![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0084: Evaluation of TOE claiming compatibility with multiple IT environments
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2003-01-15 |
| Last Modified | 2006-08-02 |
Issue
An ST indicates; not in an explicit TOE objective, SFR, nor SAR; that the TOE is compatible with multiple, named IT environments. (An example is where the TOE is an application and it is claimed that this application meets its security goals on multiple operating systems.)
Does evaluation of the TOE require testing with each of the named IT environments?
Resolution
Claim of compatibility with multiple IT environments does not require that the TOE be tested with each environment.
Support
With respect to evaluation, the IT environment is always a "test fixture" used to accomplish required testing of the TOE. Specific TOE test requirements imposed by an SAR in the ST may require multiple environments during the evaluation. But the use of more than one environment will be the result of explicit TOE testing requirements and not the result of the fact that the TOE is compatible with more than one environment.
An example is the application of AVA_MSU.1.2E (which requires the evaluator to perform the configuration and installation procedures). If the TOE guidance documentation has different procedures depending on which OS the TOE is running on, then multiple OSs will be required. If the guidance documentation does not have different procedures for different operating systems, then only one OS is required to accomplish AVA_MSU.1.2E.
It is recognized that risk of missing security critical issues is increased by not testing with each environment with which the ST claims the TOE is compatible. Yet this is symptomatic of the CC paradigm and is addressed by (1) accepting the risk and making it explicit via "truth in advertising" on the CC certificate and care in the presentation of evaluation results or (2) by the ST author changing the definition of the TOE to reduce the risk. It is not be addressed by enlarging the scope of the evaluation activities.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- None
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0206