![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0123: Defining Protocols as Internal or External Interfaces
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2005-08-23 |
| Last Modified | 2006-08-02 |
Issue
Systems that communicate between components over network protocols may expose those interfaces to threats that impact the TOE. The CAPP, in particular, assumes the TOE communicates only with similarly-managed systems. Note that it does not require all systems to be the same product as the product under evaluation, only that there be similar management with congruent policies. This creates the potential for a heterogeneous network. In such a network, threat systems may be on the network while the CAPP A.PEER is still satisfied. Should the interface or protocol be treated as internal or external?
Resolution
If an interface can affect the operation of the TOE and is accessible by systems that are not the evaluated product and are external to the evaluated TOE, it is considered an external interface.
In the absence of an explicit assumption that the network environment is homogeneous and the product provides networking services, then the protocols are considered an interface.
Support
The evaluator should be concerned with things that can affect the operation of the security functions of the TOE, based on the level of threat experienced by the TOE in its expected environment. The presence of untrusted systems (and from the point of view of a particular evaluation, any product other than the product under evaluation is an unevaluated product) on a heterogeneous network introduces threats that do not exist if the network were homogenous.
For example, RPC may be an appropriate protocol to use on a closed network consisting of only similarly managed, trusted systems. The addition of a potentially hostile system on that network requires that RPC be evaluated for vulnerabilities.
Modification History:
- 2005-08-23
- PD Created. [August 2005 ODRB Agenda Item 4.b.ii]
References:
- None
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0162