Re: Do we need trusted path/channel mandatory?

Subject: Re: Do we need trusted path/channel mandatory?
From: "NIAP Interpretations Board" <ccevs-nib@nist.gov>
Date: Fri, 15 Nov 2002 12:35:08 -0800
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal
Reply-to: cc-cmt@nist.gov


It appears that this entire discussion started down the wrong path because of 
sloppy wording in CC Part 2 para 514 (last bullet), which reads as if it is the 
trusted path that provides user authentication. In fact, trusted path simply 
provides a trustworthy means to access the mechanism that provides the user 
authentication. 

That said, it is important to note that the mechanisms in the TOE do not 
determine the requirements being claimed. Instead, it's the Objectives to be 
fulfilled by the TOE that determine the requirements that need to be met by the 
TOE. If the CC does not contain sufficient or correct requirements to address 
these Objectives, then extended requirements need to be created.

As for dependencies, any arguements about why they are not applicable are 
derived from the statements of Threats and Assumptions.

Prev by Date: Re: To claim the protection from interference without FPT_SEP
Next by Date: I-0453: TSF And Support Code
Prev by thread: Do we need trusted path/channel mandatory?
Next by thread: (광고) (성인광고) 카드 대출 연체관리 끝내세요,,성인자료 한번에 여러싸이트 이용방법..등등..무료자료 넘쳐나는곳

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov