PD-0106: Situations Where AGD_USR May Be Vacuously Satisfied
- Subject: PD-0106: Situations Where AGD_USR May Be Vacuously Satisfied
- From: "Observation Decisions Review Board" <firstname.lastname@example.org>
- Date: Thu, 06 May 2004 12:21:42 -0700
- Content-description: Mail message body
- Content-transfer-encoding: 7BIT
- Content-type: text/plain; charset=US-ASCII
- Priority: normal
This decision represents a long-term technical decision based on a
previously issued OD, and may not be the same as the final results of
the source OD. It provides suggested guidance on evaluation direction,
but is not the authoritative final answer. Authoritative final answers
are provided through the published criteria documents and published
scheme and international interpretations thereof.
Decision Date: 2004-04-08
Last Modified 2004-05-06
For some products, such as routers, select firewalls, etc., the
product is transparent to the user. For these products, the user is
not provided with a direct interface to the product or an account to
use to log into the product. For these products, the requirement for
user guidance does not seem to apply since the TSF does not provide
any interfaces for direct use by non-administrative users.
Is it acceptable for ST of these systems to state that the AGD_USR.1
requirement is vacuously satisfied?
The ST section for AGD_USR should state that there are no
non-administrative user interfaces. The AGD_USR ETR section should
include a justification as to why it is not necessary to present any
assumptions or IT environment requirements regarding
non-administrative user behavior. However, if there are environment
assumptions and requirements that are relevant to end users, then
AGD_USR cannot be vacuously satisfied, and relevant end-user
information must be provided in the user documentation.
The following is a detailed analysis of the AGD_USR requirements.
* AGD_USR.1.1C: This element talks explicitly about the functions
and interfaces available to the non-administrative users. As there
would be none in the described case, it is acceptable for this to
be vacuously satisfied.
* AGD_USR.1.2C: This elements talks about a description of
user-accessible security functions. There are no
non-administrative user-accessible security functions. There are
administrator-accessible security functions, but these should be
covered by AGD_ADM.1.1C, which describes the administrative
* AGD_USR.1.3C: This talks about warnings concerning user-accessible
functions and privileges that should be controlled. This is
equivalent to AGD_ADM.1.3C.
* AGD_USR.1.4C: This talks about presenting all user
responsibilities necessary for secure operation of the TOE,
including assumptions about user behavior. This appears to be
covered for administrative users by AGD_ADM.1.4C.
* AGD_USR.1.5C: This talks about consistency with other
documentation. For administrators, this is covered by
* AGD_USR.1.6C: This talks about describing all security
requirements for the IT environment that are relevant. This is
covered by AGD_ADM.1.8C. However, if there are assumptions about
the IT environment that would apply to end users, this would be
one piece of information that would not be in the administrative
* CC v2.1 Part 3, AGD_USR
Date Index |
Thread Index |
Problems or questions? Contact email@example.com