I-0467: Can Guidance Documentation Meet TSF Requirements?

Subject: I-0467: Can Guidance Documentation Meet TSF Requirements?
From: "NIAP Interpretations Board" <ccevs-nib@nist.gov>
Date: Tue, 13 May 2003 10:31:40 -0700
Content-type: Multipart/Mixed; boundary=Message-Boundary-30391
Priority: normal
Reply-to: cc-cmt@nist.gov

[The following is the ASCII version of the proposal. A pretty-printed PDF
version is attached.]



  The following is a proposal for formal guidance related to the  Common
  Criteria and ancillary documents. It is being posted in accordance with
  the procedures of the IWG.

  Comments on this proposal are welcomed and should be posted to this
  transaction chain.  If any party wishes to post a comment anonymously,
  the comment should be mailed to cc-cmt@nist.gov in a form suitable for
  posting.  All comments should be posted no later than Tuesday, July 1,
  2003.


                      CCITSE/CEM  GUIDANCE (PROPOSED)


     _________________________________________________________________

           I-0467: Can Guidance Documentation Meet TSF Requirements?
     _________________________________________________________________

TYPE:                 Guidance
NUMBER:               I-0467
STATUS:               Ready for External Review

TITLE:                Can Guidance Documentation Meet TSF Requirements?
COMMENTS DUE BY:      Tuesday, July 1, 2003 to cc-cmt@nist.gov

RELATED TO:           <None>

ISSUE:

   Can guidance documentation or manual procedures meeting requirements
   levied against the TSF? For example, can guidance documentation be
   used to meet the requirements of FPT_PHP?

STATEMENT

   Guidance and actions resulting from following the guidance are not
   part of the TSF. Requirements levied on the TSF must be met by
   hardware, firmware, or software components.

SUPPORT:

   The TSF is defined as "A set consisting of all hardware, software, and
   firmware of the TOE that must be relied upon for the correct
   enforcement of the TSP." The TOE, on the other hand, is defined as "An
   IT product or system and its associated administrator and user
   guidance documentation that is the subject of an evaluation." This
   makes it clear that the definition of TSF excludes the administrator
   and user guidance documentation.

   SFRs are typically levied against the TSF, not the TOE. When an SFR is
   levied against the TSF, then administrator or user guidance
   documentation cannot satisfy the requirement.

i0467.pdf

Prev by Date: I-0461: Definition Of TSF: Relied Upon For The Correct Enforcement
Next by Date: I-0433: Design Abstractions For Mechanical Mechanisms
Prev by thread: Re: I-0433: Design Abstractions For Mechanical Mechanisms
Next by thread: Re: I-0467: Can Guidance Documentation Meet TSF Requirements?

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov