![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0058: EAL2 Testing Requirements
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-08-13 |
| Last Modified | 2006-08-02 |
Issue
When a component TOE (that is, a TOE that is intended to be used as part of a larger system; e.g., a database, firewall application, hardware device) can be used in multiple environments or IT components, is the evaluation team required to perform the testing activities (ATE_IND) in all of the compatible environments and IT components to satisfy the EAL2 testing requirement?
Resolution
It does not matter which environment/IT component, or combination of the same, is chosen to run the test suites on provided that the evaluation team is convinced that the tests being run on the chosen environment are actually testing the TSF interfaces of the TOE.
Support
All CC test requirements are targeted at testing the TSF, and not at testing the environment in which the TOE "fits." The only caveat is that the team must be sure that all of the security functions are covered, which may be difficult to determine if there are multiple "layers" between the test interface and the TSFI (e.g., for a hardware card the TSFI might be driven by a software driver, which is in turn invoked by an OS interface, which is in turn invoked by an application, which in turn is invoked by the test software).
As an example, if the Win95 OS is chosen to be the Operating System for a test of a hardware device (the TOE), then it is necessary for the evaluation team to understand the driver interface and architecture of the Win95 OS. This allows them to be thoroughly convinced that the tests being run are actually and effectively testing the TOE.
An alternative test methodology is to "directly" test the TOE and do not involve an operating system or drivers at all. For a hardware TOE, this could use a special device that the card just plugs into and has the capability of sending signals to the different card interfaces (TSFI) and then observing the output from the card.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CC v2.1 Part 3 ATE
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0073