RE: PD 0122: Description of Logical and Physical Boundaries

["Daniel P. Faigin" <faigin@aero.org>]

On Fri, 14 Oct 2005 13:00:52 -0400 (EDT), "Williamson, Robert L. Jr."
<ROBERT.L.WILLIAMSON.JR@saic.com> said: 

> I believe CCEVS
> and validators would like more technical detail. I believe customers would
> like to know what security functions does it provide and some idea of how it
> does it functionality. 

Actually, with respect to the ST, I'm not asking for more technical
detail. What I'm asking for is a clear delineation between what services or
functions are provided by the TOE (and thus are evaluated) and which are
provided by the environment (and thus are not evaluated). I want this so that
as a customer, I'm not mislead as to where the assurance can be placed; I want
this as an accreditor to know what I have to look at as part of integrating
the system.

This needn't be at the subsystem or module level; architecture only comes into
play in terms of the "chunks" of product (hardware, software) that I must
buy. But it does come into play functionally: My application protocols are
provided by the TOE, the rest of the stack by the operating system -- I notify
users of problems via email, but the entire email mechanism is provided by
something unevaluated.

That boundary must be clear to consumers.