[Public Interpretations Database]

I-0407: Empty Selections Or Assignments

 
TYPE:                 Guidance
NUMBER:               I-0407
STATUS:               Approved, Acceptable to CCIMB, No CCIMB Interpretation

TITLE:                Empty Selections Or Assignments

EFFECTIVE:            2002-01-04

SOURCE REFERENCE:     CC v2.1 Part 1 Subclause 4.4.1
                      CC v2.1 Part 2 Subclause 3.2 FAU_GEN.1
                      CC v2.1 Part 2 Subclause 3.3 FAU_SAA.1
                      CC v2.1 Part 2 Subclause 3.5 FAU_SEL.1
                      CC v2.1 Part 2 Subclause 3.6 FAU_STG.4
                      CC v2.1 Part 2 Subclause 3.6 FAU_STG.NIAP-0414-1
                      CC v2.1 Part 2 Subclause 6.2 FDP_ACF.1
                      CC v2.1 Part 2 Subclause 6.4 FDP_ETC.2
                      CC v2.1 Part 2 Subclause 6.6 FDP_IFF
                      CC v2.1 Part 2 Subclause 6.7 FDP_ITC.2
                      CC v2.1 Part 2 Subclause C.2 FAU_GEN.1
                      CC v2.1 Part 2 Subclause C.3 FAU_SAA.1
                      CC v2.1 Part 2 Subclause C.5 FAU_SEL.1
                      CC v2.1 Part 2 Subclause C.6 FAU_STG.4
                      CC v2.1 Part 2 Subclause C.6 FAU_STG.NIAP-0414-1
                      CC v2.1 Part 2 Subclause F.2 FDP_ACF.1
                      CC v2.1 Part 2 Subclause F.4 FDP_ETC.2
                      CC v2.1 Part 2 Subclause F.6 FDP_IFF
                      CC v2.1 Part 2 Subclause F.7 FDP_ITC.2
RELATED TO:
     I-0429           Selecting One Or More
CCIMB ENTRY:          CCIMB-INTERP-0200

ISSUE:

CC v2.1 is ambiguous as to whether assignments could be completed by selecting none, i.e., providing no list. Similarly, it is unclear whether "none" is available as a selection. In some cases, "none" is given as an option in the Annex, but not indicated in the normative portion of Part 2.

STATEMENT

Assignments must be non-empty. The CC must be clear when a null choice is an appropriate option.

SPECIFIC INTERPRETATION

[Note: The changes stated below are ADVISORY ONLY, and represent one approach to addressing the guidance in the statement. Other approaches that achieve the same goal are acceptable.]

To address this interpretation, the following changes are made to CC v2.1, Part 1: (additions marked thusly; deletions marked thusly)

  • Add the following paragraph before paragraph 149 in CC v2.1 Part 1:

    Lists used to complete assignments must be non-empty. "None" (or equivalent wording) is only available as a choice if it is explicitly provided; furthermore, if the "none" option is chosen, no additional selection options may be chosen. If "none" is not given as an option in a selection, it is permissible to combine the choices in a selection with "and"s and "or"s.

To address this interpretation, the following changes are made to CC v2.1, Part 2: (additions marked thusly; deletions marked thusly)

  • FAU_GEN.1 is relabeled as FAU_GEN.1-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FAU_GEN.1 is incorporated unchanged into FAU_GEN.1-NIAP-0407, and all references to FAU_GEN.1 in the CC, CEM, or other Common Criteria documentation are changed to refer to FAU_GEN.1-NIAP-0407.

  • Subclause 3.2, FAU_GEN.1 is modified as follows:

    FAU_GEN.1.1-NIAP-0407 The TSF shall be able to generate an audit record of the following auditable events:

    a) Start-up and shutdown of the audit functions;

    b) All auditable events for the [selection: minimum, basic, detailed, not specified] level of audit; and

    c) [selection: [assignment: other specifically defined auditable events], "no additional events"].

    FAU_GEN.1.2-NIAP-0407 The TSF shall record within each audit record at least the following information:

    a) Date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event; and

    b) For each audit event time, based on the auditable event definitions of the functional components included in the PP/ST, [selection: [assignment: other audit relevant information], "no other information"]

  • The following is added after Subclause C.2, paragraph 567:

    For FAU_GEN.1.1-NIAP-0407c, the PP/ST author should select "no additional events" if there are no additional events to be audited. In such a case, the assignment should not be completed.

    For FAU_GEN.1.2-NIAP-0407b, the PP/ST author should select "no other information" if the only information to be recorded is that listed in item a. In such a case, the assignment should not be completed.

  • Subclause C.2, paragraphs 568 and 569 are modified as follows:

    For FAU_GEN.1.1-NIAP-0407c, the PP/ST author should assign a list of other specifically defined auditable events to be included in the list of auditable events. These events could be auditable events of a functional requirement that are of higher audit level than requested in FAU_GEN.1.1b, as well as the events generated through the use of a specified Application Programming Interface (API). This assignment need not be completed if "no additional events" was selected.

    For FAU_GEN.1.2-NIAP-0407b, the PP/ST author should assign, for each auditable events included in the PP/ST, a list of other audit relevant information to be included in audit event records. This assignment need not be completed if "no additional events" was selected.

  • FAU_SAA.1 is relabeled as FAU_SAA.1-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FAU_SAA.1 is incorporated unchanged into FAU_SAA.1-NIAP-0407, and all references to FAU_SAA.1 in the CC, CEM, or other Common Criteria documentation are changed to refer to FAU_SAA.1-NIAP-0407.

  • Subclause 3.3, FAU_SAA.1 is modified as follows:

    FAU_SAA.1.2-NIAP-0407 The TSF shall enforce the following rules for monitoring audited events:

    a) Accumulation or combination of [assignment: subset of defined auditable events] known to indicate a potential security violation;

    b) [selection: [assignment: any other rules], "no additional rules"]

  • The following is added after Subclause C.3, paragraph 576:

    Selection:

    For FAU_SAA.1.2-NIAP-0407b, the PP/ST author should select "no additional rules" if there are no additional rules to be applied. In such a case, the assignment should not be completed.

  • Subclause C.3, paragraph 577, is modified as follows:

    In FAU_SAA.1.2-NIAP-0407.b, the PP/ST author should specify any other rules that the TSF should use in its analysis of the audit trail. Those rules could include specific requirements to express the needs for the events to occur in a certain period of time (e.g. period of the day, duration). This assignment need not be completed if "no additional rules" was selected.

  • FAU_SEL.1 is relabeled as FAU_SEL.1-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FAU_SEL.1 is incorporated unchanged into FAU_SEL.1-NIAP-0407, and all references to FAU_SEL.1 in the CC, CEM, or other Common Criteria documentation are changed to refer to FAU_SEL.1-NIAP-0407.

  • Subclause 3.5, FAU_SEL.1 is modified as follows:

    FAU_SEL.1.1-NIAP-0407 The TSF shall be able to include or exclude auditable events from the set of audited events based on the following attributes:

    a) [selection: object identity, user identity, subject identity, host identity, event type]

    b) [selection: [assignment: list of additional attributes that audit selectivity is based upon], "no additional attributes"]

  • The following is added after Subclause C.5, paragraph 624:

    For FAU_SEL.1.1-NIAP-0407b, the PP/ST author should select "no additional attributes" if there are no additional attributes upon which audit selectivity is based. In such a case, the assignment should not be completed.

  • Subclause C.5, paragraph 625, is modified as follows:

    For FAU_SEL.1.1-NIAP-0407b, the PP/ST author should specify any additional attributes upon which audit selectivity is based. This assignment should not be completed if "no additional attributes" was selected.

  • FAU_STG.4 is relabeled as FAU_STG.4-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FAU_STG.4 is incorporated unchanged into FAU_STG.4-NIAP-0407, and all references to FAU_STG.4 in the CC, CEM, or other Common Criteria documentation is changed to refer to FAU_STG.4-NIAP-0407.

  • Subclause 3.6, FAU_STG.4 is modified as follows:

    FAU_STG.4.1-NIAP-0407 The TSF shall [selection: "ignore auditable events", "prevent auditable events, except those taken by the authorised user with special rights", "overwrite the oldest stored audit records"] and [selection: [assignment: other actions to be taken in case of audit storage failure], "take no other actions"] if the audit trail is full.

  • The following is added after Subclause C.6, paragraph 639:

    For FAU_STG.4-NIAP-0407.1, the PP/ST author should select "take no other actions" if there are no additional actions to be taken when the audit trail is full. In such a case, the assignment should not be completed.

  • Subclause C.6, paragraph 640, is modified as follows:

    In FAU_STG.4.1-NIAP-0407, the PP/ST author should specify other actions that should be taken in case of audit storage failure, such as informing the authorised user. This assignment should not be completed if "take no other actions" was selected.

  • Subclause 3.6, FAU_STG.NIAP-0414-1 is modified as follows:

    FAU_STG.NIAP-0414-1.1-NIAP-0407. The TSF shall provide an authorised administrator with the capability to select one or more of the following actions [selection: "ignore auditable events", "prevent auditable events, except those taken by the authorised user with special rights", "overwrite the oldest stored audit records"] and [selection: [assignment: other actions to be taken in case of audit storage failure], "no additional options"] to be taken if the audit trail is full.

    FAU_STG.NIAP-0414-1.2-NIAP-0407 The TSF shall [selection: "ignore auditable events", "prevent auditable events, except those taken by the authorised user with special rights", "overwrite the oldest stored audit records"] and [selection: [assignment: other actions to be taken in case of audit storage failure], "take no other actions"] if the audit trail is full.

  • The following is added in Subclause C.6, in the annex text for FAU_STG.NIAP-0414-1, in the "Operations" section, in the "Selection:" subsection, after the first paragraph:

    For FAU_STG.NIAP-0414-1.1-NIAP-0407, the PP/ST author should select "no additional options" if there are no additional options to be provided to an authorised user. In such a case, the assignment should not be completed.

  • The following is added in Subclause C.6, in the annex text for FAU_STG.NIAP-0414-1, in the "Operations" section, in the "Selection:" subsection, after the last paragraph:

    For FAU_STG.NIAP-0414-1.2-NIAP-0407, the PP/ST author should select "take no other actions" if there are no additional actions to be taken when the audit trail is full. In such a case, the assignment should not be completed.

  • In Subclause C.6, in the annex text for FAU_STG.NIAP-0414-1, in the "Operations" section, the "Assignment" text is modified as follows:

    In FAU_STG.NIAP-0414-1.1-NIAP-0407, the PP/ST author should specify other actions that should be taken in case of audit storage failure, such as informing an authorized user. This assignment should not be completed if "no additional options" was selected.

    In FAU_STG.NIAP-0414-1.2-NIAP-0407, the PP/ST author should specify other actions that should be taken in case of audit storage failure when no action has been selected, such as informing the authorized user. This assignment should not be completed if "take no other actions" was selected.

  • FDP_ACF.1-NIAP-0416 is relabeled as FDP_ACF.1-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FDP_ACF.1-NIAP-0416 is incorporated unchanged into FDP_ACF.1-NIAP-0407, and all references to FDP_ACF.1-NIAP-0416 in the CC, CEM, or other Common Criteria documentation are changed to refer to FDP_ACF.1-NIAP-0407.

