PD 0137: CC V3 PP Conformance Type Consistency

Subject: PD 0137: CC V3 PP Conformance Type Consistency
From: "Observation Decisions Review Board" <faigin@aero.org>
Date: Thu, 31 May 2007 08:36:08 -0700
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal


[At its latest meeting, the ODRB issued the following PD. Any comments or 
corrections to this PD will be considered at the next ODRB meeting.]

PD 0137: CC V3 PP Conformance Type Consistency

ISSUE

In CCv3.1, ASE_CCL.1-10 requires, in paragraph 361 and 362, that, for a
claim of "demonstrable" PP compliance, CC Part 1 Annex D (in particular,
Annex D.3) is to be used. This annex defines, in paragraph 444 first
bullet, that, when an ST is more restrictive than a PP, then "all TOEs
that meet the PP also meet the ST". This statement is inconsistent
because when an ST is more restrictive, i.e. has stricter assumptions,
threats, etc. a TOE that conforms with the PP is not necessarily
compliant with the ST.  

Similarly, in CC Part 1 paragraph 445, first bullet, the second
sub-bullet contains a requirement that is also inconsistent; and again
in paragraph 445, second bullet, second sub-bullet.


RESOLUTION

1. In CC Part 1, paragraph 444: rephrase first bullet to "all TOEs that
   meet the ST also meet the PP, and".

2. In CC Part 1, paragraph 445: rephrase first bullet, second sub-bullet
   to "all operational environments that would meet the security problem
   definition in the ST would also meet the security problem definition
   in the PP."

3. In CC Part 1, paragraph 445: rephrase second bullet, second
   sub-bullet to "all operational environments that would meet the
   security objectives for the operational environment in the ST would
   also meet the security objectives for the operational environment in
   the PP."

RATIONALE

It would seem that the CC V3 authors wrote paragraph 444 and 445 a
little too quickly.  In item 1 of the resolution, an alternate wording
would be something to the effect that any TOE must conform to BOTH the
ST and the PP.  Regardless, the Issue statement is clear.  It is easy to
imagine TOEs conforming to a PP that do not conform to an ST that is
more restrictive.  Likewise in items 2 and 3, it is easy to imagine
operational environments that would conform to a PP yet not conform to a
more restrictive ST.

Prev by Date: Updated PD 0097: Compliance with IDS System PP Export Requirements
Next by Date: Re: The meaning of "not otherwise described"
Prev by thread: PD 0139: CC V3 Conformance Type for Existing CC V2 PPs
Next by thread: Updated PD 0097: Compliance with IDS System PP Export Requirements

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov