![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0033: Referencing Draft External Specifications in a Protection Profile
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-06-11 |
| Last Modified | 2006-08-02 |
Issue
May an evaluated PP or ST's security requirements reference draft documents, such as draft specifications or standards?
Resolution
A PP or ST's security requirements may reference draft documents under certain conditions.
One acceptable condition is that the draft document is the definitive document for the purposes of the PP or ST. In this case, the draft document must be uniquely labeled (e.g., version number or release date), and it must be generally available during the effective life of the PP or ST. This approach might be used, for example, if the standard is not expected to stabilize or be formally accepted until some time after the PP or ST is to be used. One problem with this approach is that the final release of the referenced document may be incompatible with the older draft document. In that a case, for purposes of the PP or ST the older incompatible draft document would be the version required.
Another acceptable condition would be that an evaluator could proceed using a draft document and assume that the document will become final before the PP or ST evaluation completes. In this case, the evaluator will then have to revisit areas of the PP or ST affected by the document if a revision, or the final version, introduces changes. In some cases, there may be significant, material changes to the standard which have the effect of essentially requiring re-evaluation. This is part of the risk the evaluator and the sponsor assume in such cases. Should the material changes be great, or if the document is not completed in time, the ST or PP could be amended to reference a draft as described above.
Otherwise, it may still be acceptable to reference draft documents in a PP's security requirements. The evaluator must then consider two things:
-
the role the external requirements play in meeting the stated objectives, and
-
the stated methodology that a TOE evaluator would use for determining if the external requirements have been met.
If details of the external specifications are not directly reflected in the objectives (i.e, the objectives are broad statements of required security properties) and the TOE evaluator methodology for the external requirements requires little analysis or testing, draft external requirements may be acceptable. For example, if a draft standard such as FIPS 140-2 were included in a profile which stated that the objective was to generally "protect data in transmission from point to point in a given network" (with the FIPS 140-2 requirements being relied upon to mandate appropriate cryptographic modules) and the compliance methodology was the simple action of "checking that the identified cryptomodule being employed was the one that was certified as FIPS 140 compliant", then evaluating the PP with references to this draft standard would be acceptable.
However, if the PP were to include a more detailed objective such as "The TOE shall utilize a cryptographic algorithm that employs a minimum key length of 256 bits" then the fact that the external specification is a draft document is a much more serious issue, as the key length could easily change over time invalidating the external specification as a possibility to successfully implement the stated objective.
Additionally, if the stated compliance methodology requires significant analysis/testing by the TOE evaluator (as opposed to referencing such work being done elsewhere), then external draft requirements cannot be referenced at all without specifying a particular existing draft. Doing otherwise would release a PP to the CC evaluation community where the evaluator actions at any given time would be unclear while the external draft requirements evolved.
If it is determined that the evaluation can continue, the results of this analysis must be documented as part of the Evaluation Technical Report supporting the decision.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- None
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0193