![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0429: Selecting One Or More
TYPE: Guidance
NUMBER: I-0429
STATUS: Approved, Acceptable to CCIMB, No CCIMB Interpretation
TITLE: Selecting One Or More
EFFECTIVE: 2002-01-04
SOURCE REFERENCE: CC v2.1 Part 1 Subclause 4.4.1
CC v2.1 Part 2 Subclause 3.2 FAU_GEN.1
CC v2.1 Part 2 Subclause 3.6 FAU_STG.1
CC v2.1 Part 2 Subclause 3.6 FAU_STG.2
CC v2.1 Part 2 Subclause 3.6 FAU_STG.4-NIAP-0387
CC v2.1 Part 2 Subclause 3.NIAP-0414 FAU_STG.NIAP-0414-1
CC v2.1 Part 2 Subclause 8.2 FMT_MSA.3
CC v2.1 Part 2 Subclause 9.2 FPR_PSE.1
CC v2.1 Part 2 Subclause 9.2 FPR_PSE.2
CC v2.1 Part 2 Subclause 9.2 FPR_PSE.3
CC v2.1 Part 2 Subclause C.2 FAU_GEN.1
CC v2.1 Part 2 Subclause C.6 FAU_STG.1
CC v2.1 Part 2 Subclause C.6 FAU_STG.2
CC v2.1 Part 2 Subclause C.6 FAU_STG.4-NIAP-0387
CC v2.1 Part 2 Subclause H.2 FMT_MSA.3
CC v2.1 Part 2 Subclause I.2 FPR_PSE.1
CC v2.1 Part 2 Subclause I.2 FPR_PSE.2
CC v2.1 Part 2 Subclause I.2 FPR_PSE.3
RELATED TO:
I-0407 Empty Selections Or Assignments
I-0422 Clarification Of ``Audit Records''
I-0409 Other Properties In FMT_MSA.3 Should Be Specified By Assignment
CCIMB ENTRY: CCIMB-INTERP-0202
ISSUE:
It is unclear if, in a selection operation, selection of multiple items is permissible.STATEMENT
Unless otherwise stated, multiple items in a selection may be selected. Cases where only a specific number of items may be selected must be explicit.SPECIFIC INTERPRETATION
[Note: The changes stated below are ADVISORY ONLY, and represent one approach to addressing the guidance in the statement. Other approaches that achieve the same goal are acceptable.]
To address this interpretation, the following changes are made to CC v2.1,
Part 1: (additions marked
thusly; deletions marked
thusly)
- Make the following changes to the paragraph added by I-0407, which was
inserted before paragraph 149 in CC v2.1 Part 1:
Lists used to complete assignments must be non-empty. "None" (or equivalent wording) is only available as a choice if it is explicitly provided; furthermore, if the "none" option is chosen, no additional selection options may be chosen. If "none" is not given as an option in a selection, it is permissible to combine the choices in a selection with "and"s and "or"s. unless the selection explicitly states "choose one of" (or equivalent wording).
To address this interpretation, the following changes are made to CC v2.1,
Part 2: (additions marked
thusly; deletions marked
thusly)
- FAU_GEN.1-NIAP-0407 is relabeled as FAU_GEN.1-NIAP-0429. Unless otherwise noted in these changes, all normative and informative material associated with FAU_GEN.1-NIAP-0407 is incorporated unchanged into FAU_GEN.1-NIAP-0429, and all references to FAU_GEN.1-NIAP-0407 in the CC, CEM, or other Common Criteria documentation are changed to refer to FAU_GEN.1-NIAP-0429.
-
Subclause 3.2, FAU_GEN.1-NIAP-0429 is modified as follows:
FAU_GEN.1.1-NIAP-
04070429 The TSF shall be able to generate an audit record of the following auditable events:a) Start-up and shutdown of the audit functions;
b) All auditable events for the [selection: choose one of: minimum, basic, detailed, not specified] level of audit; and
c) [selection: [assignment: other specifically defined auditable events], "no additional events"].
- Subclause C.2, paragraph 567, is modified as follows:
For FAU_GEN.1.1-NIAP-0429b, the PP/ST author should select the level of auditable events called out in the audit section of other functional components included in the PP/ST. This level
could beis one of the following: "minimum", "basic", "detailed" or "not specified".If "not specified" is selected, the PP/ ST author should fill in all desired auditable events in FAU_GEN.1.1c, and this part of the element (item b) can be removed entirely. - FAU_STG.1-NIAP-0422 is relabeled as FAU_STG.1-NIAP-0429. Unless otherwise noted in these changes, all normative and informative material associated with FAU_STG.1-NIAP-0422 is incorporated unchanged into FAU_STG.1-NIAP-0429, and all references to FAU_STG.1-NIAP-0422 in the CC, CEM, or other Common Criteria documentation are changed to refer to FAU_STG.1-NIAP-0429.
-
Subclause 3.6, FAU_STG.1-NIAP-0429 is modified as follows:
FAU_STG.1.2-NIAP-
04220429 The TSF shall be able to [selection: choose one of: prevent, detect] modifications to the audit records in the audit trail. - Subclause C.6, paragraph 629, is modified as follows:
In FAU_STG.1.2-NIAP-
04220429, the PP/ST author should specify whether the TSF shall prevent or only be able to detect modifications of the audit trail. Only one of these options may be chosen. - FAU_STG.2-NIAP-0422 is relabeled as FAU_STG.2-NIAP-0429. Unless otherwise noted in these changes, all normative and informative material associated with FAU_STG.2-NIAP-0422 is incorporated unchanged into FAU_STG.2-NIAP-0429, and all references to FAU_STG.2-NIAP-0422 in the CC, CEM, or other Common Criteria documentation are changed to refer to FAU_STG.2-NIAP-0429.
-
Subclause 3.6, FAU_STG.2-NIAP-0429 is modified as follows:
FAU_STG.2.2-NIAP-
04220429 The TSF shall be able to [selection: choose one of: prevent, detect] modifications to the audit records in the audit trail. - Subclause C.6, paragraph 632, is modified as follows:
In FAU_STG.2.2-NIAP-
04220429, the PP/ST author should specify whether the TSF shall prevent or only be able to detect modifications of the audit trail. Only one of these options may be chosen. - FAU_STG.4-NIAP-0387 is relabeled as FAU_STG.4-NIAP-0429. Unless otherwise noted in these changes, all normative and informative material associated with FAU_STG.4-NIAP-0387 is incorporated unchanged into FAU_STG.4-NIAP-0429, and all references to FAU_STG.4-NIAP-0387 in the CC, CEM, or other Common Criteria documentation are changed to refer to FAU_STG.4-NIAP-0429.
-
Subclause 3.6, FAU_STG.4-NIAP-0429 is modified as follows:
FAU_STG.4.1-NIAP-
03870429 The TSF shall [selection: choose one of: "ignore auditable events", "prevent auditable events, except those taken by the authorised user with special rights", "overwrite the oldest stored audit records"] and [assignment: other actions to be taken in case of audit storage failure] if the audit trail is full. -
Subclause C.6, FAU_STG.4-NIAP-0429, paragraph 639 is modified as follows:
In FAU_STG.4.1, the PP/ST author should select whether the TSF shall ignore auditable actions, or whether it should prevent auditable actions from happening, or whether the oldest audit records should be overwritten when the TSF can no longer store audit records. Only one of these may be chosen for automatic action by the TSF, as choosing more than one would create a contradiction.
- FAU_STG.NIAP-0414-1 is relabeled as FAU_STG.NIAP-0414-1-NIAP-0429. Unless otherwise noted in these changes, all normative and informative material associated with FAU_STG.NIAP-0414-1 is incorporated unchanged into FAU_STG.NIAP-0414-1-NIAP-0429, and all references to FAU_STG.NIAP-0414-1 in the CC, CEM, or other Common Criteria documentation are changed to refer to FAU_STG.NIAP-0414-1-NIAP-0429.
-
Subclause 3.NIAP-0414, FAU_STG.NIAP-0414-1-NIAP-0429 is modified as follows:
FAU_STG.NIAP-0414-1.2-NIAP-0429 The TSF shall [selection: choose one of: "ignore auditable events", "prevent auditable events, except those taken by the authorised user with special rights", "overwrite the oldest stored audit records"] and [assignment: other actions to be taken in case of audit storage failure] if the audit trail is full.
- FMT_MSA.3.NIAP-0409 is relabeled as FMT_MSA.3-NIAP-0429. Unless otherwise noted in these changes, all normative and informative material associated with FMT_MSA.3-NIAP-0409 is incorporated unchanged into FMT_MSA.3-NIAP-0429, and all references to FMT_MSA.3-NIAP-0409 in the CC, CEM, or other Common Criteria documentation are changed to refer to FMT_MSA.3-NIAP-0429.
-
Subclause 8.2, FMT_MSA.3-NIAP-0409 is modified as follows:
FMT_MSA.3.1-NIAP-0409 The TSF shall enforce the [assignment: access control SFP, information flow control SFP] to provide [selection: choose one of: restrictive, permissive, [assignment: other property]] default values for security attributes that are used to enforce the SFP.
-
Subclause H.2, FMT_MSA.3-NIAP-0409 is modified as follows:
Selection:
In FMT_MSA.3.1-NIAP-
04090429, the PP/ST author should select whether the default property of the access control attribute will be restrictive, permissive, or another property. Only one choice is permitted. - FPR_PSE.1 is relabeled as FPR_PSE.1-NIAP-0429. Unless otherwise noted in these changes, all normative and informative material associated with FPR_PSE.1 is incorporated unchanged into FPR_PSE.1-NIAP-0429, and all references to FPR_PSE.1 in the CC, CEM, or other Common Criteria documentation is changed to refer to FPR_PSE.1-NIAP-0429.
- Subclause 9.2, FPR_PSE.1, element FPR_PSE.1.3 is modified as follows:
FPR_PSE.1-NIAP-0429.3 The TSF shall [selection: choose one of: determine an alias for a user, accept the alias from the user] and verify that it conforms to the [assignment: alias metric].
- Subclause I.2, FPR_PSE.1, paragraph 1110, is modified as follows:
In FPR_PSE.1-NIAP-0429.3 the PP/ST author should specify whether the user alias is generated by the TSF, or supplied by the user. Only one of these options may be chosen.
- FPR_PSE.2 is relabeled as FPR_PSE.2-NIAP-0429. Unless otherwise noted in these changes, all normative and informative material associated with FPR_PSE.2 is incorporated unchanged into FPR_PSE.2-NIAP-0429, and all references to FPR_PSE.2 in the CC, CEM, or other Common Criteria documentation is changed to refer to FPR_PSE.2-NIAP-0429.
- Subclause 9.2, FPR_PSE.2, element FPR_PSE.2.3 is modified as follows:
FPR_PSE.2-NIAP-0429.3 The TSF shall [selection: choose one of: determine an alias for a user, accept the alias from the user] and verify that it conforms to the [assignment: alias metric].
- Subclause I.2, FPR_PSE.2, paragraph 1118, is modified as follows:
In FPR_PSE.2-NIAP-0429.3 the PP/ST author should specify whether the user alias is generated by the TSF, or supplied by the user. Only one of these options may be chosen.
- FPR_PSE.3 is relabeled as FPR_PSE.3-NIAP-0429. Unless otherwise noted in these changes, all normative and informative material associated with FPR_PSE.3 is incorporated unchanged into FPR_PSE.3-NIAP-0429, and all references to FPR_PSE.3 in the CC, CEM, or other Common Criteria documentation is changed to refer to FPR_PSE.3-NIAP-0429.
- Subclause 9.2, FPR_PSE.3, element FPR_PSE.3.3 is modified as follows:
FPR_PSE.3-NIAP-0429.3 The TSF shall [selection: choose one of: determine an alias for a user, accept the alias from the user] and verify that it conforms to the [assignment: alias metric].
- Subclause I.2, FPR_PSE.3, paragraph 1129, is modified as follows:
In FPR_PSE.3-NIAP-0429.3 the PP/ST author should specify whether the user alias is generated by the TSF, or supplied by the user. Only one of these options may be chosen.
SUPPORT:
This interpretation makes it clear that more than one selection from a selection list may be made, unless it is expressly prohibited. It also clarifies those selection lists where selecting multiple options would introduce an internal contradiction.This queue entry also removes a clause from FAU_GEN that complicates evaluation by eliminating original text when a particular selection option is chosen (for if the text is eliminated, it is unclear to the evaluator if the clause was accidentally omitted, or intentionally removed).
2003-07: The CCIMB issued a statement that said:
The CCIMB saw no need to adopt this national interpretation. However, use of this national interpretation will not adversely affect mutual recognition.This National Interpretation arises from a misunderstanding of the use of the term "normative". The interpretation seeks to make the contents of the CC Part 2 annex as mandatory as the main text of Part 2; however, such is already the case.
RI-222 addresses the question of the meaning of "normative".