![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0076: What Does It Mean To Provide A Mechanism To Support A Function?
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-10-23 |
| Last Modified | 2006-08-02 |
Issue
A protection profile has requirements that the TSF provide a mechanism to support a particular function. The requirements do not explicitly state that the TSF must perform that particular function. Does this permit the function to be performed in the IT environment?
Resolution
In order to determine the answer to this, the objectives for the TOE must be examined.
If the objectives for the TOE explicitly indicate that said function is to be performed by the TOE, then the function must be provided by the TSF. The problem is that the SFR in question did not accurately reflect the objective.
If the objective for the TOE is that the TOE support external services, then the SFR in question could be satisfied by the TSF providing "hooks" to the IT environment. There should be objectives for the IT environment that such a service is provided.
Support
If an objective, and thus a requirement, is allocated to the TOE, it must be satisfied by the TOE, not the IT environment. Such an objective, if present, demonstrates a clear intent on the part of the PP author that said requirement be satisfied by the component that is undergoing evaluation, analysis and testing. The objective, however, does not dictate a particular architecture; the TOE developers are free to choose whatever monolithic or distributed architecture they wish that meets the requirements. The only proviso is that the component providing the mechanism in question be part of the TOE.
Application notes can aid the evaluators and ST developers in understanding the intent of the overall requirements. However, I-0421 makes it clear that such notes are non-normative; hence, an application note alone cannot permit a TOE requirement to be satisfied by the IT environment. However, an application note can clarify an objective, which in turn can clarify the intent of a poorly written SFR.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CC v2.1 August 1999
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0188