Re: Demise of AMA?

Subject: Re: Demise of AMA?
From: "NIAP Interpretations Board" <faigin@aero.org>
Date: Tue, 21 Dec 2004 07:50:17 -0800
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal

On September 5th Jim Knoke wrote:

> Is it true that there are no longer any AMA (assurance 
> maintenance) requirements at the international or US level? They seem to 
> have been completely removed from v2.2 of CC Part 3 and I can no longer 
> find CCIMB-2003-02-001 (Supplement: AMA) anywhere.

> We now seem to be left with CCIMB-2004-02-009 ("Assurance Continuity: 
> CCRA Requirements)?? This document seems to contain much less on the 
> detailed nuts-and-bolts than the presumably defunct documents mentioned 
> above. And there are a couple of profiles I see that seem to include some 
> of the old AMA requirements.

> The Assurance Continuity document indicates that a national scheme can 
> have additional requirements, but I haven't seen any. Does the US 
> scheme envision that AMA-type requirements would be any different at EAL5 
> than at lower EALs?

The NIB is heartened that there is some interest in the mechanics of assurance 
maintenance.  Thank you for your questions. 

The "Assurance Continuity: CCRA Requirements" document is the only currently 
recognized guidance for addressing this issue. There are no plans either within 
the US scheme or in the international organization to create any more. The NIB 
feels the community would be interested if someone were to point out what they 
perceive as deficiencies in that document.

Prev by Date: Re: Interpretation of FAU_SEL.1.1 and FAU_STG.4.1
Next by Date: Re: Clarification of rules when incorporating NIAP interps
Prev by thread: demise of AMA?
Next by thread: Re: FDP_ITC.1.2 and the phrase 'security attibutes associated with the user data'

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov