![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0022: Test Evidence that must be provided at EAL2
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-03-11 |
| Last Modified | 2006-08-02 |
Issue
A developer has provided test documentation on previous versions of the TOE as test evidence for the evaluation; however, most of the test documentation does not include test procedures, expected and/or actual results. The developer states he should be able to provide test evidence that does not include procedures, expected and actual results along with testing evidence that does to meet ATE_FUN and ATE_IND requirements.
The developer's view is that while the requirements state that procedures, expected and actual results must be documented it is not clear from the requirements that all tests have to have these elements. The verb "check" does not mean that the evaluators must "find" all of the required information. Further, the vendor has indicated that if they are forced to provide these elements for all test cases they will narrow the scope of their testing effort to be those test cases for which the elements exist. The vendor feels that this is not an accurate picture of their testing. Also note, that the tests are not meant to be 3rd party repeatable, but the vendor has agreed to re-run any tests that the team would like to see. The vendor's view is that the assurance requirements for EAL2 were only intended to document what the vendor actually does without requiring all vendor documentation to be complete. ATE_IND was then to complete the testing process to satisfy the ATE requirements.
Resolution
The developer needs to submit evidence for ATE (procedures, actual results, and expected results) that meets all the content and presentation of evidence requirements for EAL2. Any additional documentation that is submitted by the developer but does not satisfy requirements may be used for informational purposes only, but are not considered evaluation evidence. Documentation from previous versions of the product may be used if they are still applicable to the ongoing product evaluation.
It appears that the OR hints at the question of comprehensive testing. At EAL2 the requirements do not mandate comprehensive testing.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CC v2.1
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0175