CCEVS Public Interpretations Database: CCEVS Public Interpretation Database by Short CC Reference

CCEVS Public Interpretation Database by Short CC Reference

Quickfinder:

acm_cap	adv_fsp	adv_hld	ama_amp	ape_obj
ape_req	ase_ppc	ase_req	ase_sre	ase_tss
ava_msu	cc_cem	class_adv	class_agd	class_ama
class_ape	class_ase	class_ate	class_fdp	class_fmt
class_fpt	fau_gen	fau_sar	fau_stg	fdp_acf
fdp_iff	fdp_rip	fia_afl	fia_uau	fia_uid
fia_usb	fmt_msa	fmt_rev	fmt_smr	fpt_amt
fpt_php	fpt_rcv	fpt_rvm	fpt_sep	ftp_itc
part_1	part_2	part_3

Index:

Configuration Management Capabilities (acm_cap)
- I-0338: ~~Configuration Items In The Absence Of Explicit Scope~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0412 on 2001-06-22)
- I-0390: ~~Clarification Of Implied Evaluation Actions For CM~~
  (Withdrawn on 2003-02-11)
- I-0412: ~~Configuration Items In The Absence Of Configuration Management~~
  (Approved by CCEVS Management on 2001-06-22; superseded by 0459 on 2003-05-09)
- I-0459: CM Systems May Have Varying Degrees Of Rigor And Function
  (Approved, Acceptable to CCIMB, CCIMB Interpretation Pending on 2003-07-17)
- I-0473: Ability To Obtain The Unique Identifier Of The TOE
  (Sent to CCEVS Management and CCIMB for Review on 2004-05-06)
- I-0474: ~~Do ACM And ALC Apply To The TOE Or The TSF?~~
  (Pending on: ALC/ADO/AGD Rewrite on 2004-05-07)
Functional Specification (adv_fsp)
- I-0408: ~~FSP Evaluation Must Consider The Whole TSP~~
  (Pending on: ADV Rewrite on 2004-05-07)
High-level Design (adv_hld)
- I-0384: ~~Subsystems Interfaces Are Described At A High Level~~
  (Pending on: ADV Rewrite on 2004-05-07)
- I-0386: ~~High Level Design Is Too Close To Implementation~~
  (Pending on: ADV Rewrite on 2004-05-07)
- I-0391: ~~Missing Mapping: IT Environment Requirements And High-Level Design~~
  (Withdrawn on 2003-05-12)
Assurance Maintenance Plan (ama_amp)
- I-0399: ~~Flaw Remediation Is Independent Of Maintenance Of Assurance~~
  (Tabled on 2000-07-12)
- I-0401: ~~Clarify Use Of Component Categorization Report~~
  (Withdrawn on 2004-05-06)
- I-0402: ~~Identification Of The Certified Version~~
  (Withdrawn on 2004-05-06)
Protection Profile, Security Objectives (ape_obj)
- I-0398: ~~Assumptions, Objectives, And Environmental Requirements~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
Protection Profile, IT Security Requirements (ape_req)
- I-0361: ~~"Reference" Refers To A Citation Of The Text Source~~
  (Withdrawn on 2000-03-21)
- I-0385: ~~Identification Of Standards~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0427 on 2001-06-22)
- I-0405: American English Is An Acceptable Refinement
  (Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-08-01)
- I-0427: Identification Of Standards
  (Approved by CCEVS Management and Mailed to Public Mailing List on 2001-06-22)
- I-0430: ~~When Are SOF Claims Required?~~
  (Withdrawn on 2002-03-12)
- I-0448: ~~Required Level Of Detail For Environmental Requirements~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
Security Target, PP Claims (ase_ppc)
- I-0378: Meaning Of Compliance Claims
  (In CCIMB RI Queue on 2003-05-15)
- I-0383: ~~Content Of PP Claims Rationale~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0426 on 2000-12-05)
- I-0426: Content Of PP Claims Rationale
  (Approved, Acceptable to CCIMB, CCIMB Interpretation Pending on 2003-07-17)
- I-0435: ~~Evaluation Of An ST Compliant With A Previously Evaluated PP~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
- I-0436: Compliance Claims Against A Flawed PP
  (Sent to CCEVS Management and CCIMB for Review on 2003-08-01)
- I-0439: ~~PP Compliance And Hierarchical Components~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
Security Target, IT Security Requirements (ase_req)
- I-0394: ~~Iteration Must Cover All Scopes~~
  (Approved by CCEVS Management on 2000-12-20; superseded by CCIMB-INTERP-0019 on 2002-03-12)
Security Target, Explicitly Stated IT Security Requirements (ase_sre)
- I-0428: ~~National Interpretations Do Not Require SRE Evaluation~~
  (Withdrawn on 2004-05-06)
Security Target, TOE Summary Specification (ase_tss)
- I-0355: ~~Evaluation Of The TOE Summary Specification: Part 1 Vs Part 3~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0418 on 2000-12-05)
- I-0418: Evaluation Of The TOE Summary Specification: Part 1 Vs Part 3
  (Approved, Acceptable to CCIMB, CCIMB Interpretation Pending on 2003-11-11)
- I-0447: ~~Level Of Detail For The TSS~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
Misuse (ava_msu)
- I-0392: AVA_MSU Does Not Mandate Extra Functions In The TOE
  (Sent to CCEVS Management and CCIMB for Review on 2003-03-12)
Entire CC and CEM (cc_cem)
- I-0443: ~~Minor (Non-Substantive) Corrections To The CC And CEM~~
  (Withdrawn on 2004-11-03)
- I-0446: ~~CEM For Either No SEP Or No RVM~~
  (Withdrawn on 2004-05-06)
- I-0449: ~~Flexibility In Meeting Requirements~~
  (Withdrawn on 2003-05-12)
- I-0453: TSF And Support Code
  (External Post in Interpretations Board Rework on 2004-05-06)
- I-0458: ~~Part 1/Part 3 Disconnect: How Something Is Implemented~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
- I-0460: ~~Empty Selections Or Assignments/One Or More~~
  (Withdrawn on 2004-02-24)
- I-0461: Definition Of TSF: Relied Upon For The Correct Enforcement
  (Sent to CCEVS Management and CCIMB for Review on 2003-08-01)
- I-0462: ~~What Is A TSP?~~
  (Withdrawn on 2004-05-06)
- I-0464: Conditional Requirements
  (Submitted as Request for Interpretation/Editorial Observation to CCIMB on 2004-05-06)
- I-0466: ~~What Is The Difference Between TSF And TOE?~~
  (Pending on: ADV Rewrite on 2004-05-07)
- I-0467: Can Guidance Documentation Meet TSF Requirements?
  (Sent to CCEVS Management and CCIMB for Review on 2003-08-01)
Development (class_adv)
- I-0433: Design Abstractions For Non-IT Mechanisms
  (Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
- I-0445: ~~ADV Class Inadequate~~
  (Pending on: ADV Rewrite on 2004-05-07)
- I-0450: ~~Appropriate Levels Of Decomposition~~
  (Pending on: ADV Rewrite on 2004-05-07)
- I-0457: ~~Interfaces To Be Examined For ADV_FSP~~
  (Withdrawn on 2004-02-24)
Guidance Documents (class_agd)
- I-0403: ~~Guidance Refinements Must Be Tracable To Objectives~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
- I-0438: ~~Lack Of Integration Guidance~~
  (Tabled on 2002-01-14)
Maintenance of Assurance (class_ama)
- I-0400: ~~Focus Is On Content, Not Structure, For AMA~~
  (Withdrawn on 2004-05-06)
Protection Profile Evaluation (class_ape)
- I-0365: ~~Broad Consistency And Coherency Of Application Notes In A PP~~
  (Tabled on 1999-12-17)
- I-0444: ~~PP Conformance Claims To The CC~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
Security Target Evaluation (class_ase)
- I-0396: ~~Application Notes Are Permitted In Security Targets~~
  (Withdrawn on 2000-06-06)
Tests (class_ate)
- I-0468: Must Test Setup And Cleanup Code Run Unprivileged?
  (Sent to CCEVS Management and CCIMB for Review on 2004-11-09)
User Data Protection (class_fdp)
- I-0363: ~~Attribute Inheritance/Modification Rules Need To Be Included In Policy~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0420 on 2002-08-22)
- I-0420: Attribute Inheritance/Modification Rules Need To Be Included In Policy
  (Approved by CCEVS Management and Mailed to Public Mailing List on 2002-08-22)
- I-0432: List Of Subjects And Objects Refers To Types Thereof
  (Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2004-01-30)
- I-0451: When To Use IFF/IFC And ACF/ACC
  (Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
Security Management (class_fmt)
- I-0369: ~~Security Management Functions To Be Provided Must Be Enumerated~~
  (Withdrawn on 2001-08-28)
Protection of the TSF (class_fpt)
- I-0469: What Does "Initial Startup" Mean For FPT_AMT And FPT_TST?
  (Sent to CCEVS Management and CCIMB for Review on 2004-11-09)
Security Audit Data Generation (fau_gen)
- I-0410: Auditing Of Subject Identity For Unsuccessful Logins
  (Approved by CCEVS Management and Mailed to Public Mailing List on 2002-01-04)
Security Audit Review (fau_sar)
- I-0388: What Is The Difference Between "Sort" And "Order"?
  (Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
Security Audit Event Storage (fau_stg)
- I-0348: ~~Audit Data Loss Prevention Method May Be Site-Selectable~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0414 on 2002-03-11)
- I-0370: ~~Clarification Of ``Audit Records''~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0422 on 2000-12-05)
- I-0371: ~~Some Modifications To The Audit Trail Are Authorized~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0423 on 2000-12-11)
- I-0372: ~~Audit Records Must Be Protected At All Times~~
  (Withdrawn on 2001-11-15)
- I-0387: Auditing Of Audit Storage Failures
  (Ready to Send to Management/CCIMB on 2005-02-04)
- I-0414: Site-Configurable Prevention Of Audit Loss
  (Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-07-17)
- I-0422: Clarification Of ``Audit Records''
  (Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-07-17)
- I-0423: ~~Some Modifications To The Audit Trail Are Authorized~~
  (Approved by CCEVS Management on 2000-12-11; superseded by CCIMB-INTERP-0141 on 2003-07-15)
- I-0481: ~~Ignoring Events Is Incompatible With Preventing Audit Loss~~
  (Withdrawn on 2005-02-04)
Access Control Functions (fdp_acf)
- I-0353: ~~Association Of Access Control Attributes With Subjects And Objects~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0416 on 2000-12-05)
- I-0416: ~~Association Of Access Control Attributes With Subjects And Objects~~
  (Approved by CCEVS Management on 2000-12-05; superseded by CCIMB-INTERP-0103 on 2003-07-15)
Information Flow Control Functions (fdp_iff)
- I-0354: ~~Association Of Information Flow Attributes W/Subjects And Information~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0417 on 2000-12-11)
- I-0417: ~~Association Of Information Flow Attributes W/Subjects And Information~~
  (Approved by CCEVS Management on 2000-12-11; superseded by CCIMB-INTERP-0104 on 2003-07-15)
- I-0472: Correction Of Definition Of Lattice
  (Sent to CCEVS Management and CCIMB for Review on 2004-01-12)
Residual Information Protection (fdp_rip)
- I-0350: Clarification Of Resources/Objects For Residual Information Protection
  (Approved by CCEVS Management and Mailed to Public Mailing List on 2002-03-04)
- I-0356: FDP_RIP Annex: Reuse Of Subject Data Notes
  (Sent to CCEVS Management and CCIMB for Review on 2003-03-12)
- I-0471: Objects In The TOE
  (Ready to Send to Management/CCIMB on 2005-02-04)
Authentication Failures (fia_afl)
- I-0377: ~~Settable Failure Limits Are Permitted~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0425 on 2000-12-05)
- I-0425: ~~Settable Failure Limits Are Permitted~~
  (Approved by CCEVS Management on 2000-12-05; superseded by CCIMB-INTERP-0111 on 2003-10-31)
