![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0078: Incorporation of interpretations into a PP
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-10-23 |
| Last Modified | 2006-08-02 |
Issue
The issue at hand is that it is questionable if interpretations should be included into a PP. The validator proposes to include all interpretations (NIAP and international) into the PP, which may become applicable for products in evaluation stating compliance with the PP. This proposal is based on scheme publication #4: Guidance to CCEVS Approved Common Criteria Testing Laboratories, which includes this statement as the following within the second paragraph of clause 4.4:
Final national and international criteria interpretations are applicable to an evaluation, effective on the date of acceptance into the Scheme. The CCTL is responsible for ensuring that all applicable interpretations are incorporated as part of the evaluation.
Resolution
Published Final International Interpretations are considered to be part of the agreed upon Common Criteria by all parties to the CCRA. As such, these interpretations are internationally recognized and internationally enforced (i.e, all CCRA signatories agree to enforce these interpretations in subsequent evaluations). Therefore, applicable international interpretations must be part of the protection profile to be considered CC compliant. Each applicable interpretation may be referenced or explicitly transposed into the PP. The appropriate reference for CC compliance is that "the PP is compliant with CC version x and its Final Interpretations as of y date".
NIAP Interpretations, although nationally enforced and internationally recognized, are not necessarily internationally enforced. Therefore, PPs (as potential international specifications) need not explicitly include NIAP Interpretations.
However, PP authors should note that Security Targets under evaluation in CCEVS will be subject to NIAP Interpretations, even when targeting the PP for compliance. PP authors should also note that NIAP Interpretations are ultimately proposed as international interpretations. Once they become final international interpretations, all ST claiming compliance to the PP under question will be subject to these interpretations. Therefore, it may be prudent (but not required), to reference appropriate NIAP Interpretations in the PP in some manner.
Support
There are two types of interpretations that are dealt with in this decision:
-
Final International Interpretations that have been published by the Common Criteria Interpretation Management Board on its web site (http://www.commoncriteria.org).
-
NIAP Interpretations that are published by CCEVS on its web site (http://niap.nist.gov/cc-scheme).
The specific question that is being addressed is whether interpretations should be included in protection profiles or not.
Although the referenced clause in [DRAFT] Scheme Publication #4 notes that final NIAP and international interpretations are applicable to an evaluation, effective on the date of the acceptance of the scheme, it does not note an appropriate delineation between ST/TOE evaluations and PP evaluations. In many respects PP evaluations are fundamentally different than ST/TOE evaluations. The policy as stated, should apply to the evaluation of the PP (i.e, all final NIAP and international interpretations as of the evaluation start date for the APE class must be applied); however the inclusion of interpretations INTO a PP will have a different policy.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- SCSUG-PPv2.1d
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0187