| Type: Perceived Errors | Source: USNI 459 | Date: 01/13/2003 |
| Status: Statement | Source #: 459 | |
| CC Part #1 Reference: | ||
| CC Part #2 Reference: | ||
| CC Part #3 Reference: CC Part 3, Section 8.2 (ACM_CAP) | ||
| CEM Reference: | ||
| Reason: National Interpretation | ||
| Problem: The content and presentation of evidence elements introduced at ACM_CAP.2 all deal with uniquely identifying all items that make up the TOE and having their descriptions in a configuration list. This configuration list is contained in the CM documentation, which is required by ACM_CAP.2.3D. However, there are no requirements that formal configuration management (as is implied by the term "CM System") be performed on any of these items. Hence, the use of the term "CM system" creates confusion. |
||
| Proposed Solution:
CM systems may have varying degrees of rigour and function. At the lowest level, a CM system may be a simple configuration list. At the highest level, a CM system may be automated, with flaw remediation, change controls, and other tracking mechanisms. To address this interpretation, the following changes are made to CC v2.1 Part 3:
RATIONALE CCIMB-INTERP-0003 makes changes to ACM_CAP to better define the purpose of a configuration list, and at ACM_CAP.2, implies that the configuration list is identical to a CM system. However, this is not made explicit. This interpretation adds explanatory words clarifying that at the lowest level of function, a CM system may be just a simple configuration list. |
||