Re: I-0434: Treatment Of TSF Components Provided By A Third-Party

Subject: Re: I-0434: Treatment Of TSF Components Provided By A Third-Party
From: "NIAP Interpretations Board" <faigin@aero.org>
Date: Tue, 25 Nov 2003 12:27:55 -0800
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal
Reply-to: cc-cmt@nist.gov


The NIB reviewed the 12 comments related to this draft interpretation or 
stimulated by the various other topics that were discussed.

Several comments were concerned with the draft Interpretation's mention of the 
fact that, if a PP/ST author includes explicitly specified assurance components 
that treat third-party components differently from other TOE components, the 
TOE "would not be covered by the Recognition Arrangement". 

Several commenters asked whether and to what extent augmentations to EALs 1 to 
4 were recognized---in particular:

*   The assurance maintenance (AMA) for a particular TOE that was
    announced in a recent CCEVS Validated Products Listing.  Article 5,
    Conditions for Recognition, of the CCRA states that the authorized
    certificate "confirms that the evaluation and
    certification/validation processes have been carried out in a "duly
    professional manner (a) on the basis of accepted IT security
    evaluation criteria and (b) using accepted IT security evaluation
    methods." Since the AMA requirements and evaluation methodology have
    not been finalized or accepted, it seems that AMA evaluations may be
    only recognized right now by the schemes under which the evaluations
    were performed. 

*   An "EAL4 Augmented ALC_FLR" assurance level for that same TOE.
    Footnote 5 of the CCRA, in its discussion of the information that a
    Certificate must include, indicates that the Assurance Package entry
    "distinguish between CC EAL Part 3 conformant and CC EAL Part 3
    augmented. Augmentation should be designated by a plus (e.g.,
    EAL3+)." However, the Schemes have agreed to include in the listing
    the specific components that make up the augmentations. 

*   A hypothetical TOE for which the EAL3 assurance requirements were
    specified for most parts of it and AVA_VLA.3, an EAL5 assurance
    component,  was specified for another part. Based on Article 5 of
    the CCRA, it would  seem that the Assurance Package portion of the
    certificate would show EAL3  Augmented (EAL3+ AVA_VLA.3) and that
    the CCRA participating schemes would recognize only the EAL3 part of
    it. 

Other comments were concerned with the use of explicitly specified assurance 
components (that is, per the CC, Part 1, Glossary, assurance requirements not 
contained in Part 3 of the CC) to permit the use of "balanced assurance" or, 
per Mr. Elliott's concern, to also possibly permit trivial methods for meeting 
and/or evaluating a requirement such as "a vendor's lips moving in a reassuring 
manner." Although such requirements would not be recognized (Article 5), the CC 
allows their use (APE/ASE_SRE.1) and the CEM directs how the requirements and 
their justifications are to be evaluated.

The PP/ST author is also allowed to refine an SFR or SAR (per the CC, Part 1, 
Glossary, "the addition of details to a component")---along with a 
justification for the refinement.  Furthermore, as Mr. Faigin pointed out on 27 
August 2003, the product that claims to meet the refinement must also meet the 
unrefined requirement and, in the case of a refined SAR, meet the applicable 
CEM work units for that requirement. Since a refinement is a "legal" CC 
operation, the CCRA participating schemes should recognize it. 

Mr. Forsberg, in his 28 August 2003 comment, reminds us that third-party 
components come in various forms (e.g., components comprised of hardware, 
firmware, and software; hardware/software tokens, "standard libraries" used to 
compile software). However, as Mr. Faigin points out in his 28 August 2003 
response, the person or organization who supplies the software library or other 
component determines whether the component is the TOE developer's or a third-
party component.

Mr. Forsberg also noted that, while the Support section of the Interpretation 
currently discusses the use of both refined and explicit assurance components 
to treat third-party components differently from other components, the 
Statement section only addresses explicitly stated assurance components.

The NIB will make changes to I-0434 to better reflect the use of refinement and 
other operations, and the impact of explicit operations on recognition. A 
revised I-0434 will be published for review shortly.

Prev by Date: Re: I-0464: Conditional Requirements
Next by Date: Re: Question regarding refinements of SFRs impacted by NIAP interpretations
Prev by thread: Re: I-0434: Treatment Of TSF Components Provided By A Third-Party
Next by thread: Re: I-0434: Treatment Of TSF Components Provided By A Third-Party

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov