![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0027: Where should the TOE Security Policy be defined?
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-06-11 |
| Last Modified | 2006-08-02 |
Issue
In Common Criteria (CC) Version 1.0, the TSP is a required document supplied by the vendor, however in CC Version 2.1, it is no longer a required document. What constitutes a TSP needs to be defined.
Resolution
The TSP must be specified in the Security Target (ST). The ST defined TSP should be used for evaluation purposes. When PP compliance is claimed, it is likely that the ST uses the PP definition of the TSP. However, in the general case the TSP could be extended from the PP or combined from multiple compatible PPs.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- ALFWPPv1.0
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0011