Re: I-0436: Compliance Claims Against A Flawed PP

Subject: Re: I-0436: Compliance Claims Against A Flawed PP
From: "NIAP Interpretations Board" <faigin@aero.org>
Date: Thu, 31 Jul 2003 19:45:13 -0700
Content-type: Multipart/Mixed; boundary=Message-Boundary-22382
Priority: normal
Reply-to: cc-cmt@nist.gov


  The following is a proposal for a NIAP Interpretation of a Common
  Criteria document that has been approved by the IWG and is being
  submitted to CCEVS management for approval. It is being posted for
  informational purposes.




                      CCITSE/CEM  GUIDANCE (PROPOSED)


     _________________________________________________________________

                 I-0436: Compliance Claims Against A Flawed PP
     _________________________________________________________________

TYPE:                 Guidance
NUMBER:               I-0436
STATUS:               Ready to Prepare for Management/CCIMB

TITLE:                Compliance Claims Against A Flawed PP
PREVIOUS POSTING:      [cc-cmt 00559]

SOURCE REFERENCE:     CC v2.1 Part 3 Subclause 5.5 ASE_PPC
                      CEM v1.0 Part 2 Subclause 4.4.5 ASE_PPC.1
RELATED TO:           <None>

ISSUE:

   What should be done when an ST claims compliance to a PP that the
   evaluation team determines to be flawed?

STATEMENT

   When the PP underlying an ST is determined to be flawed, the ST should
   be appropriately corrected so that it (a) will pass evaluation, and
   (b) is consistent with the objective and intent of the underlying PP.
   The PP Compliance Claim should provide justification provided that the
   corrections are consistent with the PP. The method of determining the
   appropriate correction should be based on the procedures of the scheme
   that issued the PP.

SPECIFIC INTERPRETATION

   As the ASE criteria are still in flux, a specific change is not
   provided. However, the basic notion is to add something to the PP
   compliance requirements along the lines of:

     Each PP claim shall identify any new errors identified in the
     underlying PP, how they were corrected, and how the correction does
     not violate the intent of the PP.

SUPPORT:

   The basic notion underlying this guidance is that a flawed PP should
   not hinder the evaluation of STs. Thus, when such a problem is
   identified, it should be corrected in such a manner as to maintain the
   intent of the PP while fixing the flawed words.

   For PPs issued or evaluated under the CCEVS evaluation scheme, such
   problems should result in an Observation Report that is submitted to
   CCEVS. CCEVS will consult with the authors of the PP (if possible)
   and/or the PP Review Board to determine the original intent, and will
   issue a decision on how to correct the problematic requirements in the
   context of the ST's evaluation. Such an OR then serves as
   justification that the PP compliance claim is still valid even with
   the change.

0436.pdf

Prev by Date: Re: I-0434: Treatment Of TSF Components Provided By A Third-Party
Next by Date: Re: I-0451: When To Use IFF/IFC And AFF/AFC
Prev by thread: Re: I-0436: Compliance Claims Against A Flawed PP
Next by thread: I-0434: 3rd Party Hardware/Software And Assurance

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov