread: Re: I-0432: List Of Subjects And Objects Refers To Types Thereof
Next by thread: I-0392: AVA_MSU Does Not Mandate Extra Functions In The TOE

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov