![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0106: Situations Where AGD_USR May Be Vacuously Satisfied
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2004-04-20 |
| Last Modified | 2006-08-02 |
Issue
For some products, such as routers, select firewalls, etc., the product is transparent to the user. For these products, the user is not provided with a direct interface to the product or an account to use to log into the product. For these products, the requirement for user guidance does not seem to apply since the TSF does not provide any interfaces for direct use by non-administrative users.
Is it acceptable for ST of these systems to state that the AGD_USR.1 requirement is vacuously satisfied?
Resolution
The ST section for AGD_USR should state that there are no non-administrative user interfaces. The AGD_USR ETR section should include a justification as to why it is not necessary to present any assumptions or IT environment requirements regarding non-administrative user behavior. However, if there are environment assumptions and requirements that are relevant to end users, then AGD_USR cannot be vacuously satisfied, and relevant end-user information must be provided in the user documentation.
Support
The following is a detailed analysis of the AGD_USR requirements.
-
AGD_USR.1.1C: This element talks explicitly about the functions and interfaces available to the non-administrative users. As there would be none in the described case, it is acceptable for this to be vacuously satisfied.
-
AGD_USR.1.2C: This elements talks about a description of user-accessible security functions. There are no non-administrative user-accessible security functions. There are administrator-accessible security functions, but these should be covered by AGD_ADM.1.1C, which describes the administrative functions available.
-
AGD_USR.1.3C: This talks about warnings concerning user-accessible functions and privileges that should be controlled. This is equivalent to AGD_ADM.1.3C.
-
AGD_USR.1.4C: This talks about presenting all user responsibilities necessary for secure operation of the TOE, including assumptions about user behavior. This appears to be covered for administrative users by AGD_ADM.1.4C.
-
AGD_USR.1.5C: This talks about consistency with other documentation. For administrators, this is covered by AGD_ADM.1.7C.
-
AGD_USR.1.6C: This talks about describing all security requirements for the IT environment that are relevant. This is covered by AGD_ADM.1.8C. However, if there are assumptions about the IT environment that would apply to end users, this would be one piece of information that would not be in the administrative guidance.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CC v2.1 Part 3, AGD_USR
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0230