CCEVS Public Interpretations Database: CCEVS Public Interpretation Database by Number

CCEVS Public Interpretation Database by Number

I-0338: ~~Configuration Items In The Absence Of Explicit Scope~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0412 on 2001-06-22)
I-0339: ~~Assurance Of RVM Is By Testing And Design Analysis~~
(Approved by CCEVS Management on 2000-03-27; rescinded on 2002-01-04)
I-0346: ~~Users Authorised To Change Authentication Data Are Not Roles~~
(Withdrawn on 1999-11-04)
I-0347: Including Sensitive Information In Audit Records
(Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-07-17)
I-0348: ~~Audit Data Loss Prevention Method May Be Site-Selectable~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0414 on 2002-03-11)
I-0349: ~~Grammatical/Typographical Corrections In Common Criteria V2.1~~
(Withdrawn on 2004-11-03)
I-0350: Clarification Of Resources/Objects For Residual Information Protection
(Approved by CCEVS Management and Mailed to Public Mailing List on 2002-03-04)
I-0351: ~~User Attributes To Be Bound Should Be Specified~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0415 on 2002-05-14)
I-0352: ~~Rules Governing Binding Should Be Specifiable~~
(Approved by CCEVS Management on 2000-12-20; superseded by CCIMB-INTERP-0137 on 2004-01-30)
I-0353: ~~Association Of Access Control Attributes With Subjects And Objects~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0416 on 2000-12-05)
I-0354: ~~Association Of Information Flow Attributes W/Subjects And Information~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0417 on 2000-12-11)
I-0355: ~~Evaluation Of The TOE Summary Specification: Part 1 Vs Part 3~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0418 on 2000-12-05)
I-0356: FDP_RIP Annex: Reuse Of Subject Data Notes
(Sent to CCEVS Management and CCIMB for Review on 2003-03-12)
I-0358: ~~Roles Whose Membership Is Defined By Object Attributes~~
(Withdrawn on 1999-12-17)
I-0359: ~~Ordering Of Basic And Minimal Audit For FMT_REV~~
(Withdrawn on 1999-11-04)
I-0360: ~~Non-Normative Materials In Annexes B (PP) And C (ST)~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0361: ~~"Reference" Refers To A Citation Of The Text Source~~
(Withdrawn on 2000-03-21)
I-0362: ~~Scope Of Permitted Refinements~~
(Approved by CCEVS Management on 2000-03-27; superseded by CCIMB-INTERP-0019, CCIMB-INTERP-0098 on 2002-03-12)
I-0363: ~~Attribute Inheritance/Modification Rules Need To Be Included In Policy~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0420 on 2002-08-22)
I-0364: ~~Application Notes In Protection Profiles Are Informative Only~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0421 on 2001-06-22)
I-0365: ~~Broad Consistency And Coherency Of Application Notes In A PP~~
(Tabled on 1999-12-17)
I-0367: Management Sections Are Informative
(In CCIMB RI Queue on 2003-05-15)
I-0368: ~~Assumptions Related To Security Objectives For The Environment~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0369: ~~Security Management Functions To Be Provided Must Be Enumerated~~
(Withdrawn on 2001-08-28)
I-0370: ~~Clarification Of ``Audit Records''~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0422 on 2000-12-05)
I-0371: ~~Some Modifications To The Audit Trail Are Authorized~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0423 on 2000-12-11)
I-0372: ~~Audit Records Must Be Protected At All Times~~
(Withdrawn on 2001-11-15)
I-0373: ~~FPT_SEP.2 And FPT_SEP.3 Are Not Hierarchical~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0424 on 2000-12-05)
I-0374: ~~Nature Of Components~~
(Withdrawn on 2001-06-14)
I-0375: Elements Requiring Authentication Mechanism
(Approved by CCEVS Management and Mailed to Public Mailing List on 2001-03-15)
I-0376: ~~Dependencies Between FIA_UID And FIA_ATD~~
(Withdrawn on 1999-10-01)
I-0377: ~~Settable Failure Limits Are Permitted~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0425 on 2000-12-05)
I-0378: Meaning Of Compliance Claims
(In CCIMB RI Queue on 2003-05-15)
I-0379: How To Require User/Admin Documentation For Functional Components
(In CCIMB RI Queue on 2003-05-15)
I-0380: ~~FPT_ITT, FPT_SSP, And FPT_TRC Should Be Incorporated Into FPT_SEP~~
(Pending on: ADV Rewrite on 2004-05-07)
I-0381: ~~Relationship Between FPT_PHP And FMT_MOF~~
(Approved by CCEVS Management on 2002-03-04; superseded by CCIMB-INTERP-0212 on 2003-10-31)
I-0382: TSF Architectural Protections Are Really Assurances
(In CCIMB RI Queue on 2003-05-15)
I-0383: ~~Content Of PP Claims Rationale~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0426 on 2000-12-05)
I-0384: ~~Subsystems Interfaces Are Described At A High Level~~
(Pending on: ADV Rewrite on 2004-05-07)
I-0385: ~~Identification Of Standards~~
(Approved by CCEVS Management on 2000-03-27; superseded by 0427 on 2001-06-22)
I-0386: ~~High Level Design Is Too Close To Implementation~~
(Pending on: ADV Rewrite on 2004-05-07)
I-0387: Auditing Of Audit Storage Failures
(Ready to Send to Management/CCIMB on 2005-02-04)
I-0388: What Is The Difference Between "Sort" And "Order"?
(Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
I-0389: ~~Recovery To A Known State~~
(Approved by CCEVS Management on 2001-03-15; rescinded on 2003-05-09)
I-0390: ~~Clarification Of Implied Evaluation Actions For CM~~
(Withdrawn on 2003-02-11)
I-0391: ~~Missing Mapping: IT Environment Requirements And High-Level Design~~
(Withdrawn on 2003-05-12)
I-0392: AVA_MSU Does Not Mandate Extra Functions In The TOE
(Sent to CCEVS Management and CCIMB for Review on 2003-03-12)
I-0393: ~~A Completely Evaluated ST Is Not Required When TOE Evaluation Starts~~
(Approved by CCEVS Management on 2001-03-15; superseded by CCIMB-INTERP-0150 on 2003-07-15)
I-0394: ~~Iteration Must Cover All Scopes~~
(Approved by CCEVS Management on 2000-12-20; superseded by CCIMB-INTERP-0019 on 2002-03-12)
I-0395: ~~Security Attributes Include Attributes Of Information And Resources~~
(Approved by CCEVS Management on 2001-03-15; superseded by CCIMB-INTERP-0151 on 2003-10-31)
I-0396: ~~Application Notes Are Permitted In Security Targets~~
(Withdrawn on 2000-06-06)
I-0397: ~~Iteration On Assurance Components/Elements~~
(Approved by CCEVS Management on 2001-03-15; superseded by CCIMB-INTERP-0019 on 2002-03-12)
I-0398: ~~Assumptions, Objectives, And Environmental Requirements~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0399: ~~Flaw Remediation Is Independent Of Maintenance Of Assurance~~
(Tabled on 2000-07-12)
I-0400: ~~Focus Is On Content, Not Structure, For AMA~~
(Withdrawn on 2004-05-06)
I-0401: ~~Clarify Use Of Component Categorization Report~~
(Withdrawn on 2004-05-06)
I-0402: ~~Identification Of The Certified Version~~
(Withdrawn on 2004-05-06)
I-0403: ~~Guidance Refinements Must Be Tracable To Objectives~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0404: ~~Security Requirements For The Non-IT Environment~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0405: American English Is An Acceptable Refinement
(Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-08-01)
I-0406: ~~Automated Or Manual Recovery Is Acceptable~~
(Approved by CCEVS Management on 2001-03-15; superseded by CCIMB-INTERP-0056 on 2003-10-31)
I-0407: Empty Selections Or Assignments
(Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-08-21)
I-0408: ~~FSP Evaluation Must Consider The Whole TSP~~
(Pending on: ADV Rewrite on 2004-05-07)
I-0409: ~~Other Properties In FMT_MSA.3 Should Be Specified By Assignment~~
(Approved by CCEVS Management on 2002-01-04; superseded by CCIMB-INTERP-0201 on 2003-10-31)
I-0410: Auditing Of Subject Identity For Unsuccessful Logins
(Approved by CCEVS Management and Mailed to Public Mailing List on 2002-01-04)
I-0411: ~~Guidance Includes AGD_ADM, AGD_USR, ADO, And ALC_FLR~~
(Approved by CCEVS Management on 2000-12-22; superseded by CCIMB-INTERP-0140 on 2003-07-15)
I-0412: ~~Configuration Items In The Absence Of Configuration Management~~
(Approved by CCEVS Management on 2001-06-22; superseded by 0459 on 2003-05-09)
I-0413: ~~Assurance Of RVM Is By Testing And Design Analysis~~
(Withdrawn on 2001-04-23)
I-0414: Site-Configurable Prevention Of Audit Loss
(Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-07-17)
I-0415: ~~User Attributes To Be Bound Should Be Specified~~
(Approved by CCEVS Management on 2002-03-04; superseded by CCIMB-INTERP-0137 on 2004-01-30)
I-0416: ~~Association Of Access Control Attributes With Subjects And Objects~~
(Approved by CCEVS Management on 2000-12-05; superseded by CCIMB-INTERP-0103 on 2003-07-15)
