![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0101: Level of Detail Necessary for Assurance Requirements on Third Party Products
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2004-02-17 |
| Last Modified | 2006-08-02 |
Issue
Must all the assurance requirements specified for a product be met for all parts of the TOE? This question includes hardware and software as well as parts of a TOE supplied by third parties who cannot or will not supply the required evidence, thereby leaving the sponsor of the evaluation unable to completely meet the assurance requirements.
Resolution
All portions of the TOE, hardware or software, purchased or developed, must comply with the assurance requirements. If they cannot, the TOE boundary must be moved to exclude from the TOE those components for which there is inadequate assurance evidence, and the ST made consistent with it.
Alternatively, a "least common denominator" EAL may be chosen that can be met by the entire TOE, additional augmented assurance components being provided for those components that can provide additional assurance. This additional assurance could be highlighted in the ETR and VR.
Note that either excluding components from the TOE, or reducing the overall EAL of the TOE, will likely have an impact on the ability of the TOE to cover threats, OSPs, and objectives. It will also likely have an impact on any claims of PP compliance.
Note: Many of the assurance requirements apply to the TSF, not the entire TOE. For these requirements, it is permitted to use the security relevance of the component when determining the evidence required, for not all TOE components play a role in the satisfaction of the SFPs.
Support
When an EAL is claimed for a TOE that means that the entire TOE meets those assurance requirements. This includes hardware, software, third party products, peripheral devices, mechanical arrangements -- in general whatever TOE components may be mentioned in the TOE description. If those requirements prove too onerous for a sponsor to meet, then that sponsor will either have to:
-
Descope what is included in the TOE until adequate assurance evidence, at the level detailed in the ST, can be provided for all TOE components.
-
Make the necessary arrangements with third-party vendors to provide adequate assurance evidence.
-
Take the assurance level for the TOE as a whole to the lowest common denominator, and then provide additional (explicitly specified) assurance components that specify a scope applying them to those TOE components for which additional assurance can be provided.
The following interpretations have been approved that agree with the idea that all portions of the TOE are to be described at the same level in the ST and in evaluation evidence.
-
CCIMB-INTERP-0025 - Level of detail required for hardware descriptions
-
CCIMB-INTERP-0037 - ACM on Product or TOE?
-
I-0434 Treatment Of TSF Components Provided By A Third-Party.
Modification History:
- 2004-05-06
- Updated to clarify that it applies to all assurance requirements, not just ADV. It was also updated to clarify that those assurance requirements that apply solely to the TSF may use security relevance as a factor in determining the analysis required. (April 2004 ODRB Agenda Item 4.c.i)
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CEM v1.0 Part 2, August 1999, CEM-99/045
- CEM Part 2: Evaluation Methodology, Supplement: ALC_FLR - Flaw Remediation, Version 1.1, February 2002, CEM-2001/0015R
- RI # 25 - Level of detail required for hardware descriptions, dictates that ADV design decomposition for hardware must be determined by the impact that the hardware features have upon the security functions and assurances being claimed.
- RI # 37 - ACM on Product or TOE? States: "The ACM requirements cover the TOE and information related to the TOE."
- I-0434 Treatment of TSF Components Provided By A Third-Party states "Third-party components included in the TSF are treated no differently from components provided directly by the developer unless the PP or ST includes explicitly stated assurance components or refinements to assurance components that indicate otherwise"
- PD-0002: Level of Detail about Hardware and Firmware incorporated into RI # 25
Related NIs:
- I-0434: Treatment Of TSF Components Provided By A Third-Party
Related CCIMB-INTERPs:
- None
Source OD: 0225