User Authentication (fia_uau)
- I-0375: Elements Requiring Authentication Mechanism
  (Approved by CCEVS Management and Mailed to Public Mailing List on 2001-03-15)
- I-0440: Clarification Of Detection/Prevention For FIA_UAU.3
  (Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
User Identification (fia_uid)
- I-0347: Including Sensitive Information In Audit Records
  (Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-07-17)
- I-0376: ~~Dependencies Between FIA_UID And FIA_ATD~~
  (Withdrawn on 1999-10-01)
- I-0480: ~~Components Written As Environmental Actions~~
  (Tabled on 2005-02-04)
User-Subject Binding (fia_usb)
- I-0351: ~~User Attributes To Be Bound Should Be Specified~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0415 on 2002-05-14)
- I-0352: ~~Rules Governing Binding Should Be Specifiable~~
  (Approved by CCEVS Management on 2000-12-20; superseded by CCIMB-INTERP-0137 on 2004-01-30)
- I-0415: ~~User Attributes To Be Bound Should Be Specified~~
  (Approved by CCEVS Management on 2002-03-04; superseded by CCIMB-INTERP-0137 on 2004-01-30)
Management of Security Attributes (fmt_msa)
- I-0358: ~~Roles Whose Membership Is Defined By Object Attributes~~
  (Withdrawn on 1999-12-17)
- I-0409: ~~Other Properties In FMT_MSA.3 Should Be Specified By Assignment~~
  (Approved by CCEVS Management on 2002-01-04; superseded by CCIMB-INTERP-0201 on 2003-10-31)
- I-0441: ~~Meaning Of "Other Property"~~
  (Withdrawn on 2001-08-28)
- I-0442: Restrictive Is Not Fully Defined Without Specification Of Attributes
  (Sent to CCEVS Management and CCIMB for Review on 2004-01-12)
- I-0477: Management Of Subject Attributes
  (Sent to CCEVS Management and CCIMB for Review on 2004-11-09)
- I-0482: Properties Of Default Values For Attributes
  (Ready to Send to Management/CCIMB on 2005-02-04)
Revocation (fmt_rev)
- I-0359: ~~Ordering Of Basic And Minimal Audit For FMT_REV~~
  (Withdrawn on 1999-11-04)
Security Management Roles (fmt_smr)
- I-0346: ~~Users Authorised To Change Authentication Data Are Not Roles~~
  (Withdrawn on 1999-11-04)
Underlying Abstract Machine Test (fpt_amt)
- I-0470: FPT_AMT When There Are No Operational (IT) Environment Objectives
  (Sent to CCEVS Management and CCIMB for Review on 2003-08-01)
TSF Physical Protection (fpt_php)
- I-0381: ~~Relationship Between FPT_PHP And FMT_MOF~~
  (Approved by CCEVS Management on 2002-03-04; superseded by CCIMB-INTERP-0212 on 2003-10-31)
Trusted Recovery (fpt_rcv)
- I-0389: ~~Recovery To A Known State~~
  (Approved by CCEVS Management on 2001-03-15; rescinded on 2003-05-09)
- I-0406: ~~Automated Or Manual Recovery Is Acceptable~~
  (Approved by CCEVS Management on 2001-03-15; superseded by CCIMB-INTERP-0056 on 2003-10-31)
Reference Mediation (fpt_rvm)
- I-0339: ~~Assurance Of RVM Is By Testing And Design Analysis~~
  (Approved by CCEVS Management on 2000-03-27; rescinded on 2002-01-04)
- I-0413: ~~Assurance Of RVM Is By Testing And Design Analysis~~
  (Withdrawn on 2001-04-23)
Domain Separation (fpt_sep)
- I-0373: ~~FPT_SEP.2 And FPT_SEP.3 Are Not Hierarchical~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0424 on 2000-12-05)
- I-0380: ~~FPT_ITT, FPT_SSP, And FPT_TRC Should Be Incorporated Into FPT_SEP~~
  (Pending on: ADV Rewrite on 2004-05-07)
- I-0424: ~~FPT_SEP.2 And FPT_SEP.3 Are Not Hierarchical~~
  (Approved by CCEVS Management on 2000-12-05; rescinded on 2003-05-09)
- I-0463: Platform Inclusion In A TOE With FPT_SEP
  (Sent to CCEVS Management and CCIMB for Review on 2003-03-12)
Inter-TSF Trusted Channel (ftp_itc)
- I-0479: FTP_ITC.1.3 Specifies The Functions Needing A Trusted Channel
  (Sent to CCEVS Management and CCIMB for Review on 2004-11-09)
Part 1: Introduction and General Model (part_1)
- I-0360: ~~Non-Normative Materials In Annexes B (PP) And C (ST)~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
- I-0362: ~~Scope Of Permitted Refinements~~
  (Approved by CCEVS Management on 2000-03-27; superseded by CCIMB-INTERP-0019, CCIMB-INTERP-0098 on 2002-03-12)
- I-0364: ~~Application Notes In Protection Profiles Are Informative Only~~
  (Approved by CCEVS Management on 2000-03-27; superseded by 0421 on 2001-06-22)
- I-0368: ~~Assumptions Related To Security Objectives For The Environment~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
- I-0393: ~~A Completely Evaluated ST Is Not Required When TOE Evaluation Starts~~
  (Approved by CCEVS Management on 2001-03-15; superseded by CCIMB-INTERP-0150 on 2003-07-15)
- I-0395: ~~Security Attributes Include Attributes Of Information And Resources~~
  (Approved by CCEVS Management on 2001-03-15; superseded by CCIMB-INTERP-0151 on 2003-10-31)
- I-0404: ~~Security Requirements For The Non-IT Environment~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)
- I-0407: Empty Selections Or Assignments
  (Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-08-21)
- I-0411: ~~Guidance Includes AGD_ADM, AGD_USR, ADO, And ALC_FLR~~
  (Approved by CCEVS Management on 2000-12-22; superseded by CCIMB-INTERP-0140 on 2003-07-15)
- I-0419: ~~Scope Of Permitted Refinements~~
  (Withdrawn on 2002-03-12)
- I-0421: Application Notes In Protection Profiles Are Informative Only
  (Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-08-21)
- I-0429: Selecting One Or More
  (Approved, Acceptable to CCIMB, No CCIMB Interpretation on 2003-08-12)
- I-0431: ~~Specification Of Explicitly Specified Requirements~~
  (Withdrawn on 2003-05-12)
Part 2: Functional Requirements (other) (part_2)
- I-0349: ~~Grammatical/Typographical Corrections In Common Criteria V2.1~~
  (Withdrawn on 2004-11-03)
- I-0367: Management Sections Are Informative
  (In CCIMB RI Queue on 2003-05-15)
- I-0379: How To Require User/Admin Documentation For Functional Components
  (In CCIMB RI Queue on 2003-05-15)
- I-0382: TSF Architectural Protections Are Really Assurances
  (In CCIMB RI Queue on 2003-05-15)
Part 3: Assurance Requirements (other) (part_3)
- I-0374: ~~Nature Of Components~~
  (Withdrawn on 2001-06-14)
- I-0397: ~~Iteration On Assurance Components/Elements~~
  (Approved by CCEVS Management on 2001-03-15; superseded by CCIMB-INTERP-0019 on 2002-03-12)
- I-0434: Treatment Of TSF Components Provided By A Third-Party
  (Sent to CCEVS Management and CCIMB for Review on 2004-03-08)
- I-0437: ~~Applicability Of Elements Of A PP In The ST Context~~
  (Pending on: APE/ASE Rewrite on 2004-05-07)

Return to Index Selection Page

Public Interpretation Discussion Mailing List: A mailing list, cc-cmt (Common Criteria NIAP Interpretations Comments), has been set up to provide a forum for public comment and discussion on proposed NIAP interpretations to the Common Criteria (CC) and the Common Evaluation Methodology (CEM). To subscribe, send an email to listproc@nist.gov. The body of the message should contain the line:

subscribe cc-cmt your-first-name your-last-name

This will start a subscription for the "From:" address of the request Email. Archives of the cc-cmt list may be found at http://cio.nist.gov/esd/emaildir/lists/cc-cmt/maillist.html.

This page was generated on Fri Jun 30 12:32:35 2006.
Questions on this page, or comments on Database entries should be addressed to cc-cmt@nist.gov.
Flags are based on a comparison against information uploaded 2005-01-20-00:00