I-0417: ~~Association Of Information Flow Attributes W/Subjects And Information~~
(Approved by CCEVS Management on 2000-12-11; superseded by CCIMB-INTERP-0104 on 2003-07-15)
I-0418: Evaluation Of The TOE Summary Specification: Part 1 Vs Part 3
(Approved, Acceptable to CCIMB, CCIMB Interpretation Pending on 2003-11-11)
I-0419: ~~Scope Of Permitted Refinements~~
(Withdrawn on 2002-03-12)
I-0420: Attribute Inheritance/Modification Rules Need To Be Included In Policy
(Approved by CCEVS Management and Mailed to Public Mailing List on 2002-08-22)
I-0421: Application Notes In Protection Profiles Are Informative Only
(Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-08-21)
I-0422: Clarification Of ``Audit Records''
(Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-07-17)
I-0423: ~~Some Modifications To The Audit Trail Are Authorized~~
(Approved by CCEVS Management on 2000-12-11; superseded by CCIMB-INTERP-0141 on 2003-07-15)
I-0424: ~~FPT_SEP.2 And FPT_SEP.3 Are Not Hierarchical~~
(Approved by CCEVS Management on 2000-12-05; rescinded on 2003-05-09)
I-0425: ~~Settable Failure Limits Are Permitted~~
(Approved by CCEVS Management on 2000-12-05; superseded by CCIMB-INTERP-0111 on 2003-10-31)
I-0426: Content Of PP Claims Rationale
(Approved, Acceptable to CCIMB, CCIMB Interpretation Pending on 2003-07-17)
I-0427: Identification Of Standards
(Approved by CCEVS Management and Mailed to Public Mailing List on 2001-06-22)
I-0428: ~~National Interpretations Do Not Require SRE Evaluation~~
(Withdrawn on 2004-05-06)
I-0429: Selecting One Or More
(Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-08-12)
I-0430: ~~When Are SOF Claims Required?~~
(Withdrawn on 2002-03-12)
I-0431: ~~Specification Of Explicitly Specified Requirements~~
(Withdrawn on 2003-05-12)
I-0432: List Of Subjects And Objects Refers To Types Thereof
(Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2004-01-30)
I-0433: Design Abstractions For Non-IT Mechanisms
(Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
I-0434: Treatment Of TSF Components Provided By A Third-Party
(Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
I-0435: ~~Evaluation Of An ST Compliant With A Previously Evaluated PP~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0436: Compliance Claims Against A Flawed PP
(Sent to CCEVS Management and CCIMB for Review on 2003-08-01)
I-0437: ~~Applicability Of Elements Of A PP In The ST Context~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0438: ~~Lack Of Integration Guidance~~
(Tabled on 2002-01-14)
I-0439: ~~PP Compliance And Hierarchical Components~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0440: Clarification Of Detection/Prevention For FIA_UAU.3
(Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
I-0441: ~~Meaning Of "Other Property"~~
(Withdrawn on 2001-08-28)
I-0442: Restrictive Is Not Fully Defined Without Specification Of Attributes
(Sent to CCEVS Management and CCIMB for Review on 2004-01-12)
I-0443: ~~Minor (Non-Substantive) Corrections To The CC And CEM~~
(Withdrawn on 2004-11-03)
I-0444: ~~PP Conformance Claims To The CC~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0445: ~~ADV Class Inadequate~~
(Pending on: ADV Rewrite on 2004-05-07)
I-0446: ~~CEM For Either No SEP Or No RVM~~
(Withdrawn on 2004-05-06)
I-0447: ~~Level Of Detail For The TSS~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0448: ~~Required Level Of Detail For Environmental Requirements~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0449: ~~Flexibility In Meeting Requirements~~
