PD-0118: Assumptions in the IDS PP v1.4

This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.

Issue

In IDS PP v1.4 Section 3.1.1, A.ASCOPE states: "The TOE is appropriately scalable to the IT System the TOE monitors". This is phrased as an assumption about the TOE, rather than about the environment. In addition, it is an assumption concerning interoperability, rather than security functionality; there is nothing in the CC about such assumptions.

If an ST is to claim compliance to this PP, should it use these words?

Resolution

There are two courses of action available to the author of an ST claiming compliance to this PP:

1. Use the wording provided in the PP.

2. Rephrase the A.ASCOPE assumption to reflect what the TOE assumes about its environment: "The IT System the TOE monitors will not exceed the capacity of the TOE."

Support

Because the PP author sees a need for this assumption, it cannot be deleted. Rephrasing it (option 2, above) makes the statement better reflect an assumption made by the TOE on its environment. However, because it is an assumption about the interoperability, rather than the security behavior, it is permissible to keep the wording as is (option 1, above).

Modification History:

2005-05-23

PD Created.

References:

• Intrusion Detection System System Protection Profile version 1.4, Section 3.1.1
• CC version 2.2, Part 1 Section A.2.5 Bullet a);

Related NIs:

• None

Related CCIMB-INTERPs:

• None

Source OD: 0242