![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0368: Assumptions Related To Security Objectives For The Environment
TYPE: NIAP Interpretation
NUMBER: I-0368
STATUS: Pending on: APE/ASE Rewrite
REASON: Hold - Pending ASE/APE Rewrite
TITLE: Assumptions Related To Security Objectives For The
Environment
SOURCE REFERENCE: CC v2.1 Part 1 Subclause B.2.4
CC v2.1 Part 1 Subclause B.2.5
CC v2.1 Part 3 Subclause 4.2 APE_ENV
CC v2.1 Part 3 Subclause 4.4 APE_OBJ
RELATED TO: <None>
ISSUE:
There is an inconsistency between Section B.2.4(a) in Part 1 and Section B.2.5(b) in Part 1 (and the corresponding sections in Part 3, which are APE_ENV.1.1C and APE_OBJ.1.3C).STATEMENT
The following interprets Annex B of Part 1 and the corresponding sections in the APE class in Part 3:Assumptions related to security objectives for the environment only.
RECOMMENDED CRITERIA CHANGES
TBD
SUPPORT:
Section B.2.4(a) says:A description of assumptions shall describe the security aspects of the environment in which the TOE will be used or is intended to be used.
Section B.2.5(b) says:
b) The security objectives for the environment shall be clearly stated and traced back to aspects of identified threats not completely countered by the TOE and/or organisational security policies or assumptions not completely met by the TOE.
Section B.2.5(b) can be interpreted to read that assumptions may related to security objectives for the TOE. This is an incorrect interpretation; assumptions are more properly in line with the words in Section B.2.4(a).
As a result of this queue entry, Sections B.2.4(a) and B.2.5(b) should be modified to make them consistent with this interpretations. There should also be corresponding changes to the Part 3 components.