![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0044: What evidence is required by APE_REQ.1.4C?
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-06-11 |
| Last Modified | 2006-08-02 |
Issue
What evidence is required by APE_REQ.1.4C? Is any "evidence" required of PP developers except for the rationale?
Resolution
In the context of what constitutes "evidence": The CC mentions "evidence" in the title of the "Content and Presentation" section of the requirements. Specifically this section is titled:
"Content and presentation of evidence elements".
This coupled with the fact that the "evidence" required by the Developer Action Elements is explicitly defined to be
-
"... a statement of the IT security requirements as part of the PP" and
-
".... the security requirements rationale"
heavily implies that the developer provided "evidence" for APE_REQ comprises (a) and (b). "Evidence" does not equate to "rationale". To the contrary, "rationale" is a piece of the required "evidence".
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- TFFWPPv1.c
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0093