[Public Interpretations Database]

I-0355: Evaluation Of The TOE Summary Specification: Part 1 Vs Part 3

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0355
STATUS:               Formally Superseded

TITLE:                Evaluation Of The TOE Summary Specification: Part 1 Vs
                      Part 3
SUPERSEDED BY:        
     I-0418           Evaluation Of The TOE Summary Specification: Part 1 Vs Part 3

EFFECTIVE:            2000-03-27
SUPERSEDED:           2000-12-05

SOURCE REFERENCE:     CC v2.1 Part 1 Subclause C.2.9
                      CC v2.1 Part 3 Subclause 5.8 ASE_TSS
RELATED TO:           <None>

STATEMENT

The following interprets the ASE_TSS requirements in their interaction with the Part 1 (Annex C) specification of the TOE Summary Specification:

The Part 1 Annex C specification of the TOE Summary Specification is a more complete list of requirements than is found in the ASE_TSS elements in Part 3.

RECOMMENDED CRITERIA CHANGES

To address this interpretation, the following elements should be added to Part 3:

  • ASE_TSS.1.11C: The TOE summary specification shall demonstrate that the strength of TOE function claims made are valid, or demonstrate that assertions that such claims are unnecessary are valid.

  • ASE_TSS.1.12C: The TOE summary specification rationale shall be presented at a level of detail that matches the level of detail of the definition of security functions.

Additionally, new work units for ASE_TSS should be created in the CEM to address any new Content and Presentation of Evidence elements.

SUPPORT:

The goal of the ASE_TSS elements is to capture the requirements stated in the normative text in Part 1, Section C.2.9. For the most part, this is true. However, there are two requirements in Section C.2.9 that are not completely captured in ASE_TSS.

Part 1, Section C.2.9 says:

c) The TOE summary specification rationale shall show that the TOE security functions and assurance measures are suitable to meet the TOE security requirements.

The following shall be demonstrated:

1) that the combination of specified TOE IT security functions work together so as to satisfy the TOE security functional requirements;

2) that the strength of TOE function claims made are valid, or that assertions that such claims are unnecessary are valid.

3) that the claim is justified that the stated assurance measures are compliant with the assurance requirements.

The statement of rationale shall be presented at a level of detail that matches the level of detail of the definition of the security functions.

The first sentence of C.2.9 "c)" is verbatim in ASE_TSS.1.5C. Item 1 is stated in ASE_TSS.1.6C. Item 2 doesn't appear in ASE_TSS. Item 3 appears in ASE_TSS.1.8C. The last paragraph of C.2.9 "c)" is not addressed in ASE_TSS.

Thus, there are two portions of Part 1 that are not addressed in Part 3: C.2.9 "c)2)" and the second paragraph of C.2.9 "c)". This interpretation brings the Part 3 requirements on the TOE Summary Specification into agreement with the Part 1 normative material.