![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0034: Is Intermingling Multiple PPs in One Document Acceptable?
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-06-11 |
| Last Modified | 2006-08-02 |
Issue
Can a single document contain multiple intermingled PPs (where the requirements of different PPs are interleaved through the document)? What are the implications for such a document, e.g., for referencing each PP, for how many EAL levels each PP may contain, and for evaluating documents that the evaluation team determines is too complex to understand?
Resolution
Multiple PPs may be intermingled in a single document. This single document may not be called ``a'‘ PP, though it may describe itself using other terms such as a ``family'‘ or ``set'‘ of PPs. This document must clearly identify all the PPs it contains, and each evaluated PP in this document must be shown (through evaluation) to meet all of the CC's requirements for PPs. For example:
-
There must be an unambiguous reference to separately identify each PP in the document as required by APE_INT.
-
The contents of each PP must be clearly identified and delineated from the contents of other PPs. Formatting mechanisms such as PP definition tables, typographical variation, colored text or automated extraction tools could all be used to aid in the presentation to ensure ambiguities do not exist. Sorting the material carefully may make the set of PPs easier to evaluate, e.g., by common assumptions, assumptions for PP number 1, assumptions for PP number 2, etc.
-
Each PP may have zero or one EAL level, never more than one.
-
The evaluation team may determine that some of the PPs cannot pass APE requirements for coherency or consistency due to excessive complexity. In such a case, the evaluation team must fail those PPs on these attributes.
Support
Neither the Common Criteria nor the Common Evaluation Methodology dictates the structure/presentation of a Protection Profile; CC part 1 B.2.1 notes that figure B.1 merely ``should'‘ be used when constructing the PP's structural outline. They do dictate content properties that must be be shown to be evident for each (and every) PP to be considered valid; CC part 1 B.2.1 explicitly states that a PP ``shall'‘ conform to the content requirements of CC part 1 annex B. Whether the targeted specification resides in a single document or resides in a document with other (potentially intermingled) specifications is irrelevant.
Of particular concern for intermingled PP requirements is that the PPs must be referenced unambiguously. The APE_INT requirement addresses this. It states:
-
APE_INT.1.1C The PP introduction shall contain a PP identification that provides the labeling and descriptive information necessary to identify, catalogue, register, and cross reference the PP.
-
APE_INT.1.2C The PP Introduction shall contain a PP overview which summarises the PP in narrative form.
Note also that the Common Criteria requires that a given PP have zero or one EAL level, and never more than one EAL level. This is suggested in CC part 1 B.2.6(a)(2) and APE_REQ.1.3C, and is made completely clear by the CEM's APE_REQ.1-7, which states that the evaluator shall ``determine that [the PP] includes an EAL ... or appropriately justifies that it does not include an EAL.'‘ Thus, any document that attempts to define a single PP with multiple EAL levels must be recast into several PPs, where each has at most one EAL level.
Coexisting, intermingled PPs do introduce some complexities that must be dealt with to show that the APE requirements for each PP are met. It must be easy to determine which information applies to which PP.
Note that class APE includes many requirements for coherency, completeness, and consistency; each PP in a document with multiple intermingled PPs must still meet these requirements.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CC v2.1 Part 1 Subclauses 5.4f, B.2.6.a2, B.2.8.b2, C.2.6.a2, C.2.8e
- CC v2.1 Part 3 APE_REQ.1.3C, APE_REQ.1.4C, ASE_REQ.1.3C, ASE_REQ.1.4C
- CEM v1.0 Part 2 APE_REQ.1-7, ASE_PPC.1.1.C, ASE_PPC.1-1, ASE_REQ.1-5
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0185