Re: Wordings are not consistent in CCV3.1

Subject: Re: Wordings are not consistent in CCV3.1
From: "NIAP Interpretations Board" <faigin@aero.org>
Date: Thu, 31 May 2007 08:36:07 -0700
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal


The ODRB and NIB have been busy of late, so we apologize that this
response is so late. 

Back in October 2006, Hirofumi Yakota asked about CC v3, in particular,
words in the functional requirements such as  

"covered by the SFP"
"controlled under the SFP"
"controlled by the TSF"

He wondered about the intent of these phrases, and he lamented about the
inconsistency of terminology in CC v3 Part 2. 

The NIB agrees about the inconsistent terminology. CC v3.0 attempted to
correct the terminology, but had problems in other areas. The rework to
CC v3.1 was schedule-constrained, and did not have the time to
regularize all the terms. Perhaps that will happen in CC v4.x. But until
them, all that can be done is to highlight the problems, propose wording
solutions to those problems, and work to get them incorporated in
incremental revisions. 

In the case of this particular question, the NIB notes that the notion
of covered or controlled all ties back to the definition of the
identified SFP in ACC/ACF or IFC/IFF. These identify whether the policy
covers all operations, objects/information, subjects, and
attributes. The subsequent references serve to tie an SFR to the policy,
thus giving the connection to what set of things are affected by that
SFR.

Prev by Date: PD 0139: CC V3 Conformance Type for Existing CC V2 PPs
Next by Date: Re: FDP_ITT.4 Attribute-based integrity monitoring
Prev by thread: RE: wordings are not consistent in CCV3.1
Next by thread: CCEVS Announcement Impact

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov