![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0098: Information Flow Policies with No Active Decision
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2003-11-25 |
| Last Modified | 2006-08-02 |
Issue
Can the Information Flow components (FDP_IFC, FDP_IFF) be used for a product that controls information flows, but has no active TOE involvement in the decision?
Consider a product where the designers decide a-priori what flows are permitted between ports of the device, and implement that policy in hardware. Can such a policy be expressed using FDP_IFF/FDP_IFC, and is such an approach an appropriate use of those components?
Resolution
There is no problem with there being no "decision" being made in software. In such cases, the decision (i.e., the rules to be enforced and the attribute determinations) are made in advance by the system designer, and enforced by the IT device. There are many examples of such devices, from switches to MLS diodes. It is the job of validation/evaluation to ensure the correct implementation of the designers' policy.
Support
The Access Control and Information Flow Data Protection components in the CC were written in an extremely flexible manner. This flexibility has led to their use to express a wide variety of policies, many far removed from the traditional DAC and MAC of TCSEC days. This flexibility is a good thing, but has led to questions about what can be accommodated under each type of policy, or when conditions dictate that an explicit policy requirement be used.
Guidance is being developed as to the distinctions between such policies (see I-0451). There are many factors that come into play. However, there is no clear-cut requirement that there be an active decision made; only that policy be enforced. This permits the decision to be made during the design stage, and implemented in a fixed manner.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CC v2.1 Part 2 Incorporated with interpretations as of 2002-02-28
Related NIs:
- I-0451: When To Use IFF/IFC And ACF/ACC
Related CCIMB-INTERPs:
- None
Source OD: 0219