[Public Interpretations Database]

I-0354: Association Of Information Flow Attributes W/Subjects And Information

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0354
STATUS:               Formally Superseded

TITLE:                Association Of Information Flow Attributes W/Subjects And
                      Information
SUPERSEDED BY:        
     I-0417           Association Of Information Flow Attributes W/Subjects And Information

EFFECTIVE:            2000-03-27
SUPERSEDED:           2000-12-11

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 6.6 FDP_IFF
                      CC v2.1 Part 2 Subclause F.6 FDP_IFF
RELATED TO:
     I-0353           Association Of Access Control Attributes With Subjects And Objects
CCIMB ENTRY:          CCIMB-INTERP-0104,CCIMB-INTERP-0105

STATEMENT

The following interprets the FDP_IFF.1 and FDP_IFF.2 components:

Information Flow Control Policies shall provide a clear association of controlled entities (subjects, information) with relevent security attributes.

RECOMMENDED CRITERIA CHANGES

To address this interpretation, the FDP_IFF.1.1 and FDP_IFF.2.1 elements should be reworded to the following (additions marked thusly; deletions marked thusly):

FDP_IFF.x.1: The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: the minimum number and type of security attributes list of subjects and information controlled under the indicated SFP, and for each, the SFP-relevant security attributes]

In the Part 2 Annex (Section F.6), the second paragraph for the assignment operation for both FDP_IFF.1.1 and FDP_IFF.2.1 should be replaced with:

In FDP_IFF.x.1, the PP/ST should specify, for each type of controlled subject and information, the security attributes that are relevant to the specification of the SFP rules. For example, such security attributes may be things such the subject identifier, subject sensitivity label, subject clearance label, information sensitivity label, etc. The types of security attributes should be sufficient to support the environmental needs.

SUPPORT:

The CC wording for FDP_IFF.1.1 and FDP_IFF.1.2 is confusing and unclear when it refers to an assignment of "the minimum number and type of security attributes":

  • This is confusing in the area of "minimum number"; the annex fails to clarify this when it refers to a "minimum number...to support the environmental needs".

  • This is unclear in that it seems to call for a simple list of security attributes, without association of security attributes to the controlled entities.

This interpretation corrects this problem. It makes it clear that an appropriate assignment is one that provides, for each controlled entity, the SFP-relevant security attributes of that entity. This can be clearly provided as a two column table: one column is the controlled entity (subject, information), the other is a list of SFP-relevant security attributes for that controlled entity.