PD-0108: FTP_ITC.1.3 Specifies The Functions For Which A Trusted Channel Is Provided |
||||
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
IssueIn CC v2.1/v2.2, the FTP_ITC.1.3 SFR specifies the list of functions for which a trusted channel is required AND for which the TSF shall initiate communication. A problem arises, however, when one must specify the functions for which either the TSF or a Remote Trusted IT Product must use a trusted channel, as FTP_ITC.1.3 only refers to the local TOE, and specifically refers to initiation, not use. One solution is to modify the text of FTP_ITC.1.3 to indicate the functions for which either the local TSF or remote trusted IT product must use a trusted channel. However, such a change expands the scope of the SFR. How is this issue to be resolved? ResolutionIt is acceptable to use an explicitly stated SFR that replaces the CC v2.1/v2.2 version of FTP_ITC.1.3 with the following text:
When this modified version of FTP_ITC.1.3 is used, there should also be an accompanying note that explains that the rationale for this explicit requirement is that it corrects an error identified by CCEVS in the requirement and an interpretation is being created by NIAP to correct the offending wording. Note: Use of the explicitly specified requirement replacement does not imply a responsibility for the TSF under evaluation to ensure that a remote TSF performs a particular action; rather, the TSF under evaluation is only required to use the channel for the indicated purpose if the channel is initiated. There is no requirement for the evaluator to verify that the remote TSF initiates the channel. SupportThe intents of the three elements of FTP_ITC.1 are, respectively:
The problem is, given that FTP_ITC.1.2 permits either the TSF or the remote trusted IT product to initiate communications over the channel, FTP_ITC.1.3 is contradictory if "the remote trusted IT product" was assigned in 1.2. That is, FTP_ITC.1.3 seems to be incorrectly stated in requiring the TSF to initiate communications over the channel. It is clear that FTP_ITC.1.3 should read "The trusted channel shall be used for [assignment: list of functions for which a trusted channel is required]". This PD corrects the problem. It seems that this issue has not arisen previously probably because all STs that have claimed FTP_ITC.1 so far have completed the assignment in the second element with "TSF" thus avoiding the creation of the problem in the third. Modification History:
References:
Related NIs:
Related CCIMB-INTERPs:
Source OD: 0232 |