Updated PD 0097: Compliance with IDS System PP Export Requirements

Subject: Updated PD 0097: Compliance with IDS System PP Export Requirements
From: "Observation Decisions Review Board" <faigin@aero.org>
Date: Thu, 05 Apr 2007 10:51:06 -0700
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal


Based on a recent OD, the ODRB has updated PD 0097 and added support for the 
position taken.

The revised PD is as follows:

PD Date: 2003-08-19
 
PD Title: Compliance with IDS System PP Export Requirements

PD Issue
 
The Intrusion Detection System (IDS) System Protection Profile (PP)
contains four requirements related to performing authentication and
exporting TSF data to external IT entities - FIA_AFL.1, FPT_ITA.1,
FPT_ITC.1, and FPT_ITI.1. However, the TOE described in the PP contains
all of the specified functionality itself and, therefore, does not
communicate with any external IT products. Does this mean these
requirements are satisfied vacuously by compliant TOEs, or are the
requirements intended to apply to additional IT products that are
external to the system? 

PD Resolution
 
The inter-TOE SFRs (FPT_ITA.1, FPT_ITC.1 and FPT_ITI.1) apply to
communication with remote IT systems. However, these requirements were
incorrectly included in the system PP because the IDS system has no such
communication. Likewise, the O.EXPORT objective was erroneously
replicated into the system PP.  

The PP author has indicated that the intent of the three SFRs (ITA, ITC,
and ITI) was to protect communications between the components in an IDS
system. As an IDS system does not communicate with IDS components
outside of the IDS system TOE, ITA, ITC, and ITI are not needed and must
be removed from the System PP. Note, however, if the TOE of an IDS
system is a distributed TOE, FPT_ITT.1 must be included in the TOE to
protect those communications and claim compliance with the PP.
Including FPT_ITT does not require vendors to implement their own
cryptographic methods.  

Additionally, the requirement to detect attempts to access the TOE by
untrusted external IT products (FIA_AFL.1) was incorrectly included in
the system PP. The requirement calls for account lockout specifications
for external IT product connections to the TOE. Since the TOE does not
allow access to itself from external IT products, this requirement does
not belong in this PP. 

PD Support

Requirements of any sort are not vacuously satisfied by the absence of
functionality. In this case, what is claimed to be absent is the 'remote
trusted IT product' called for in FPT_ITA.1, FPT_ITC.1, FPT_ITI.1, and
in FIA_AFL.1 as modified by the IDS System PP. In the absence of such a
product, no messages from the IDS are exchanged which require
authentication failure handling, confidentiality, availability, or
detection of modification. 

According to the PP author/owner, however, 'remote IT product' was
intended to apply at the component level, not the system-to-system
level, even in the IDS System PP. That is, a collection of electronics
may be a 'closed system' even if its components are on separate
continents, but to meet the IDS PP the components must communicate using
a protocol that implements all four of the above FSRs. 

A 'remote IT product' can be any component of the TOE that communicates
with other TOE components using an established protocol: a remote
sensor, an admin workstation, or another component of the TOE. IDS
systems also frequently interact with the networks they monitor, to
collect information or modify their behavior. If the TOE employs such
communication, all four of the above SFRs must be included in the ST to
comply with the PP. 

FPT_ITT.1, which requires that TSF data transferred between separate
parts of the TOE be protected, must be included in the TOE to claim
compliance with the IDS System PP. 

PD History

2003-12-19
    Information added about FPT_ITT.1. (December 2003 ODRB Agenda Item
    3.b.i)  
2004-05-06
    Updated to clarify the applicability of FPT_ITT in non-distributed
    TOEs. (April 2004 ODRB Agenda Item 4.d.i) 
2004-08-12
    Updated effective date to reflect the date the PD was
    issued. (August 2004 NIB 6.c.xiv)  
2007-03-28
    Added support from OD-0217 to clarify the resolution and clarified
    the use of FTP_ITT. (March 2007 ODRB 3.a.i)

Prev by Date: Re: Addendum to Policy Letter 13: Audit Generation Functionality
Next by Date: PD 0137: CC V3 PP Conformance Type Consistency
Prev by thread: PD 0137: CC V3 PP Conformance Type Consistency
Next by thread: Re: Addendum to Policy Letter 13: Audit Generation Functionality

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov