[Public Interpretations Database]

I-0417: Association Of Information Flow Attributes W/Subjects And Information

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0417
STATUS:               Formally Superseded

TITLE:                Association Of Information Flow Attributes W/Subjects And
                      Information
SUPERSEDES:
     I-0354           Association Of Information Flow Attributes W/Subjects And Information
SUPERSEDED BY:        
     CCIMB-INTERP-0104

EFFECTIVE:            2000-12-11
SUPERSEDED:           2003-07-15

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 6.6 FDP_IFF.1.1
                      CC v2.1 Part 2 Subclause 6.6 FDP_IFF.2.1
                      CC v2.1 Part 2 Subclause F.6 FDP_IFF
RELATED TO:
     I-0353           Association Of Access Control Attributes With Subjects And Objects
     I-0354           Association Of Information Flow Attributes W/Subjects And Information
     I-0416           Association Of Access Control Attributes With Subjects And Objects
CCIMB ENTRY:          CCIMB-INTERP-0104

ISSUE:

The Common Criteria does not currently provide functional requirements for identifying the clear association of controlled entities (subjects, information) with relevant security attributes. The existing FDP_IFF family provides only for a simple list of security attributes, without the ability to describe the required association to controlled entities.

STATEMENT

The CC is modified so that the statement of Information Flow Control Policy provides a clear association of controlled entities (subjects, information) with relevant security attributes.

RECOMMENDED CRITERIA CHANGES

To address this interpretation, the following changes are made to CC v2.1: (additions marked thusly; deletions marked thusly):

  • The FDP_IFF.1 component is relabeled as FDP_IFF.1-NIAP-0417. Unless otherwise noted in these changes, all normative and informative material associated with FDP_IFF.1 is incorporated unchanged into FDP_IFF.1-NIAP-0417, and all references to FDP_IFF.1 in the CC, CEM, or other Common Criteria documentation is changed to refer to FDP_IFF.1-NIAP-0417.

  • The FDP_IFF.1.1 element is replaced with FDP_IFF.1.1-NIAP-0417, as follows:

    FDP_IFF.1.1-NIAP-0417: The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: the minimum number and type of security attributes list of subjects and information controlled under the indicated SFP, and for each, the SFP-relevant security attributes]

  • The FDP_IFF.2 component is relabeled as FDP_IFF.2-NIAP-0417. Unless otherwise noted in these changes, all normative and informative material associated with FDP_IFF.2 is incorporated unchanged into FDP_IFF.2-NIAP-0417, and all references to FDP_IFF.2 in the CC, CEM, or other Common Criteria documentation is changed to refer to FDP_IFF.2-NIAP-0417.

  • The FDP_IFF.2.1 element is replaced with FDP_IFF.2.1-NIAP-0417, as follows:

    FDP_IFF.2.1-NIAP-0417: The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: the minimum number and type of security attributes list of subjects and information controlled under the indicated SFP, and for each, the SFP-relevant security attributes]

  • Part 2, Subclause F.6, paragraph 810 is replaced by:

    In FDP_IFF.1.1-NIAP-0417, the PP/ST author should specify the minimum number and types of security attributes that the function will use in specify, for each type of controlled subject and information, the security attributes that are relevant to the specification of the SFP rules. For example, such security attributes may be things such the subject identifier, subject sensitivity label, subject clearance label, information sensitivity label, etc. The minimum number of each type types of security attributes should be sufficient to support the environmental needs.

  • Part 2, Subclause F.6, paragraph 822 is replaced by:

    In FDP_IFF.2.1-NIAP-0417, the PP/ST should specify the minimum number and types of security attributes that the function will use in specify, for each type of controlled subject and information, the security attributes that are relevant to the specification of the SFP rules. For example, such security attributes may be things such the subject identifier, subject sensitivity label, subject clearance label, information sensitivity label, etc. The minimum number of each type types of security attributes should be sufficient to support the environmental needs.

SUPPORT:

This interpretation makes it clear that an appropriate assignment is one that provides, for each controlled entity, the SFP-relevant security attributes of that entity. This might be provided as a two column table: one column is the controlled entity (subject, information), the other is a list of SFP-relevant security attributes for that controlled entity.

Note: This interpretation is superseding a previously-approved formal interpretation primarily to reflect modifications to the interpretation format. The intent of the interpretation has not been changed, although some specifics of the criteria changes or the support may have been clarified or corrected.