![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0079: Handling of Interpretations
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-11-05 |
| Last Modified | 2006-08-02 |
Issue
When a Security Target (ST) claims compliance with a Protection Profile (PP), it is the case that much of the ST content is derived directly from the PP. If requirements within the PP have been interpreted, an issue arises regarding the application of those interpretations.
In particular, the following questions have arisen:
-
Must a ST use the requirement labels as redefined in U.S. National interpretations?
-
Must effects of interpretations be addressed (except as appropriate in the TOE Summary Specification) in the ST when the (assurance) requirements are included in the ST only by reference?
Resolution
Question 1 - Applicable NIAP and international interpretations must be applied as per published rules. It is required that requirements correspond unambiguously to the requirement intended by the author; that is, there must be a way to identify how wording has changed as a result of any international or national interpretations, and which interpretations they are.
In order to identify the NIAP interpretations, the use of NIAP interpretation labels is recommended; however, their use is not mandatory. For example, if the words of FDP_ACC.1 have been changed by NIAP interpretation 0439 (which identifies the resulting wording as "FDP_ACC.1-NIAP-0439"), an author may:
-
Label the requirement FDP_ACC.1-NIAP-0439.
-
Label the requirement FDP_ACC.1 and then write an application note, footnote, or some indication that the actual words of the requirement are those of NIAP interpretation 0439.
Because international interpretations provide no new label to reference affected requirements, the author would write an application note, footnote, or some indication that the actual words of the requirement are those of the corresponding international interpretation.
Question 2 - Requirements can be referenced to a PP, EAL, or individually by label when no operations are performed or required, i.e., the text of a requirement has not been altered from its original form in the CC, or if no interpretations that contain operation have been made relating to it. This is true both of those functional requirements that contain no assignment or selection operations and of all assurance requirements (none of which currently have assignment or selection operations).
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CEM v1.0 Part 2, Subclause 4.4.5, ASE_PPC.1-2
- CEM v1.0 Part 2, Subclause 4.4.6, ASE_REQ.1-2
- CC v2.1 Part 1, Subclause C.2.6, para 215
- CC v2.1 Part 1, Subclause C.2.8, para 219
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0203