![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0435: Evaluation Of An ST Compliant With A Previously Evaluated PP
TYPE: NIAP Interpretation
NUMBER: I-0435
STATUS: Pending on: APE/ASE Rewrite
REASON: Hold - Pending ASE/APE Rewrite
TITLE: Evaluation Of An ST Compliant With A Previously Evaluated
PP
RELATED TO:
I-0436 Compliance Claims Against A Flawed PP
ISSUE:
When doing an evaluation of an ST that claims compliance with a previously evaluated PP, how much work of the PP evaluation must be redone? Should be PP evaluation be accepted without question?STATEMENT
The evaluation of an ST, which claims compliance with an evaluated PP, should be treated as a 'delta' evaluation to the PP evaluation. Work done for the PP evaluation should not be repeated for the ST evaluation. Instead, the ST evaluation should focus on what is different from the PP to ST.RECOMMENDED CRITERIA CHANGES
TBD, as well as the specific changes.
SUPPORT:
For example, the added sections of PP claims, TOE summary specification, and associated rationale are the primary objects of an ST evaluation. In addition any operations completed in the ST, refinements added in the ST, or other changes to any section of the PP are properly the subject of the ST evaluation.Not within scope of ST evaluation are portions unchanged from the evaluated PP. Portions of the ST that are unchanged from the evaluated PP should not be re-evaluated as part of the ST evaluation. The fact that the PP and ST are the same and that the PP was evaluated is sufficient.
The PP and its rational are sufficient information for the ST evaluation. The specific PP evaluation results and evaluation background material are, except as indicated below, not necessary for the ST evaluation.
The ST evaluator, in the course of valid ST evaluation activities, might uncover an error in the evaluated PP. The ST must attempt to correct any such errors that impact claimed security capabilities. Errors that do not impact security claims do not need to be corrected in the ST. An example of the latter would be a PP error related to an incomplete rationale for what appears to be a correct hypothesis. An ST that is unchanged with respect to what the incomplete PP rationale covers need not make up deficiencies in the PP rationale.
When a PP error has been uncovered, PP evaluation information is still not needed, unless there is the realistic possibility that the ST evaluator is incorrect and the PP evaluation information could confirm that the PP is not flawed.