Re: cc-cmt question about IT Environment SFRs in PPs and STs

["Dr.Ir. D.J. Out" <out@itsef.tno.nl>]

Tom Benkart wrote:
> 
> If a PP allocates SFRs to the IT Environment, is it permissible for STs 
> to satisfy one or more of those requirements in the TOE and still claim 
> conformance to the PP?

Formally not.

> 
> And (assuming it is), what is the appropriate way to specify those SFRs 
> in the ST:
> 
> (A) Leave the SFRs in the IT Environment (essentially, do not claim that 
> functionality in the TOE even though it is there)
> 
> (B) Move those SFRs to the TOE
> 
> If A, is it required that the TOE boundary be drawn such that the 
> relevant functionality is outside the TOE boundary?  Do those SFRs have 
> to be addressed by the evaluation evidence since it remains allocated to 
> the IT Environment?
> 
> If B, do the corresponding IT Environment Objectives move to the TOE 
> also (since TOE SFRs have to be mapped to TOE Objectives)?  What should 
> be done if an assumption was mapped to such an Objective in the PP?  
> What happens if multiple IT Environment SFRs are mapped to one IT 
> Environment Objective in the PP, and only some of those SFRs are 
> satisfied by the TOE for a specific ST?

CC 2.4 (and presumably CC v3.0) have a concept called "Demonstrable 
Compliance".

This means that an ST does not "syntactically" comply to the PP, but it 
does in a "semantic" way. Basically, the ST writer would give a 
rationale why his ST (which encompasses also some requirements for the 
environment) would still meet the PP.

But under v2.1 you formally can't.

With regards,

Dirk-Jan









> 
> Thanks.
> 
> Tom
> 
> Tom Benkart
> Lab Manager
> COACT, Inc.
> 9140 Guilford Road, Suite G
> Columbia, MD. 21046
> 301-498-0150
> Fax: 301-498-0855
> teb@coact.com
> 
> 
> 
> 



-- 
TNO ITSEF BV
P.O. Box 96864          tel +31 70 374 0304
2509 JG The Hague       fax +31 70 374 0651
The Netherlands         www.commoncriteria.nl