TYPE: NIAP Interpretation
NUMBER: I-0391
STATUS: Withdrawn
REASON: This entry is not necessary. It claims there is a missing
mapping to require a correspondence between the HLD
specification of required hardware, firmware, etc (1.5C)
and the IT requirements, but this mapping is captured in
the CEM work unit ADV_HLD.1-5.
TITLE: Missing Mapping: IT Environment Requirements And High-
Level Design
SOURCE REFERENCE: CC v2.1 Part 3 Subclause 10.2 ADV_HLD
RELATED TO: <None>
ISSUE:
The CC requires that each ST "shall identify the IT security requirements that
are to be met by the IT environment of the TOE" (CC, Part 1, Section c.2.6
"b)"). The ADV_HLD.1.5C (CC, Part 3, Section 10.2) requires the "high-level
design shall identify any underlying hardware, firmware, and/or software
required by the TSF".
STATEMENT
A mapping is required between the security requirements for the IT environment
in the ST and the high-level design.
SUPPORT:
To ensure consistency between the ST and the
implementation, the CC should require a mapping between "security requirements
for the IT environment" in the ST and the ADV_HLD high-level design
requirement.
|
![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}