  • Subclause 6.2, FDP_ACF.1-NIAP-0416 is modified as follows:

    FDP_ACF.1.3-NIAP-0407 The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [selection: [assignment: rules, based on security attributes, that explicitly authorise access of subjects to objects], "no additional rules"]

    FDP_ACF.1.4-NIAP-0407 The TSF shall explicitly deny access of subjects to objects based on the following rules: [selection: [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects], "no additional explicit denial rules"]

  • In Subclause F.2, the following is added after the "Operations" subheader after paragraph 761:

    Selection:

    For FDP_ACF.1.3-NIAP-0407, the PP/ST author should select "no additional rules" if there are no additional rules used to explicitly authorise access. In such a case, the assignment should not be completed.

    For FDP_ACF.1.4-NIAP-0407, the PP/ST author should select "no additional explicit denial rules" if there are no additional rules used to explicitly denial access. In such a case, the assignment should not be completed.

  • Subclause F.2, paragraph 765 and 766, are modified as follows:

    In FDP_ACF.1.3-NIAP-0407, the PP/ST author should specify the rules, based on security attributes, that explicitly authorise access of subjects to objects that will be used to explicitly authorise access. These rules are in addition to those specified in FDP_ACF.1.1. They are included in FDP_ACF.1.3 as they are intended to contain exceptions to the rules in FDP_ACF.1.1. An example of rules to explicitly authorise access is based on a privilege vector associated with a subject that always grants access to objects covered by the access control SFP that has been specified. If such a capability is not desired, then the PP/ST author should select specify "none" "no additional rules" instead.

    In FDP_ACF.1.4-NIAP-0407, the PP/ST author should specify the rules, based on security attributes, that explicitly deny access of subjects to objects. These rules are in addition to those specified in FDP_ACF.1.1. They are included in FDP_ACF.1.4 as they are intended to contain exceptions to the rules in FDP_ACF.1.1. An example of rules to explicitly deny access is based on a privilege vector associated with a subject that always denies access to objects covered by the access control SFP that has been specified. If such a capability is not desired, then the PP/ST author should select specify "none" "no additional explicit denial rules" instead.

  • FDP_ETC.2 is relabeled as FDP_ETC.2-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FDP_ETC.2 is incorporated unchanged into FDP_ETC.2-NIAP-0407, and all references to FDP_ETC.2 in the CC, CEM, or other Common Criteria documentation are changed to refer to FDP_ETC.2-NIAP-0407.

  • Subclause 6.4, FDP_ETC.2 is modified as follows:

    FDP_ETC.2.4-NIAP-0407 The TSF shall enforce the following rules when user data is exported from the TSC: [selection: [assignment: additional exportation control rules], "no additional rules"]

  • In subclause F.4, the following is added after the "Operations" subheader after paragraph 783:

    Selection:

    For FDP_ETC.2.4-NIAP-0407, the PP/ST author should select "no additional rules" if there are no additional exportation control rules. In such a case, the assignment should not be completed.

  • Subclause F.4, paragraph 784, is modified as follows:

    In FDP_ETC.2.4-NIAP-0407, the PP/ST author should specify any additional exportation control rules or "none" if there are no additional exportation control rules. These rules will be enforced by the TSF in addition to the access control SFPs and/or information flow control SFPs selected in FDP_ETC.2.1. This assignment should not be completed if "no additional rules" was selected.

  • FDP_IFF.1-NIAP-0417 is relabeled as FDP_IFF.1-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FDP_IFF.1-NIAP-0417 is incorporated unchanged into FDP_IFF.1-NIAP-0407, and all references to FDP_IFF.1-NIAP-0417 in the CC, CEM, or other Common Criteria documentation are changed to refer to FDP_IFF.1-NIAP-0407.

