![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0086: What SOF Claim is appropriate when there are no probabilistic or permutational mechanisms
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2003-01-15 |
| Last Modified | 2006-08-02 |
Issue
What SOF claim is appropriate when no TOE security functions are realized by probabilistic or permutational mechanisms? Consider an ST for a product that has no security functions realized by a probabilistic or permutational mechanism. ASE_REQ.1.9C, however, requires that "The ST shall include a statement of the minimum strength of function level for the TOE security functional requirements, either SOF-basic, SOF-medium or SOF-high, as appropriate."
For a product as in the example, what should be the SOF claim?
Resolution
If an ST contains AVA_SOF.1 as a requirement, the lab must:
-
Search for probabilistic/permutational mechanisms in the ST and TOE.
-
If any are found, conduct the analysis called for as per the CEM
-
If none are found, consider the search as sufficient analysis to meet the requirement. As there are no such mechanisms, there are no probabilistic mechanisms that do not have an SOF rating
A TOE with AVA_SOF.1 as a requirement (any EAL2 or higher) can meet their EAL without using probabilistic mechanisms, but cannot claim a rating, e.g., SOF-High, in that case. The ST should indicate that an SOF claim is not applicable.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- None
Related NIs:
- I-0430: When Are SOF Claims Required?
Related CCIMB-INTERPs:
- None
Source OD: 0208