[Public Interpretations Database]

I-0412: Configuration Items In The Absence Of Configuration Management

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0412
STATUS:               Formally Superseded

TITLE:                Configuration Items In The Absence Of Configuration
                      Management
SUPERSEDES:
     I-0338           Configuration Items In The Absence Of Explicit Scope
SUPERSEDED BY:        
     I-0459           CM Systems May Have Varying Degrees Of Rigor And Function

EFFECTIVE:            2001-06-22
SUPERSEDED:           2003-05-09

SOURCE REFERENCE:     CC v2.1 Part 3 Subclause 8.2 ACM_CAP
                      CC v2.1 Part 3 Subclause 8.2 ACM_CAP.2
RELATED TO:
     I-0338           Configuration Items In The Absence Of Explicit Scope

ISSUE:

The content and presentation of evidence elements introduced at ACM_CAP.2 all deal with uniquely identifying all items that make up the TOE and having their descriptions in a configuration list. This configuration list is contained in the CM documentation, which is required by ACM_CAP.2.3D. However, there are no requirements that formal configuration management (as is implied by the term "CM System") be performed on any of these items. Hence, the use of the term "CM system" creates confusion.

STATEMENT

ACM_CAP.2 does not require the presence of a CM system.

RECOMMENDED CRITERIA CHANGES

To address this intepretation, the following changes are made to CC v2.1 Part 3:

  • Delete ACM_CAP.2.2D.

  • Replace ACM_CAP.2.6C with the following (additions shown thusly; deletions shown thusly):

    ACM_CAP.2.6C-NIAP-0412 The CM system configuration list shall uniquely identify all configuration items.

Additionally, the following change is made to the Part 2, Subclause 8.2, Paragraph 254 (additions shown thusly; deletions shown thusly):

ACM_CAP.2.6C ACM_CAP.2.6C-NIAP-0412 introduces a requirement that the CM system configuration list uniquely identify all configuration items. This also requires that modifications to configuration items result in a new, unique identifier being assigned.

FURTHER CONSIDERATIONS:

As this makes changes to components included in EAL1 through EAL4, the CEM must be examined to determine if these changes impact the v1.0 wording. The CEM also must be updated to reflect the replaced element names, and to remove work units for deleted elements.

SUPPORT:

The use of the term "CM system" in ACM_CAP.2 implies a dependence upon a formal CM system. However, there is no requirement for such a system at ACM_CAP.2, as confirmed by the Common Evaluation Methodology v1.0 Part 2. In the methodology for ACM_CAP.2, the CEM does not impose any evaluator actions with respect to verifying use or presence of a CM system. In fact, the EAL2 work unit for ACM_CAP.2.6C (the only content and presentation of evidence element to refer to a CM system) requires a check only on the configuration list, not the CM system.

The requirements of the CEM lead to the conclusion that the goal of ACM_CAP.2 is to ensure that an unambiguous list of all configuration items that comprise the TOE be maintained, but not that there necessarily be a full blown CM system in place to manage changes to those components. This interpretation adjusts the wording of ACM_CAP.2 to clarify this intent.