I-0384: Subsystems Interfaces Are Described At A High Level

TYPE:                 NIAP Interpretation
NUMBER:               I-0384
STATUS:               Pending on: ADV Rewrite
REASON:               Hold: Pending ADV Rewrite

TITLE:                Subsystems Interfaces Are Described At A High Level

SOURCE REFERENCE:     CC v2.1 Part 3 Subclause 10.2 ADV_HLD
RELATED TO:           <None>

ISSUE:

The intent of the ADV_HLD was to provide a high-level description of the design of the TSF, at a level of subsystems exchanging data. The current CC wording, however, provided an implication that was too close to the implementation. This resulted in interpretations that the identification of the subsystem interfaces was at the level of subsystem entry points. However, such an identification is, in reality, low-level design.

STATEMENT

The following interprets the ADV_HLD.1.6C element, and later incarnations of the element in hierarchically-higher components in the ADV_HLD family:

In the high-level design, identification of the subsystem interfaces is at the level of a design abstraction, not implementation.

RECOMMENDED CRITERIA CHANGES

To address this interpretation, ADV_HLD.1.6C should be changed to:

ADV_HLD.1.6C The high-level design shall identify the data flows between subsystems of the TSF.

This interpretation will require corresponding changes to the work units in the CEM dealing with ADV_HLD and test coverage analysis.

SUPPORT:

This interpretation corrects this misinterpretation, and calls for a description of subsystem interfaces at a level above that of the implementation. A common approach to this identification would be on the order of a data flow diagram, which illustrates the information flows between subsystems within the TSF.