![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0097: Compliance with IDS System PP Export Requirements
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2003-08-19 |
| Last Modified | 2007-04-05 |
Issue
The Intrusion Detection System (IDS) System Protection Profile (PP) contains four requirements related to performing authentication and exporting TSF data to external IT entities - FIA_AFL.1, FPT_ITA.1, FPT_ITC.1, and FPT_ITI.1. However, the TOE described in the PP contains all of the specified functionality itself and, therefore, does not communicate with any external IT products. Does this mean these requirements are satisfied vacuously by compliant TOEs, or are the requirements intended to apply to additional IT products that are external to the system?
Resolution
The inter-TOE SFRs (FPT_ITA.1, FPT_ITC.1 and FPT_ITI.1) apply to communication with remote IT systems. However, these requirements were incorrectly included in the system PP because the IDS system has no such communication. Likewise, the O.EXPORT objective was erroneously replicated into the system PP.
The PP author has indicated that the intent of the three SFRs (ITA, ITC, and ITI) was to protect communications between the components in an IDS system. As an IDS system does not communicate with IDS components outside of the IDS system TOE, ITA, ITC, and ITI are not needed and must be removed from the System PP. Note, however, if the TOE of an IDS system is a distributed TOE, FPT_ITT.1 must be included in the TOE to protect those communications and claim compliance with the PP. Including FPT_ITT does not require vendors to implement their own cryptographic methods.
Additionally, the requirement to detect attempts to access the TOE by untrusted external IT products (FIA_AFL.1) was incorrectly included in the system PP. The requirement calls for account lockout specifications for external IT product connections to the TOE. Since the TOE does not allow access to itself from external IT products, this requirement does not belong in this PP.
Support
Requirements of any sort are not vacuously satisfied by the absence of functionality. In this case, what is claimed to be absent is the 'remote trusted IT product' called for in FPT_ITA.1, FPT_ITC.1, FPT_ITI.1, and in FIA_AFL.1 as modified by the IDS System PP. In the absence of such a product, no messages from the IDS are exchanged which require authentication failure handling, confidentiality, availability, or detection of modification.
According to the PP author/owner, however, 'remote IT product' was intended to apply at the component level, not the system-to-system level, even in the IDS System PP. That is, a collection of electronics may be a 'closed system' even if its components are on separate continents, but to meet the IDS PP the components must communicate using a protocol that implements all four of the above FSRs.
A 'remote IT product' can be any component of the TOE that communicates with other TOE components using an established protocol: a remote sensor, an admin workstation, or another component of the TOE. IDS systems also frequently interact with the networks they monitor, to collect information or modify their behavior. If the TOE employs such communication, all four of the above SFRs must be included in the ST to comply with the PP.
FPT_ITT.1, which requires that TSF data transferred between separate parts of the TOE be protected, must be included in the TOE to claim compliance with the IDS System PP.
Modification History:
- 2003-12-19
- Information added about FPT_ITT.1. (December 2003 ODRB Agenda Item 3.b.i)
- 2004-05-06
- Updated to clarify the applicability of FPT_ITT in non-distributed TOEs. (April 2004 ODRB Agenda Item 4.d.i)
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
- 2007-03-26
- Added support from OD-0217 to clarify the resolution and clarified the use of FTP_ITT. (March 2007 ODRB 3.a.i)
References:
- CC v2.1 Part 3, ASE_PPC.1-2
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0217