  • Subclause 6.6, FDP_IFF.1 is modified as follows:

    FDP_IFF.1.3-NIAP-0407 The TSF shall enforce the following information flow control rules: [selection: [assignment: additional information flow control SFP rules], "no additional information flow control SFP rules"]

    FDP_IFF.1.4-NIAP-0407 The TSF shall provide the following [selection: [assignment: list of additional SFP capabilities], "no additional SFP capabilities"]

    FDP_IFF.1.5-NIAP-0407 The TSF shall explicitly authorise an information flow based on the following rules: [selection: [assignment: rules, based on security attributes, that explicitly authorise information flows], "no explicit authorisation rules"]

    FDP_IFF.1.6-NIAP-0407 The TSF shall explicitly deny an information flow based on the following rules: [selection: [assignment: rules, based on security attributes, that explicitly deny information flows], "no explicit denial rules"]

  • In subclause F.6, the following is added after the "Operations" subheader after paragraph 808:

    Selection:

    For FDP_IFF.1.3-NIAP-0407, the PP/ST author should select "no additional information flow control SFP rules" if there are no additional rules. In such a case, the assignment should not be completed.

    For FDP_IFF.1.4-NIAP-0407, the PP/ST author should select "no additional SFP capabilities" if there are no additional capabilities to be provided by the TOE for the SFP. In such a case, the assignment should not be completed.

    For FDP_IFF.1.5-NIAP-0407, the PP/ST author should select "no explicit authorisation rules" if there are no additional rules that govern authorisation. In such a case, the assignment should not be completed.

    For FDP_IFF.1.6-NIAP-0407, the PP/ST author should select "no explicit denial rules" if there are no additional rules that govern denial. In such a case, the assignment should not be completed.

  • Subclause F.6, paragraphs 812 through 815 are modified as follows:

    In FDP_IFF.1.3-NIAP-0407 the PP/ST author should specify any additional information flow control SFP rules that the TSF is to enforce. If there are no additional rules then the PP/ST author should specify "none" select "no additional information flow control SFP rules" instead, in which case this assignment should not be completed.

    In FDP_IFF.1.4-NIAP-0407 the PP/ST author should specify any additional SFP capabilities that the TSF is to provide. If there are no additional capabilities then the PP/ST author should specify "none" select "no additional SFP capabilities" instead, in which case this assignment should not be completed.

    In FDP_IFF.1.5-NIAP-0407, the PP/ST author should specify the rules, based on security attributes, that explicitly authorise information flows. These rules are in addition to those specified in the preceding elements. They are included in FDP_IFF.1.5 as they are intended to contain exceptions to the rules in the preceding elements. An example of rules to explicitly authorise information flows is based on a privilege vector associated with a subject that always grants the subject the ability to cause an information flow for information that is covered by the SFP that has been specified. If such a capability is not desired, then the PP/ST author should specify "none" select "no explicit authorisation rules" instead, in which case this assignment should not be completed.

    In FDP_IFF.1.6-NIAP-0407, the PP/ST author should specify the rules, based on security attributes, that explicitly deny information flows. These rules are in addition to those specified in the preceding elements. They are included in FDP_IFF.1.6 as they are intended to contain exceptions to the rules in the preceding elements. An example of rules to explicitly authorise information flows is based on a privilege vector associated with a subject that always denies the subject the ability to cause an information flow for information that is covered by the SFP that has been specified. If such a capability is not desired, then the PP/ST author should specify "none" select "no explicit denial rules" instead, in which case this assignment should not be completed.

  • FDP_IFF.2-NIAP-0417 is relabeled as FDP_IFF.2-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FDP_IFF.2-NIAP-0417 is incorporated unchanged into FDP_IFF.2-NIAP-0407, and all references to FDP_IFF.2-NIAP-0417 in the CC, CEM, or other Common Criteria documentation are changed to refer to FDP_IFF.2-NIAP-0407.

