![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0127: Compliance with IDS Analyzer PP Export Requirements
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2006-07-27 |
| Last Modified | 2006-08-02 |
Issue
The Intrusion Detection System (IDS) Analyzer Protection Profile (PP) contains four requirements related to performing authentication and exporting TSF data to external IT entities - FIA_AFL.1, FPT_ITA.1, FPT_ITC.1, and FPT_ITI.1. If a TOE claiming compliance to this PP is a distributed product that is self-contained in the sense that it does not allow nor support access from external IT products, then these requirements do not apply to that TOE.
Can these non-applicable requirements be omitted from the ST? Can/should they be replaced with the requirement FPT_ITT.1 to protect the transmissions between the parts of the distributed TOE (as mentioned in PD-0097)?
Resolution
Because this TOE does not export data to other trusted IT entities, the ST should state that the FPT_ITA.1, FPT_ITC.1, and FPT_ITI.1 requirements are not applicable (and, hence, trivially satisfied) due to the fact that the TOE exports no data.
The FPT_ITT.1 requirement should be included in the ST and should address both confidentiality and integrity. Availability of data when transmitted among distributed parts of the TOE should also be addressed using explicitly stated requirement(s). Depending on the mechanism used to authenticate the data or the channel among distributed components of the TOE, FIA_AFL should also be addressed.
Support
As is the case with the IDS System PP (see PD-0097), this PP was written as a non-distributed architecture. However, distributed solutions are equally valid, yet must be expressed using a different set of CC SFRs.
Modification History:
- 2006-07-27
- PD Issued. (ODRB July 2006 Agenda Item 3.a.ii)
References:
- CC Part 3, ASE_PPC.1-2
- Intrusion Detection System Analyzer Protection Profile, Version 1.2, April 27, 2005 (IDSAPP)
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0250