Re: I-0414: Site-Configurable Prevention Of Audit Loss

Subject: Re: I-0414: Site-Configurable Prevention Of Audit Loss
From: "Dr.Ir. D.J. Out" <out@itsef.tno.nl>
Date: Fri, 30 Jan 2004 16:03:15 +0100
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii; format=flowed
Organization: TNO-ITSEF BV
References: <4E25ECBBC03F874CBAD03399254ADFDE10FADC@US-Columbia-CIST.mail.saic.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020408


> Note that I think the interpretation can be justified as defining a 
> middle ground between existing components that will help bring 
> consistency to the specification of the requirement for a common 
> situation. But I can also argue that it is just a refinement of 
> FAU_STG.3. The CC indicates that you cannot refine to a 'new' 
> requirement, but where is the dividing line?

The goal of "not refining to "new"" is to prevent:

- Adding lines like "The TSF shall also not emit electromagnetic 
signals" to FAU_STG so that it is completely out-of-character"

- Or add refinements to assurance components so that they become 
higher-level assurance components (to prevent labs from bypassing the 
CCRA) "I took VLA.2 and refined it to "high"

This would be far from the dividing line IMO....




-- 
TNO ITSEF BV
P.O. Box 96864          tel +31 70 374 0304
2509 JG The Hague       fax +31 70 374 0651
The Netherlands         www.commoncriteria.nl

Follow-Ups:
- Handling of a final interpretation
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

References:
- I-0414: Site-Configurable Prevention Of Audit Loss
  - From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>

Prev by Date: I-0414: Site-Configurable Prevention Of Audit Loss
Next by Date: FIA_UID/FIA_UAU Hierarchy
Prev by thread: I-0414: Site-Configurable Prevention Of Audit Loss
Next by thread: Handling of a final interpretation

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov