Re: I-0414: Site-Configurable Prevention Of Audit Loss
> Note that I think the interpretation can be justified as defining a
> middle ground between existing components that will help bring
> consistency to the specification of the requirement for a common
> situation. But I can also argue that it is just a refinement of
> FAU_STG.3. The CC indicates that you cannot refine to a 'new'
> requirement, but where is the dividing line?
The goal of "not refining to "new"" is to prevent:
- Adding lines like "The TSF shall also not emit electromagnetic
signals" to FAU_STG so that it is completely out-of-character"
- Or add refinements to assurance components so that they become
higher-level assurance components (to prevent labs from bypassing the
CCRA) "I took VLA.2 and refined it to "high"
This would be far from the dividing line IMO....
TNO ITSEF BV
P.O. Box 96864 tel +31 70 374 0304
2509 JG The Hague fax +31 70 374 0651
The Netherlands www.commoncriteria.nl
Date Index |
Thread Index |
Problems or questions? Contact firstname.lastname@example.org