RE: PD 0133: Level of Detail in SFRs

Subject: RE: PD 0133: Level of Detail in SFRs
From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>
Date: Tue, 13 Mar 2007 14:36:41 -0400
Content-class: urn:content-classes:message
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="us-ascii"
In-Reply-To: <C489E3F8D472A34B9D58928A7F67DC571C4C66@aplesnation.dom1.jhuapl.edu>
References: <45DD7039.17818.D8575C@faigin.aero.org> <CD6BB6072E0DF243B7862BAC93CA291A05324858@0581-its-exmp01.us.saic.com> <C489E3F8D472A34B9D58928A7F67DC571C4C66@aplesnation.dom1.jhuapl.edu>
Thread-Index: Acdlmd3qUuovq5V2Rpig4R6dwTUJggAAxb8A
Thread-Topic: PD 0133: Level of Detail in SFRs



> I suggest that this is simply a result of the CCEVS decision 
> to focus on the needs of DoD customers.  Within the context 
> of such a focus, the effective purpose of CCEVS evaluations 
> becomes meeting those needs.  
> 
> This context is quite different (no statement about good/bad 
> or right/wrong ONLY different) from the context of a 
> broad-community evaluation scheme.  In the latter specifying 
> specific functionality would seem to be inappropriate.  In 
> the former context, specifying specific functionality is 
> likely in line with perceived customer needs and hence more 
> likely appropriate.

However, this draft precedent is not about functionality at all but
rather about presenting details in the SFRs in addition to presenting
them in the TSS. This draft precedent seems to simply require that
details within the TSS, that are supposed to be used to justify
conformance with requirements, must actually find its way directly into
the requirements.

While I understand the motive to limit the products being evaluated
based on NSA customer needs given the current resource situation, I
don't think that should result in long term ramifications for other CC
evaluation in the form of precedents or interpretations. Rather, I think
CCEVS policies are a vehicle more appropriate for imposing NSA-desired
restrictions on evaluations, much as I disagree with the notion of a
mandatory, ad hoc PP in the form of policy letters.

References:
- PD 0133: Level of Detail in SFRs
  - From: "Observation Decisions Review Board" <faigin@aero.org>
- RE: PD 0133: Level of Detail in SFRs
  - From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>
- RE: PD 0133: Level of Detail in SFRs
  - From: "Stoneburner, Gary R." <Gary.Stoneburner@jhuapl.edu>

Prev by Date: RE: PD 0133: Level of Detail in SFRs
Next by Date: PD 0134: Medium Robustness Traffic Filtering PP: Administrator accounts
Prev by thread: RE: PD 0133: Level of Detail in SFRs
Next by thread: Re: PD 0133: Level of Detail in SFRs

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov