I-0418: Evaluation Of The TOE Summary Specification: Part 1 Vs Part 3

TYPE:                 NIAP Interpretation
NUMBER:               I-0418
STATUS:               Approved, Acceptable to CCIMB, CCIMB Interpretation
                      Pending

TITLE:                Evaluation Of The TOE Summary Specification: Part 1 Vs
                      Part 3
SUPERSEDES:
     I-0355           Evaluation Of The TOE Summary Specification: Part 1 Vs Part 3

EFFECTIVE:            2000-12-05

SOURCE REFERENCE:     CC v2.1 Part 1 Subclause C.2.9
                      CC v2.1 Part 3 Subclause 5.8 ASE_TSS
RELATED TO:
     I-0355           Evaluation Of The TOE Summary Specification: Part 1 Vs Part 3
CCIMB ENTRY:          CCIMB-INTERP-0105,CCIMB-INTERP-0030,CCIMB-INTERP-0215

ISSUE:

STATEMENT

RECOMMENDED CRITERIA CHANGES

[Note: The changes stated below are ADVISORY ONLY, and represent one approach to addressing the guidance in the statement. Other approaches that achieve the same goal are acceptable.]

To address this interpretation, the following changes are made to CC v2.1, Part 3:

• ASE_TSS.1 is relabeled as ASE_TSS.1-NIAP-0418. Unless otherwise noted in these changes, all normative and informative material associated with ASE_TSS.1 is incorporated unchanged into ASE_TSS.1-NIAP-0418, and all references to ASE_TSS.1 in the CC, CEM, or other Common Criteria documentation is changed to refer to ASE_TSS.1-NIAP-0418.

• The following elements are added to ASE_TSS.1-NIAP-0418 in order to bring it into agreement with Part 1, Subclause C.2.9:

  ASE_TSS.1.NIAP-0418-1C: The TOE summary specification shall demonstrate that the strength of TOE function claims made are valid, or demonstrate that assertions that such claims are unnecessary are valid.

  ASE_TSS.1.NIAP-0418-2C: The TOE summary specification rationale shall be presented at a level of detail that matches the level of detail of the definition of security functions.

FURTHER CONSIDERATIONS:

SUPPORT:

c) The TOE summary specification rationale shall show that the TOE security functions and assurance measures are suitable to meet the TOE security requirements.

The following shall be demonstrated:

1) that the combination of specified TOE IT security functions work together so as to satisfy the TOE security functional requirements;

2) that the strength of TOE function claims made are valid, or that assertions that such claims are unnecessary are valid.

3) that the claim is justified that the stated assurance measures are compliant with the assurance requirements.

The statement of rationale shall be presented at a level of detail that matches the level of detail of the definition of the security functions.

The first sentence of C.2.9 "c)" is verbatim in ASE_TSS.1.5C. Item 1 is stated in ASE_TSS.1.6C. Item 2 doesn't appear in ASE_TSS. Item 3 appears in ASE_TSS.1.8C. The last paragraph of C.2.9 "c)" is not addressed in ASE_TSS.

Thus, there are two portions of Part 1 that are not addressed in Part 3: C.2.9 "c)2)" and the second paragraph of C.2.9 "c)".

This interpretation brings the Part 3 requirements on the TOE Summary Specification into agreement with the Part 1 normative material.

Note: This interpretation is superseding a previously-approved formal interpretation primarily to reflect modifications to the interpretation format. The intent of the interpretation has not been changed, although some specifics of the criteria changes or the support may have been clarified or corrected.

On October 24, 2003, the CCIMB released the following statement regarding RI 105 (which corresponds to I-0418):

The CCIMB agrees that there are some inconsistencies between the Part 3 criteria for ASE/APE and the Part 1 Annex material describing the contents of the ST and PP. A resolution to these inconsistencies will be included in the ASE/APE rewrite.

In the meantime, the use of this national interpretation will not impact recognition of results based on that interpretation, as far as can be determined in the abscense of methodology.