![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0401: Clarify Use Of Component Categorization Report
TYPE: NIAP Interpretation NUMBER: I-0401 STATUS: Withdrawn REASON: OBE, given the reworking of assurance maintenance TITLE: Clarify Use Of Component Categorization Report SOURCE REFERENCE: CC v2.1 Part 3 Subclause 16.1 AMA_AMP RELATED TO: <None>
ISSUE:
The AMA_AMP elements explicitly indicate that the Component Categorisation Report must be referenced. However, they do not provide any indication of why this is done; i.e., they do not subsequently use the categorisation.STATEMENT
The scope of changes should be described in terms of the component categorization.RECOMMENDED CRITERIA CHANGES
To address this interpretation, the following changes are made to CC v2.1:
(additions marked
thusly; deletions marked
thusly)
- AMA_AMP.1 is relabeled as AMA_AMP.1-NIAP-0401. Unless otherwise noted in these changes, all normative and informative material associated with AMA_AMP.1 is incorporated unchanged into AMA_AMP.1-NIAP-0401, and all references to AMA_AMP.1 in the CC, CEM, or other Common Criteria documentation are changed to refer to AMA_AMP.1-NIAP-0401.
- Element AMA_AMP.1.4C is replaced with the following:
AMA_AMP.1.4-NIAP-0401C The AM Plan shall define the scope of changes to the TOE that are covered by the plan in terms of the category of components of the TOE that may be changed.
SUPPORT:
The interpretation clarifies that the scope of changes are expressed in the AM Plan in terms of the category of components, thus tying the AM Plan to the Component Categorisation Report, and providing a rationale for including a reference.Note: One can argue that this change makes AMA_AMP.1.3C unneccessary. However, retaining AMA_AMP.1.3C provides an explicit tie to the Component Categorisation Report.