[Public Interpretations Database]

I-0399: Flaw Remediation Is Independent Of Maintenance Of Assurance

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0399
STATUS:               Tabled
REASON:               This may be duplicated by CCIMB-INTERP-0059; tabled
                      pending resolution of CCIMB-INTERP-0059.

TITLE:                Flaw Remediation Is Independent Of Maintenance Of
                      Assurance

SOURCE REFERENCE:     CC v2.1 Part 3 Subclause 16.1 AMA_AMP
RELATED TO:           <None>

ISSUE:

AMA_AMP.1 is concerned with planning for the maintenance of assurance as changes are made to the TOE. These changes may be the result of a flaw remediation process, but that is not germane to the AMA_AMP requirements. A good flaw remediation process is wonderful, but this is not a requirement for AMA_AMP.

STATEMENT

The following interprets the AMA_AMP.1.11C element:

AMA_AMP.1.11C The AM Plan shall describe or reference the procedures to be applied to maintain the assurance in the TOE, which as a minimum shall include the procedures for configuration management, maintenance of assurance evidence, performance of the analysis of the security impact of changes affecting the TOE, and flaw remediation.

Flaw remediation processes are independent of maintenance of assurance.

RECOMMENDED CRITERIA CHANGES

To address this interpretation, the following changes should be made to Part 3 of the Common Criteria: (additions marked thusly; deletions marked thusly)

  • In the AMA_AMP.1 dependency list, delete "ALC_FLR.1 Basic flaw remediation".

  • Make the indicated changes to AMA_AMP.1.11C:

    AMA_AMP.1.11C The AM Plan shall describe or reference the procedures to be applied to maintain the assurance in the TOE, which as a minimum shall include the procedures for configuration management, maintenance of assurance evidence, performance of the analysis of the security impact of changes affecting the TOE, and flaw remediation.

  • In paragraph 543, make the indicated changes:

    The AM Plan is required to define or reference the procedures that will be applied to ensure that assurance in the TOE is maintained during the assurance maintenance cycle. Four Three types of procedure are identified that should be applied:

    [...]

    d) flaw remediation procedures, covering the tracking and correction of reported security flaws (as required by ALC_FLR.1).

SUPPORT:

With respect to AMA_AMP, how the changes get proposed and otherwise tracked is not the issue. AMA_AMP is concerned primarily with the analysis of the changed TOE in light of maintenance of assurance.

In short AMA is an alternative to a new evaluation. As such the source of changes is less important than the end result of these changes. AMA seeks to ensure that the claims made about the TOE are still true after the changes have been incorporated