PD-0081: Does FDP_RIP.2 imply hardware must be in the TOE?

This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.

Issue

Can a software only TOE implement FDP_RIP.2?

Resolution

Conceivably, a software-only TOE could include FDP_RIP.2. However, this software-only TOE must ensure that no objects that can be created by the TOE can have residual information. This includes both objects directly provided by the TSFI, as well as objects that can be constructed within the TOE using resources provided by the TSFI.

If FDP_RIP is included in an ST for a TOE, then one of the following conditions must be met:

1. The underlying platform should be included.

2. An argument should be made that FDP_RIP is satisfied independent of the underlying platform.

3. The provision of support for residual information protection should be explicitly stated as objectives for the Operational Environment/IT Environment, and the FDP_RIP component allocated to the TOE should be refined to make clear the support provided by the TOE itself.

Support

The situation of a software-only TOE enforcing FDP_RIP is analogous to a software-only TOE enforcing FPT_SEP. The resolution is based on the guidance provided in I-0463 for FPT_SEP.

Modification History:

2004-08-12

Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)

References:

• None

Related NIs:

• None

Related CCIMB-INTERPs:

• None

Source OD: 0151