![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0100: When can evaluation evidence be reused?
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2004-02-17 |
| Last Modified | 2006-08-02 |
Issue
Scheme Policy Letter #2, Reuse of Previous Evaluation Results and Evidence, allows reusing evidence, regardless of where the evaluation was conducted, to the maximum extent that the previous analysis and evidence are available and relevant to the new TOE. However, Scheme Policy Letter #2 does not consider changes to the results of the evaluation due to interpretations not incorporated into the previous evaluation. The Scheme Policy Letter also does not consider the possibility that the previous evaluation may have been incomplete or flawed.
In particular, it is unclear if reuse of previously certified evaluation evidence or evaluation records applies in the following situations:
-
Major security-relevant changes to the requirements and security functionality of the previous TOE have been incorporated into the new TOE.
-
Interpretations were not properly considered in the original evaluation.
-
The evaluation evidence and the ETR for the previous TOE may have been flawed or requisite portions of the analysis may have been omitted or not completely performed.
Additionally, should Scheme Policy Letter #2 apply to reuse of the previous ETR without considering interpretations that have been approved since the start of the previous evaluation? Should it apply to site visit evidence and to performing a site visit?
Resolution
Scheme Policy Letter #2 applies as written. When reusing evidence from a prior version of a product, the selected evidence reused must be technically justified by the evaluation team for some evidence may be reusable and some evidence may not be reusable. The evaluators must determine the appropriateness of the previous evidence by performing a detailed comparison of the differences between the prior product and the current product. This comparison can then be used by the evaluation team to justify the reuse of the previous evaluation evidence to the validation team.
The validation team's primary responsibility is to ensure the technical quality of the current evaluation. If the validation team requires information from the evaluators in order to gain assurance, the evaluators must provide technically sound information. Whether the information comes from re-used evidence/analysis or from new evidence/analysis is irrelevant as long as the information is accurate and adequate to address the validation team's questions. If the prior evidence is not adequate/accurate as written for the new TOE, it is acceptable (and necessary) that the developer build on the relevant portions of the previous evidence in order to provide sufficient evaluation evidence for the new TOE. New interpretations are one factor that must be considered when making this determination.
For example, when evaluating VLA requirements, even if a) there are no changes to the TOE and b) there are no additional interpretations to apply, VLA analysis must still be conducted, because the definition of "obvious" will have altered in the intervening period. The old analysis then becomes input to the new analysis.
For another example, if the CM system was analyzed in the previous evaluation and determined to be adequate, and it has not been altered, a site visit need not be used to re-analyze whether the CM system is adequate, but would still be used to provide evidence that the system is being followed.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- Scheme Policy Letter #2
- CEM v1.0 Part 2
- CEM Part 2: Evaluation Methodology, Supplement: ALC_FLR - Flaw Remediation, Version 1.1, February 2002, CEM-2001/0015R
- The evaluator checked for applicable interpretations, but found none The following interpretation applies, but not directly. The resolution of this interpretation should be considered when constructing a decision. I-0436 Compliance Claims Against A Flawed PP. The evaluator also checked for applicable precedents, but found none.
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0223