Re: Coverage of TSP and attributes (RI#144, RI#145)

Subject: Re: Coverage of TSP and attributes (RI#144, RI#145)
From: Gary Stoneburner <gary.stoneburner@nist.gov>
Date: Mon, 02 Dec 2002 09:56:12 -0500
Content-Type: multipart/alternative; boundary="=====================_2771824==_.ALT"
In-Reply-To: <00ec01c298fa$1c161390$0815a8c0@yokota>

Remember that all dependencies are "soft". This means that, with appropriate rationale, any dependency can be unsatisifed. In the instance of MSA.2 and SPM.1, clearly the dependency is only concerning policies that impact MSA.2. So. with a rationale that showed why only certain policies are covered, covering just those policies is acceptable.

However, it would be better in this case to eliminate SPM entirely. Reducing the scope of SPM would result in an extended assurance requirement that is not covered by mutual recognition. In order to maintain mutual recognition, it may be necessary to cover the policies in the ST itself, perhaps in an appendix and refine MSA.2 to point to this location. This added material in the ST would be evaluated in determining ST internal consistency and completeness. The result is little different, technically, from a reduced-scope SPM.1. But the CCRA has no provision for such an assurance component even though putting the same information in the ST is OK.

Cheers,
Gary

At 12:34 AM 12/1/02, you wrote:

In the ST evaluation, I hit the same problem with RI#144 and RI#145.
Those RIs are not closed yet, but author's proposals are presented there.
I'm wondering what solution does NIAP has selected or intend to select.

The author says:
An interpretation is not proposed but rather one is requested so that
consistency
can be facilitated across certification schemes.

(RI#144 )
If ADV_SPM.1 is included in the ST only as a consequence of satisfying the
dependency
from FMT_MSA.2, is it necessary for ADV_SPM.1 to apply to all policies of
the TSP
(since it is feasible to model all policies of the TSP informally),
or is it permissible for the scope of ADV_SPM.1 to be limited to those
security policies
of the TSF that are related to the security attributes that fall under the
scope
of FMT_MSA.2?

(RI#145)
In cases where FMT_MSA.2 is included in the ST only as a consequence of
satisfying
the dependency from components from the FCS class, is it necessary for
FMT_MSA.2
to apply to all security attributes, or is it acceptable to include just
those that pertain
to cryptographic functionality?

Regards,
Yokota

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20877-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
**************************************************************************

References:
- Coverage of TSP and attributes (RI#144, RI#145)
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: Re: expertise, resources, and motivation of attackers
Next by Date: Re: FCS_COP assignment
Prev by thread: Coverage of TSP and attributes (RI#144, RI#145)
Next by thread: Re: Coverage of TSP and attributes (RI#144, RI#145)

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov