![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0456: Regularization Of The Term "Hierarchical"
TYPE: NIAP Interpretation
NUMBER: I-0456
STATUS: Pending Assignment
TITLE: Regularization Of The Term "Hierarchical"
SOURCE REFERENCE: CC v2.1 Part 1 Subclause 4.4.1.3
CC v2.1 Part 2 Subclause 2.1.2.3
CC v2.1 Part 3 Subclause 2.2
RELATED TO: <None>
ISSUE:
The CC is inconsistent in its use of the term "hiearchical", and some components don't meet the hierarical test.For example, Part 1, Subclause 4.4.1.3, Para 144 states:
A component describes a specific set of security requirements and is the smallest selectable set of security requirements for inclusion in the structures defined in the CC. The set of components within a family may be ordered to represent increasing strength or capability of security requirements that share a common purpose. They may also be partially ordered to represent related non-hierarchical sets. In some instances, there is only one component in a family so ordering is not applicable.
For example, Part 2, Section 2.1.2.3, Para. 52 says:
The relationships between components within a functional family may or may not be hierarchical. A component is hierarchical to another if it offers more security.
For example, Part 3, Section 2.2, Para 66 says:
In Figure 2.5, above, the class as shown contains a single family. The family contains three components that are linearly hierarchical (i.e. component 2 requires more than component 1, in terms of specific actions, specific evidence, or rigour of the actions or evidence). The assurance families in this Part 3 are all linearly hierarchical, although linearity is not a mandatory criterion for assurance families that may be added in the future.