I-0395: Security Attributes Include Attributes Of Information And Resources

TYPE:                 NIAP Interpretation
NUMBER:               I-0395
STATUS:               Formally Superseded

TITLE:                Security Attributes Include Attributes Of Information And
                      Resources
SUPERSEDED BY:        
     CCIMB-INTERP-0151

EFFECTIVE:            2001-03-15
SUPERSEDED:           2003-10-31

SOURCE REFERENCE:     CC v2.1 Part 1 Subclause 2.3
RELATED TO:
     I-0351           User Attributes To Be Bound Should Be Specified
CCIMB ENTRY:          CCIMB-INTERP-0151

ISSUE:

There is a discrepancy between the definition of "Security attribute" in Part 1 and the use of the term in other portions of the CC, where security attributes are referred to in the context of information and resources.

STATEMENT

The term "security attribute" also applies to security-related characteristics associated with information (under an information flow policy) and resources.

RECOMMENDED CRITERIA CHANGES

To address this interpretation, the following changes are made to CC v2.1, Part 1: (additions marked thusly; deletions marked ~~thusly~~)

Subclause 2.3, paragraph 46 is changed as follows:
Security attribute--~~Information associated with~~ Characteristics of subjects, users, ~~and/or~~ objects, information, and/or resources that is used for the enforcement of the TSP.

SUPPORT:

The modification of this definition extends the definition of "security attribute" to "information" (as used in FDP_IFC and FDP_IFF) and resources. The definition is also changed to eliminate using the term "information" in two different contexts.