  • Subclause 6.6, FDP_IFF.2 is modified as follows:

    FDP_IFF.2.3-NIAP-0407 The TSF shall enforce the following information flow control rules: [selection: [assignment: additional information flow control SFP rules], "no additional information flow control SFP rules"]

    FDP_IFF.2.4-NIAP-0407 The TSF shall provide the following [selection: [assignment: list of additional SFP capabilities], "no additional SFP capabilities"]

    FDP_IFF.2.5-NIAP-0407 The TSF shall explicitly authorise an information flow based on the following rules: [selection: [assignment: rules, based on security attributes, that explicitly authorise information flows], "no explicit authorisation rules"]

    FDP_IFF.2.6-NIAP-0407 The TSF shall explicitly deny an information flow based on the following rules: [selection: [assignment: rules, based on security attributes, that explicitly deny information flows], "no explicit denial rules"]

  • In subclause F.6, the following is added after the "Operations" subheader after paragraph 822:

    Selection:

    For FDP_IFF.2.3-NIAP-0407, the PP/ST author should select "no additional information flow control SFP rules" if there are no additional rules. In such a case, the assignment should not be completed.

    For FDP_IFF.2.4-NIAP-0407, the PP/ST author should select "no additional SFP capabilities" if there are no additional capabilities to be provided by the TOE for the SFP. In such a case, the assignment should not be completed.

    For FDP_IFF.2.5-NIAP-0407, the PP/ST author should select "no explicit authorisation rules" if there are no additional rules that govern authorisation. In such a case, the assignment should not be completed.

    For FDP_IFF.2.6-NIAP-0407, the PP/ST author should select "no explicit denial rules" if there are no additional rules that govern denial. In such a case, the assignment should not be completed.

  • Subclause F.6, paragraphs 824 through 827 are modified as follows:

    In FDP_IFF.2.3-NIAP-0407 the PP/ST author should specify any additional information flow control SFP rules that the TSF is to enforce. If there are no additional rules then the PP/ST author should specify "none" select "no additional information flow control SFP rules" instead, in which case this assignment should not be completed.

    In FDP_IFF.2.4-NIAP-0407 the PP/ST author should specify any additional SFP capabilities that the TSF is to provide. If there are no additional capabilities then the PP/ST author should specify "none" select "no additional SFP capabilities" instead, in which case this assignment should not be completed.

    In FDP_IFF.2.5-NIAP-0407, the PP/ST author should specify the rules, based on security attributes, that explicitly authorise information flows. These rules are in addition to those specified in the preceding elements. They are included in FDP_IFF.2.5 as they are intended to contain exceptions to the rules in the preceding elements. An example of rules to explicitly authorise information flows is based on a privilege vector associated with a subject that always grants the subject the ability to cause an information flow for information that is covered by the SFP that has been specified. If such a capability is not desired, then the PP/ST author should specify "none" select "no explicit authorisation rules" instead, in which case this assignment should not be completed.

    In FDP_IFF.2.6-NIAP-0407, the PP/ST author should specify the rules, based on security attributes, that explicitly deny information flows. These rules are in addition to those specified in the preceding elements. They are included in FDP_IFF.2.6 as they are intended to contain exceptions to the rules in the preceding elements. An example of rules to explicitly authorise information flows is based on a privilege vector associated with a subject that always denies the subject the ability to cause an information flow for information that is covered by the SFP that has been specified. If such a capability is not desired, then the PP/ST author should specify "none" select "no explicit denial rules" instead, in which case this assignment should not be completed.

  • FDP_ITC.1 is relabeled as FDP_ITC.1-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FDP_ITC.1 is incorporated unchanged into FDP_ITC.1-NIAP-0407, and all references to FDP_ITC.1 in the CC, CEM, or other Common Criteria documentation are changed to refer to FDP_ITC.1-NIAP-0407.

  • Subclause 6.7, FDP_ITC.1 is modified as follows:

    FDP_ITC.1.3-NIAP-0407 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TSC: [selection: [assignment: additional importation control rules], "no additional rules"]

  • In subclause F.7, the following is added after the "Operations" subheader after paragraph 855:

    Selection:

    For FDP_ITC.1.3-NIAP-0407, the PP/ST author should select "no additional rules" if there are no additional importation control rules. In such a case, the assignment should not be completed.

