[The following is the ASCII version of the proposal. A pretty-printed PDF version is attached.] The following is a proposal for formal guidance related to the Common Criteria and ancillary documents. It is being posted in accordance with the procedures of the IWG. Comments on this proposal are welcomed and should be posted to this transaction chain. If any party wishes to post a comment anonymously, the comment should be mailed to firstname.lastname@example.org in a form suitable for posting. All comments should be posted no later than Tuesday, July 1, 2003. CCITSE/CEM GUIDANCE (PROPOSED) _________________________________________________________________ I-0467: Can Guidance Documentation Meet TSF Requirements? _________________________________________________________________ TYPE: Guidance NUMBER: I-0467 STATUS: Ready for External Review TITLE: Can Guidance Documentation Meet TSF Requirements? COMMENTS DUE BY: Tuesday, July 1, 2003 to email@example.com RELATED TO: <None> ISSUE: Can guidance documentation or manual procedures meeting requirements levied against the TSF? For example, can guidance documentation be used to meet the requirements of FPT_PHP? STATEMENT Guidance and actions resulting from following the guidance are not part of the TSF. Requirements levied on the TSF must be met by hardware, firmware, or software components. SUPPORT: The TSF is defined as "A set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TSP." The TOE, on the other hand, is defined as "An IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation." This makes it clear that the definition of TSF excludes the administrator and user guidance documentation. SFRs are typically levied against the TSF, not the TOE. When an SFR is levied against the TSF, then administrator or user guidance documentation cannot satisfy the requirement.