![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0110: Actions/Information Required of the Developer and Evaluator When Performing ADV_RCR Work
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2004-08-10 |
| Last Modified | 2006-08-02 |
Issue
The CEM is unclear as to the level of detail required to satisfy the requirements within the ADV_RCR assurance family and who is responsible for performing particular actions. For example, one interpretation is that it is the responsibility of the lab, versus the developer, to map to specific commands or sections in the functional specification. What is the level of effort and output required by both the developer and the evaluator?
Resolution
The developer is not only required to map the security functions described in the TSS to the specific section in the FSP, where each function is described, but should also provide detail (perform analysis) that describes how correctness and completeness are verified.
Support
Mapping the security functions to the class or type of interface is acceptable, provided that the specific section of the FSP is cited as part of the mapping. The correspondence evidence called for by ADV_RCR.1.1C, ADV_RCR.2.1C, or ADV_RCR.3.2C must be delivered as evidence by the developer, meaning that the evaluator's role is to confirm the developer's analysis. The evaluator can analyze the developer-provided correspondence evidence directly or the evaluator can perform a shadow correspondence analysis and then compare the results with the developer's. In either case, the analysis provided by the developer must be more than just a mapping; prose must accompany any mapping describing how correctness and completeness are verified. Similarly, the evaluator's rationale in the ETR must justify how it was determined that the developer's analysis was adequate. A simple statement of adequacy in the ETR is not acceptable.
References:
- None
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0155