(Withdrawn on 2003-05-12)
I-0450: ~~Appropriate Levels Of Decomposition~~
(Pending on: ADV Rewrite on 2004-05-07)
I-0451: When To Use IFF/IFC And ACF/ACC
(Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
I-0453: TSF And Support Code
(External Post in Interpretations Board Rework on 2004-05-06)
I-0457: ~~Interfaces To Be Examined For ADV_FSP~~
(Withdrawn on 2004-02-24)
I-0458: ~~Part 1/Part 3 Disconnect: How Something Is Implemented~~
(Pending on: APE/ASE Rewrite on 2004-05-07)
I-0459: CM Systems May Have Varying Degrees Of Rigor And Function
(Approved, Acceptable to CCIMB, CCIMB Interpretation Pending on 2003-07-17)
I-0460: ~~Empty Selections Or Assignments/One Or More~~
(Withdrawn on 2004-02-24)
I-0461: Definition Of TSF: Relied Upon For The Correct Enforcement
(Sent to CCEVS Management and CCIMB for Review on 2003-08-01)
I-0462: ~~What Is A TSP?~~
(Withdrawn on 2004-05-06)
I-0463: Platform Inclusion In A TOE With FPT_SEP
(Sent to CCEVS Management and CCIMB for Review on 2003-03-12)
I-0464: Conditional Requirements
(Submitted as Request for Interpretation/Editorial Observation to CCIMB on 2004-05-06)
I-0466: ~~What Is The Difference Between TSF And TOE?~~
(Pending on: ADV Rewrite on 2004-05-07)
I-0467: Can Guidance Documentation Meet TSF Requirements?
(Sent to CCEVS Management and CCIMB for Review on 2003-08-01)
I-0468: Must Test Setup And Cleanup Code Run Unprivileged?
(Sent to CCEVS Management and CCIMB for Review on 2004-11-09)
I-0469: What Does "Initial Startup" Mean For FPT_AMT And FPT_TST?
(Sent to CCEVS Management and CCIMB for Review on 2004-11-09)
I-0470: FPT_AMT When There Are No Operational (IT) Environment Objectives
(Sent to CCEVS Management and CCIMB for Review on 2003-08-01)
I-0471: Objects In The TOE
(Ready to Send to Management/CCIMB on 2005-02-04)
I-0472: Correction Of Definition Of Lattice
(Sent to CCEVS Management and CCIMB for Review on 2004-01-12)
I-0473: Ability To Obtain The Unique Identifier Of The TOE
(Sent to CCEVS Management and CCIMB for Review on 2004-05-06)
I-0474: ~~Do ACM And ALC Apply To The TOE Or The TSF?~~
(Pending on: ALC/ADO/AGD Rewrite on 2004-05-07)
I-0477: Management Of Subject Attributes
(Sent to CCEVS Management and CCIMB for Review on 2004-11-09)
I-0479: FTP_ITC.1.3 Specifies The Functions Needing A Trusted Channel
(Sent to CCEVS Management and CCIMB for Review on 2004-11-09)
I-0480: ~~Components Written As Environmental Actions~~
(Tabled on 2005-02-04)
I-0481: ~~Ignoring Events Is Incompatible With Preventing Audit Loss~~
(Withdrawn on 2005-02-04)
I-0482: Properties Of Default Values For Attributes
(Ready to Send to Management/CCIMB on 2005-02-04)

Public Interpretation Discussion Mailing List: A mailing list, cc-cmt (Common Criteria NIAP Interpretations Comments), has been set up to provide a forum for public comment and discussion on proposed NIAP interpretations to the Common Criteria (CC) and the Common Evaluation Methodology (CEM). To subscribe, send an email to listproc@nist.gov. The body of the message should contain the line:

subscribe cc-cmt your-first-name your-last-name

This will start a subscription for the "From:" address of the request Email. Archives of the cc-cmt list may be found at http://cio.nist.gov/esd/emaildir/lists/cc-cmt/maillist.html.

This page was generated on Fri Jun 30 12:32:35 2006.
Questions on this page, or comments on Database entries should be addressed to cc-cmt@nist.gov.
Flags are based on a comparison against information uploaded 2005-01-20-00:00