I-0361: "Reference" Refers To A Citation Of The Text Source

TYPE:                 NIAP Interpretation
NUMBER:               I-0361
STATUS:               Withdrawn
REASON:               Upon further reflection, the IWG decided this was a
                      process issue, and there wasn't enough technical
                      justification for proceeding.

TITLE:                "Reference" Refers To A Citation Of The Text Source

SOURCE REFERENCE:     CC v2.1 Part 1 Subclause B.2.6
                      CC v2.1 Part 1 Subclause C.2.6
                      CC v2.1 Part 3 Subclause 4.5 APE_REQ
                      CC v2.1 Part 3 Subclause 5.6 ASE_REQ
RELATED TO:           <None>

ISSUE:

STATEMENT

APE_REQ.1.1D The PP developer shall provide a statement of IT security requirements as part of the PP.

APE_REQ.1.1C The statement of TOE security functional requirements shall identify the TOE security functional requirements drawn from CC Part 2 functional requirements components.

APE_REQ.1.1C The statement of TOE security functional requirements shall identify the TOE security functional requirements drawn from CC Part 2 functional requirements components.

It also addresses the parallel elements from the ASE_REQ family in Part 3 of the CC:

ASE_REQ.1.1D The developer shall provide a statement of IT security requirements as part of the ST.

ASE_REQ.1.1C The statement of TOE security functional requirements shall identify the TOE security functional requirements drawn from CC Part 2 functional requirements components.

ASE_REQ.1.2C The statement of TOE security assurance requirements shall identify the TOE security assurance requirements drawn from CC Part 3 assurance requirements components.

The elements above are interpreted with respect to the following statements in Part 1 of the CC:

Section B.2.6(c)1: All IT security requirements should be stated by reference to security requirements components drawn from Part 2 or Part 3 where applicable. Should none of the Part 2 or Part 3 requirements components be readily applicable to all or part of the security requirements, the PP may state those requirements explicitly without reference to the CC.

Section C.2.6(c)1: All IT security requirements should be stated by reference to security requirements components drawn from Part 2 or Part 3 where applicable. Should none of the Part 2 or Part 3 requirements components be readily applicable to all or part of the security requirements, the ST may state those requirements explicitly without reference to the CC.

When the CC talks about "stating by reference", it refers to providing a citation of the source of the text of elements. The actual text of the Part 2 or Part 3 element should be incorporated into the PP or ST.

RECOMMENDED CRITERIA CHANGES

TBD

SUPPORT:

Additionally, the cited statements from Part 1 refer, in the case of non-Part 2/Part 3 elements, to stating those requriements "explicitly without reference to the CC.". This implies that all the elements drawn from the CC should be stated with reference; that is, with an indication of their source in the CC. Such a reference would aid those individuals tasked with performing the PP or ST evaluation, which must ensure correct transcription and proper performance of operations.

The IWG notes that the CC and CEM does appear to support satisfaction of element inclusion solely by providing a reference; this can be seen in the objectives for APE_REQ, where it states:

The IT security requirements chosen for a TOE and presented or cited in an ST need to be evaluated in order to confirm that they are internally consistent and lead to the development of a TOE that will meet its security objectives.

Note the "or cited". However, the IWG feels that incorporating elements solely by citation in this fashion limits the usability of PPs/STs. The IWG recommends that if this interpretation is not accepted by the CCIMB, it be incoporated into the national scheme.