![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0043: Can non-TSF entities be included in the TOE by an ST?
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-06-11 |
| Last Modified | 2006-08-02 |
Issue
Can non-TSF entities be included in the TOE by an ST?
All security functions contained in the TOE summary specification of a product's ST are fully represented in the product's Functional Specifications. However, there are some security relevant functions described in the user and administrator guidance, for example, which are outside of the TSF. An example is a process that runs in an intermediate state that clears RAM between user states. This process is out of the scope of control of the TSF.
Resolution
The security claims made by an ST are the basis for determining what is in the TOE and what is in the TSF. For example, if the ST claims to provide residual information protection (FDP_RIP), then clearing of memory must certainly be a Security Functional Requirement (SFR). If that is the case, then the operating system and software that perform this clearing must be part of the TSF.
Support
Mechanisms providing security functions should be evaluated to determine if they are in fact security enforcing or not, and how they might affect the TSF. All parts of the TOE are evaluated to determine how the requirements of the ST are applied to the TOE and if they were applied in the right way.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- None
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0076