[Public Interpretations Database]

I-0437: Applicability Of Elements Of A PP In The ST Context

 
TYPE:                 Guidance
NUMBER:               I-0437
STATUS:               Pending on: APE/ASE Rewrite
REASON:               Hold - Pending ASE/APE Rewrite

TITLE:                Applicability Of Elements Of A PP In The ST Context

SOURCE REFERENCE:     CC v2.1 Part 1 Annex B
                      CC v2.1 Part 1 Annex C
                      CC v2.1 Part 3 Subclause 4.2 APE_ENV
                      CC v2.1 Part 3 Subclause 5.5 ASE_PPC
                      CEM v1.0 Part 2 Subclause 3.4.2 APE_ENV.1
                      CEM v1.0 Part 2 Subclause 4.4.5 ASE_PPC.1
RELATED TO:           <None>

ISSUE:

Do requirements stated in a PP apply to all elements in an ST? For example, if the PP contains an element that states all audit must be at the basic level, must elements in the ST but not in the PP meet the requirement for basic audit?

STATEMENT

Requirements drawn from a PP only apply to requirements drawn from the PP, unless the PP contains statements indicating broader applicability.

SPECIFIC INTERPRETATION

Put something in APE_ENV indicating that if broad applicability is required, it should be stated in policy or threats, leading to objectives and SFRs. Further, there should be an element in ASE_PPC indicating that if broadness is an objective, then it must be true for other elements in the ST if compliance is to be met. Lastly, there should be appropriate descriptive information in Section 5 and Annex B of Part 1, and appropriate methodology in the CEM.

SUPPORT:

The following is drawn from the resolution of ccevs-od-0182, and will require editing.

The opinion of the CCEVS is that the PP/ST paradigm, in some cases (audit being one of them), should allow for a PP writer to express objectives and requirements that apply to a broad set of SFRs, some of which may not be specified directly in the PP. However this intention must be expressed in a clear, unambiguous manner in the PP objectives (and hence their associated requirements). The following "rules of application" are offered for CCEVS laboratories to consider when determining if PPs can legitimately levy audit requirements on SFRs not specificied in the PP. Although this could be broadly applicable, this decision deals explicitly with the application of audit requirements to non specified SFRs. The rule may be shown to apply to other areas, but this must be shown to be valid before a broad policy is levied on all SFRs.

Rules of Application

If PP authors wish to extend auditing requirements to include unspecified SFRs they must:

  1. Ensure that an appropriate objective is written that articulates this intent

  2. Choose a mimium level of auditing predefined by the CC (i.e., minimal, basic, detailed) to give guidance on the level of auditing for SFRs not currently specified in the PP and

  3. Explicitly identify this intent in the rationale for the objectives and requirements. Without an explicit statement of this nature, it is assumed that the PP author's intent is that the audit package explicitly identifies the SFRs that must be audited to claim compliance to the PP.

The rationale for this ruling is that the CC is supposed to offer PP/ST authors a paradigm to express their security needs. It seems reasonable, especially in the context of expressing accountability objectives, that the paradigm should be robust enough to levy requirements on "all security relevants functions" and not just a list of functions, which could become outdated (and rendered irrelevant) in a short period of time.