Date:  01/30/2004

Closed Statement:

This RI seems to touch on two issues: combining two different products into one ("composition") and accomodating updates or changes to one or both of those parts ("assurance continuity"). The composition issue is currently under discussion and will be addressed at some future time.

As for assurance continuity, under the CCRA a scheme issues a certificate applying to that uniquely defined TOE, thereby implicitly (or explicitly) stating that any changed TOE is no longer certified.

Whether or not a new/changed TOE can retain its certificate and EAL rating depends on the scope of changes and, if decided minor, the subsequently performed maintenance effort. In all other cases a re-evaluation has to be performed, which would lead to a new certificate. Guidance on this Assurance Continuity process can be found on the common criteria website or requested by any CCRA compliant scheme.