Categorisation of SFRs for the TOE and for the IT environment

["NIAP Interpretations Board" <faigin@aero.org>]

One thing that Dirk-Jan did not bring up was the fact that the ASE/APE update 
that is out for draft has introduced the idea of the PP author specifying how 
exact he wants STs to align with the PP in order to be able to claim 
compliance. If he wants total exactness, then the requirements identified as 
being for the environment may not be met by the TOE; there are lesser degrees 
of alignment that would permit the environmental requirements to be met by the 
TOE. 

If a PP author wishes to construct a PP so that some SFRs may be met either by 
the TOE or by the environment, the rules associated with allocating them need 
to be spelled out. For example, what is the granularity of allocating SFRs to 
the TOE or environment: do they all have to stay together as an indivisible 
set, though it doesn't matter whether they are allocated to the TOE or 
environment? or may they be allocated to TOE and environment as the ST author 
chooses? Or are there some consequences for allocating a given SFR to the TOE 
(perhaps the allocation of TOE vs environment is done at the level of security 
objectives: all SFRs that map to a single objective must be allocated the same 
way). 

In all cases, the NIB believes the PP author needs to spell out these rules in 
order to keep the intended flexibility from being so unconstrained that it 
becomes useless.