![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0111: Clarify the Definitive Source of International Interps
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2004-11-22 |
| Last Modified | 2006-08-02 |
Issue
The original CC website (http://www.commoncriteria.org) was historically considered the authoritative source for international interpretations. When that website went offline, CCEVS made the international interpretations as of 1 December 2003 available on their website (http://niap.nist.gov/cc-scheme/interpretations/index.html). Now the new CC website is (more or less) online and it provides international interpretations (http://www.commoncriteriaportal.org/public/expert/index.php?menu=5).
The issue is that the two sources' lists of interpretations are inconsistent, and it is not clear which list should be considered authoritative. The one inconsistency is RI-062, which is included in the CCEVS list but not in the CC portal list. It is possible that other inconsistencies may also exist.
Further complicating the issue are the annotated versions of the CC provided on the CCEVS website (http://www.niap.nist.gov/cc-scheme/PUBLIC/index.html). The annotated version of the CC, Part 3, for 2003-12-31 incorporates both RI-062 and RI-094 for ALC_FLR. However, while RI-094 is listed in the CCEVS list, the interpretation in its entirety is not included in either the CCEVS or CC portal list.
Common Criteria Testing Labs and PP/ST authors can work with any source of international interpretations. However, because of the transition from the old to the new CC websites, it is not clear which source should be considered authoritative at this time.
Also, consideration should be given to preparing a list of rescinded international interpretations (if, in fact, any CCIMB interpretations have been rescinded) similar to the CCEVS list for NIAP interpretations.
Resolution
The new international CC website (http://www.commoncriteriaportal.org/public/expert/index.php?menu=5) contains the official list of CCIMB Interpretations and should be used as the source of future CCIMB interpretations. Version 2.2 of the Common Criteria, which incorporates all CCIMB interpretations issued up to 1 December 2003, is also available at the new international CC website (http://www.commoncriteriaportal.org/public/expert/index.php?menu=2). Since version 2.2 of the CC is considered to be the official version of the CC, it should be used.
Support
The list on the new international CC website excludes the three interpretations dealing with ALC_FLR (062, 092, and 094) because they were incorporated into (and hence superseded by) the ALF_FLR supplement (v1.1).
The annotated version was provided as an effort-saving format that incorporates the text of the final interpretations into the text of the criteria/methodology where they would be inserted. This has been superseded by CC v2.2, which is also available at the new international CC website.
The CCEVS website has been updated to remove the collection and duplicate listing of final international interpretations. It still houses the explanations for Closed and Interim Statements, but these will likewise be removed when the new international CC website posts them.
Modification History:
- 2004-11-22
- PD created. (October 2004 ODRB Agenda Item 3.a.i)
References:
- Common Criteria for Information Technology Security Evaluation - Part 3: Security functional requirements, August 1999, Version 2.1
- Common Criteria for Information Technology Security Evaluation - Part 3: Security functional requirements, August 1999, Version 2.1, Annotated with interpretations as of 2003-12-31
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0236