  • Subclause F.7, paragraph 857, is modified as follows:

    In FDP_ITC.1.3-NIAP-0407, the PP/ST author should specify any additional importation control rules or "none" select "no additional rules" if there are no additional importation control rules. These rules will be enforced by the TSF in addition to the access control SFPs and/or information flow control SFPs selected in FDP_ITC.1.1. This assignment should not be completed if "no additional rules" was selected.

  • FDP_ITC.2 is relabeled as FDP_ITC.2-NIAP-0407. Unless otherwise noted in these changes, all normative and informative material associated with FDP_ITC.2 is incorporated unchanged into FDP_ITC.2-NIAP-0407, and all references to FDP_ITC.2 in the CC, CEM, or other Common Criteria documentation are changed to refer to FDP_ITC.2-NIAP-0407.

  • Subclause 6.7, FDP_ITC.2 is modified as follows:

    FDP_ITC.2.5-NIAP-0407 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TSC: [selection: [assignment: additional importation control rules], "no additional importation rules"]

  • In subclause F.7, the following is added after the "Operations" subheader after paragraph 858:

    Selection:

    For FDP_ITC.2.5-NIAP-0407, the PP/ST author should select "no additional importation rules" if there are no additional importation rules. In such a case, the assignment should not be completed.

  • Subclause F.7, paragraph 860, is modified as follows:

    In FDP_ITC.2.5-NIAP-0407, the PP/ST author should specify any additional importation control rules or "none" select "no additional importation rules if there are no additional importation rules. These rules will be enforced by the TSF in addition to the access control SFPs and/or information flow control SFPs selected in FDP_ITC.2.1. This assignment should not be completed if "no additional rules" was selected.

SUPPORT:

This interpretation eliminates the confusion in the ISSUE by only permitting "none" where explicitly specified.

The list of elements for which "none" is acceptable was determined by examining all assignments and selections in the functional requirements in CC v2.1 and the CC Part 2 annexes, and seeing if (a) the annex indicated that "none" was an appropriate option, or (b) if an assignment or selection of "none" (or equivalent wording, such as "no action") resulted in a requirement that made sense.

The approach taken in dealing with ambiguous assignments is to place the assignments in a selection, with the null option included as the last selection. An alternative approach would have been a single assignment with "or 'none'", but the approach taken was felt to be more in line with the style of the CC.

This interpretation has an effect on all elements that contain assignments or selections. Specifically, it prohibits "none" (or equivalent) unless the option is explicit, and clarifies the use of the selection operator to indicate how multiple options may be combined. For those components drawn from the CC, it is expected that this change only codifies existing practice. Explicitly stated elements containing assignments and selections in PPs and STs should be examined to determine if "none" should be provided as an explicit option, or if there should be stated restrictions on the combinations of options in a selection.

Note: This interpretation is being applied to the CC as modified by I-0414, I-0416, and I-0417.

2003-08: The CCIMB issued the following statement regarding CCIMB-RI-0200, which corresponds to I-0407:

The CCIMB disagrees with the need to insert nested operations to include a selection of 'none' in addition to the assignment statement. Such an approach introduces unwarranted complexity when the Annex material explains when an assignment statement can be completed as 'none'. This National Interpretation partly arises from a misunderstanding of the use of the term "normative".

The interpretation suggests that the inclusion of 'none' as a selection instead of a valid assignment operation completion is because CC Part 2 annex is not as mandatory as the main text of Part 2. However, this is not the case. This is covered by the resolutions to RI-202 and RI-222.

Interpretation 202 clarifies that the use of 'none' for assignment operations is explained within the Annex material for those operations. In addition, it clarifies that 'none' as a valid selection within an operation is incorporated into the selection operations within the element and explained within the Annex material for that selection operation.

In addition, RI-222 addresses the question of the meaning of "normative".