![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0046: Exclusion or Inclusion of an Operating System in the TOE?
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-06-11 |
| Last Modified | 2006-08-02 |
Issue
Can the operating system on which a product is hosted be included in the scope of the TOE?
In the initial definition of the scope of a TOE, the operating system was defined as not being part of the TOE, but rather as constituting the IT Security Environment. Thus, the ST would have to identify the features and characteristics required of the O/S platform such that security for the system was preserved. The plan was to verify the IT Security Environment requirements via analysis and testing.
After further consideration, the decision was made to define the scope of the TOE to include the O/S. This approach requires identifying the security features and behavior of the operating system upon which the product depends, and then evaluating those aspects of the O/S.
Resolution
It is acceptable for a TOE to be defined such that the platform for the developer's product, in this case the host operating system, to be defined as being within the scope of the TOE.
Support
The Common Criteria (Part 1) defines a TOE as; "an IT product or system ... that is the subject of an evaluation."
The CC imposes few restrictions on what constitutes a TOE. In principle, a developer of a security product may choose to limit the TOE (i.e., delimit the evaluation) to only the product he provides, or he may choose to include within the scope of the evaluation the system elements upon which the application depends (e.g., other software, hardware). The specific choices made will have consequences relative to requirements specified for the IT environment and possibly for assumptions. And, beyond the consequences for the ST, the particular choice of TOE definition will also have consequence for evidence (e.g., external interface) and evaluation activities. However, the basis for the choice is strictly pragmatic; a developer may choose to include or exclude system elements from the evaluation (i.e., from the TOE definition) because it results in a simpler ST or eases some of the evaluation and/or evidence requirements, or because of some other (possibly non-technical) perceived benefit. The choice is strictly a business decision; a trade-off between the consequences of defining the TOE narrowly or defining the TOE to be more inclusive.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CC v2.1
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0135