RE: wordings are not consistent in CCV3.1

Subject: RE: wordings are not consistent in CCV3.1
From: "John Boone" <jboone@ashtonlabs.com>
Date: Mon, 16 Oct 2006 09:44:05 -0400
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
In-Reply-To: <001c01c6f0ca$b5f489c0$6858a8c0@yokota>
Thread-Index: AcbwzKw42EPWNBkxS3urAIcbjEubxAAWIAsw


Hirofumi,

You're welcome, and thank you for your observations. All good points, in my
opinion ...

Interpretations have been a part of the process since the beginning, and I
think it is a difficult process addressing difficult issues. 

I agree with many of the points you make. I think "continuous improvement"
in the specification language is a good goal.

	-John

> -----Original Message-----
> From: cc-cmt@nist.gov [mailto:cc-cmt@nist.gov] On Behalf Of YOKOTA
> HIROFUMI
> Sent: Sunday, October 15, 2006 10:41 PM
> To: Multiple recipients of list
> Subject: Re: wordings are not consistent in CCV3.1
> 
> 
> 
> Thanks John,
> 
> Objectivity and impartiality are the universal principles of evaluation.
> For that principles, SFR(s) are the essential parts of the CC evaluation.
> 
> If it is hard to read SFR(s), it would be hard to write and evaluate the
> rationales that demonstrate the requirements be suitable to meet the
> security objectives.
> If it is hard to evaluate the rationales, Objectivity of the evaluation
> would be hard to achieve.
> If it is hard to achieve the objectivity of the evaluation, Impartiality
> of
> the evaluation would also be hard to achieve.
> 
> I think, interpretations of SFR(s) have been argued a lot since in the
> field
> among ST writers, evaluators and validators.
> I wish, continued effort be taken to upgrade the SFR(s) making them more
> readable.
> 
> Regards,
> Hirofumi Yokota
> 
> ----- Original Message -----
> From: "John Boone" <jboone@ashtonlabs.com>
> To: "Multiple recipients of list" <cc-cmt@nist.gov>
> Sent: Saturday, October 14, 2006 6:07 AM
> Subject: RE: wordings are not consistent in CCV3.1
> 
> 
> >
> > Hi,
> >
> > I'm not jumping in on one side or the other of the wording arguments,
> but
> I
> > thought I could add something that might clarify the (original) need for
> > this type of phrase in the CC. It might help explain the intended
> semantics
> > ..
> >
> > I think these phrases support the concept that a TOE might apply a
> policy
> to
> > a "subset" of objects or subjects. E.g., access control for file system
> > objects, but not printer buffers. Hence, these SFRs had to qualify
> > everything, to point to the objects (for instance) that were within
> scope.
> >
> > Again, not arguing either side of doing it this way ... and not
> addressing
> > the consistency issues ...
> >
> > -John
> >
> > [...]
> > > > CC(V3.1) Part2.
> > > >
> > > > 1. "covered by the SFP" --- P57  FDP_ACC.1.1
> > > > 2. "controlled under the SFP" --- P73 FDP_ITC.1.1
> > > > 3. "controlled by the SFP(s) --- P76 FDP_ITT.2.2
> > > > 4. "controlled by the TSF" --- P82 FDP_SDI.1.1
> > > >
> > > > Are they all the same?
> > [...]
> >
> >
> >
> >

References:
- Re: wordings are not consistent in CCV3.1
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: Re: wordings are not consistent in CCV3.1
Next by Date: Re: FDP_ITT.4 Attribute-based integrity monitoring
Prev by thread: Re: wordings are not consistent in CCV3.1
Next by thread: FDP_ITT.4 Attribute-based integrity monitoring

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov