[Public Interpretations Database]

I-0365: Broad Consistency And Coherency Of Application Notes In A PP

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0365
STATUS:               Tabled
REASON:               The IWG was split on whether broad consistency for
                      application notes should be mandated. We decided to table
                      the issue until concensus was reached.

TITLE:                Broad Consistency And Coherency Of Application Notes In A
                      PP

SOURCE REFERENCE:     CC v2.1 Part 3 Clause 4 APE
                      CEM v1.0 Part 2 Clause 3
RELATED TO:
     I-0364           Application Notes In Protection Profiles Are Informative Only
     I-0379           How To Require User/Admin Documentation For Functional Components

ISSUE:

I-0364 (I-0421) clarifies that application notes are informative, yet there are no elements that validate that the application notes in a profile exhibit this characteristic.

STATEMENT

The following interprets the entire APE class within Part 3 of the Common Criteria:

Any application notes provided as part of a PP must be consistent with the remainder of the PP and must be clearly informative.

RECOMMENDED CRITERIA CHANGES

In order to address this intepretation, the Evaluator Actions in CEM v1.0 should be updated to indicate that:

  1. Consistency analysis includes verifying that the application notes do not conflict with the remainder of the PP.

  2. Coherency analysis includes verifying that the nature of application notes as informative material is clear.

SUPPORT:

The goal of this queue entry is to provide that validation, and to further validate that they application notes do not contradict information elsewhere in the PP.

The problem in constructing such a requirement is that application notes may appear almost anywhere in a PP. Hence, one might argue that a new family needs to be created. The problem with that approach is that the developer action element then needs to be worded "The developer may provide application notes", which is clearly inappropriate.

An alternate approach to that taken in this queue entry would be to add explanatory material to the CEM clarifying how the requriement to ensure coherency and internal consistency applies to application notes. That is the approach taken in this interpretation.