![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0107: IDSSPP v1.4: FPT_STM.1 Must Be Met by the TOE
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2004-07-19 |
| Last Modified | 2006-08-02 |
Issue
The Intrusion Detection System System Protection Profile (IDSSPP) includes FPT_STM.1 on the TOE. As such, compliance cannot be claimed for TOEs that obtain their time information from an external source, such as an underlying operating system in the IT environment (in the case of an application) or a network time signal.
The text of the PP claims to be "generally applicable to products regardless of whether they are embedded, stand-alone, centralized, or distributed" [last paragraph, section 1.3].Yet as noted above, the placement of FPT_STM.1 contradicts this statement. To eliminate this inconsistency, is it acceptable to move the FPT_STM.1 requirement to IT Environment and still claim PP Compliance?
Resolution
In the IDSSPP, Version 1.4, the TOE must provide reliable time stamps. Compliance with the cited PP cannot be claimed if the IT environment is providing the reliable time stamps.
Support
Although from a purely technical standpoint and in the absence of any PP concerns, one could reasonably imagine a scenario whereby the timestamp is provided by the IT environment. Such an approach is no less sound than requiring the TOE to provide the timestamps. However, when the question of PP compliance comes into play, one must look at the intent of the PP author and how compliance with the profile in question has been enforced in the past.
In the case of the IDSSPP v1.4, the PP owner is aware of the confusion caused in the past by the IDS family of PPs; future versions of the IDSSPP will support a broader range of implementations, including ones that obtain reliable timestamps from the IT environment. Yet the precedent for the IDSPP v1.4 has been to enforce the words as written; i.e., it is the TOE's responsibility to provide the timestamps. It would be unfair to those IDS developers who complied with the more restrictive requirements to loosen those requirements now. Thus, CCEVS will uphold the existing precedent for products claiming compliance with this version (1.4) of the IDSSPP.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- CC Part 2, FPT_STM.1,
- PD-0099
- Intrusion Detection System System Protection Profile (IDSSPP), Versions 1.4 February 4, 2002
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0231