![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0392: AVA_MSU Does Not Mandate Extra Functions In The TOE
TYPE: NIAP Interpretation NUMBER: I-0392 STATUS: Sent to CCEVS Management and CCIMB for Review TITLE: AVA_MSU Does Not Mandate Extra Functions In The TOE FIRST POST: [cc-cmt 00360] SOURCE REFERENCE: CC v2.1 Part 3 Subclause 14.2 AVA_MSU.1 RELATED TO: <None> CCIMB ENTRY: CCIMB-INTERP-0247
ISSUE:
The AVA_MSU.1.3E element, as currently stated, is insolvable due to the word "all". Although the AVA_MSU.1.3E is not meant to mandate extra functions in the TOE, the current wording can easily be read to call for such functions in the TSF.STATEMENT
The evaluator is only required to determine that the guidance documentation is sufficient to allow detection of those insecure states detectable through either procedures or functions already available in the TOE.RECOMMENDED CRITERIA CHANGES
To address this interpretation, the following changes are made to CC v2.1 Part
3 (notation:
additions;
deletions):
- Subclause 14.2, AVA_MSU.1.3E is changed as follows:
AVA_MSU.1.3-NIAP-0392E The evaluator shall determine that use of the guidance document allows all insecure states identifiable through the TSFI to be detected.
- Subclause 14.2, AVA_MSU.2.3E is changed as follows:
AVA_MSU.2.3-NIAP-0392E The evaluator shall determine that use of the guidance document allows all insecure states identifiable through the TSFI to be detected.
- Subclause 14.2, AVA_MSU.3.3E is changed as follows:
AVA_MSU.3.3-NIAP-0392E The evaluator shall determine that use of the guidance document allows all insecure states identifiable through the TSFI to be detected.