Re: Wordings are not consistent in CCV3.1
- Subject: Re: Wordings are not consistent in CCV3.1
- From: "NIAP Interpretations Board" <firstname.lastname@example.org>
- Date: Thu, 31 May 2007 08:36:07 -0700
- Content-description: Mail message body
- Content-transfer-encoding: 7BIT
- Content-type: text/plain; charset=US-ASCII
- Priority: normal
The ODRB and NIB have been busy of late, so we apologize that this
response is so late.
Back in October 2006, Hirofumi Yakota asked about CC v3, in particular,
words in the functional requirements such as
"covered by the SFP"
"controlled under the SFP"
"controlled by the TSF"
He wondered about the intent of these phrases, and he lamented about the
inconsistency of terminology in CC v3 Part 2.
The NIB agrees about the inconsistent terminology. CC v3.0 attempted to
correct the terminology, but had problems in other areas. The rework to
CC v3.1 was schedule-constrained, and did not have the time to
regularize all the terms. Perhaps that will happen in CC v4.x. But until
them, all that can be done is to highlight the problems, propose wording
solutions to those problems, and work to get them incorporated in
In the case of this particular question, the NIB notes that the notion
of covered or controlled all ties back to the definition of the
identified SFP in ACC/ACF or IFC/IFF. These identify whether the policy
covers all operations, objects/information, subjects, and
attributes. The subsequent references serve to tie an SFR to the policy,
thus giving the connection to what set of things are affected by that
Date Index |
Thread Index |
Problems or questions? Contact email@example.com