[Public Interpretations Database]

PD-0102: CIMC PP Compliance for Iterated Requirements that are Satisfied by the IT Environment

This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.

Effective Date: 2004-02-17
Last Modified 2006-08-02


For CIMC PP iterated requirements that are satisfied by the IT environment, what conditions must be met in order to claim compliance with the PP?


It is acceptable to allocate to the IT environment some or all iterated requirements that are identified in CIMC Family of Protection Profiles Section 5 if several conditions are met. The conditions are as follows:

  1. The product of the IT environment (e.g., the operating system) must have completed a formal (CCEVS or mutually recognized) CC evaluation that demonstrated compliance with those specific iterated requirements.

  2. The TOE evaluation team must test the functionality provided by the IT environment as part of the TOE evaluation.

  3. The IT environment must be evaluated to the same assurance requirements as specified in the PP.

  4. The ST and VR will explicitly state where and how the referenced requirements are met.



The CIMC Family of Protection Profiles states that an ST that claims conformance to a CIMC PP may specify the requirements identified in Section 5 as security requirements for the TOE, the environment, or a combination of both (see CIMC PP p. 22). Therefore some SFRs may be allocated only to the IT environment. The SFRs that are allocated to the IT environment must, however, meet the above stated conditions.

Modification History:

Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)


  • Certificate Issuing and Management Components (CIMC) Security Level 3 Protection Profile, Version 1.0, October 31, 2001

Related NIs:

  • None


  • None

Source OD: 0226