![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0139: CC V3 Conformance Type for Existing CC V2 PPs
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2007-05-31 |
| Last Modified | 2007-05-31 |
Issue
The new Common Criteria V3.1 Revision 1 Part 1, paragraph 437, states a requirement that PPs define a conformance type of either "strict" or "demonstrable". As none of the currently existing PPs contain such a statement, handling of the ASE_CCL.1-6 and related requirements needs to be defined.
Resolution
Given the restrictions stated in D.2, paragraph 441, for additional security objectives added to security targets beyond those in protection profiles, strict conformance is too restrictive, and therefore the most appropriate "default" conformance type should be "demonstrable". All PP's are considered to be of type demonstrable until they are revised to include a conformance type.
Support
"Demonstrable Conformance" is the broadest level of conformance, applying to all cases where the TOE provides a degree of security which is at least the same as that which the PP levies upon the TOE (or comparable to it):
-
The stated threats are addressed through the enforcement of the SFRs stated in the PP.
-
The stated threats are addressed through the enforcement of SFRs that are comparable to (but not the same as) those stated in the PP.
-
Threats that the PP omits (or relegates to the environment) are countered by the TOE.
That is to say, a TOE compliant with a PP that allows demonstrable compliance will provide the security features called for by the PP, perhaps more, and/or perhaps differently.
"Strict Conformance" is more restrictive. Specifically paragraph 441 in section D.2, states under these headings:
-
"Security problem definition": "The ST shall contain the security problem definition of the PP, may specify additional threats and OSPs, but may not specify additional assumptions."
-
"Security objectives": "[The ST] shall contain all security objectives for the operational environment ... but may not specify additional security objectives for the operational environment;"
Those prohibitions against additional assumptions and additional security objectives for the environment are at variance with the philosophy regarding PP's in CC V2. An example of which is in section B.2.8, paragraph 232: "If the ST claims compliance with the requirements of a PP but extends that PP by the addition of further objectives and requirements, then the ST shall define the additions ..."
Modification History:
- 2007-05-31
- PD Created. [ODRB May 2007 Agenda Item 3.a.vii]
References:
- PP_OS_CA_V1.d - Controlled Access Protection Profile, Version 1.d
- PP_OS_LS_V1.b - Labeled Security Protection Profile, Version 1.b
- RBAC_987 - Role-Based Access Control Protection Profile (Non-NIAP Validated)
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0267