| Problem: There are many places in the CC that refers to "list of subjects" or "list of objects". Under a literal reading, this could be read as calling for a list of specific subjects or objects, i.e., process numbers, file names, etc. Such information is too specific.
|
| Proposed Solution: STATEMENT
The phrases "list of subjects" or "list of objects" can also refer to lists of the types of those entities, i.e., processes, files, etc.
RECOMMENDED CRITERIA CHANGES
To address this interpretation, the following changes are made to CC v2.1 Part 2 (notation: additions; deletions):
- Subclause F.2, paragraph 746 is changed as follows:
In FDP_ACC.1.1, the PP/ST author should specify the list of subjects, objects, and operations among subjects and objects covered by the SFP. The lists of subjects or objects could be very specific, if the subjects/objects are known, or it could be more generic and refer to a "type" of subject/object such as an identified role, process, or file.
- Subclause F.2, paragraph 750 is changed as follows:
In FDP_ACC.2.1, the PP/ST author should specify the list of subjects and objects covered by the SFP. All operations among those subjects and objects will be covered by the SFP. The lists of subjects or objects could be very specific, if the subjects/objects are known, or it could be more generic and refer to a "type" of subject/object such as an identified role, process, or file.
- Subclause F.3, paragraph 774 is changed as follows:
In FDP_DAU.2.2, the PP/ST author should specify the list of subjects that will have the ability to verify data authentication evidence for the objects identified in the previous element as well as the identity of the user that created the data authentication evidence. The list of subjects could be very specific, if the subjects are known, or it could be more generic and refer to a "type" of subject such as an identified role.
- Subclause F.9, paragraph 897 is changed as follows:
In FDP_RIP.1.1, the PP/ST author should specify the list of objects subject to residual information protection. The list of objects could be very specific, if the objects are known, or it could be more generic and refer to a "type" of object such as files, named buffers, etc.
- Subclause F.10, paragraph 907 is changed as follows:
In FDP_ROL.1.1 the PP/ST author should specify the list of objects that are subjected to the rollback policy. The list of objects could be very specific, if the objects are known, or it could be more generic and refer to a "type" of object such as files, named buffers, etc.
- Subclause F.10, paragraph 911 is changed as follows:
In FDP_ROL.2.1 the PP/ST author should specify the list of objects that are subjected to the rollback policy. The list of objects could be very specific, if the objects are known, or it could be more generic and refer to a "type" of object such as files, named buffers, etc.
SUPPORT:
The potential exists for the phrase "list of subjects" or "list of objects" to be narrowly read. In most cases, the intent is not to give a specific list of subjects and objects (for examples, process 4323 can access file "ntscpe.exe"), but to give types of subjects and objects (processes, files). This interpretation clarifies the guidance portions to make that possibility clearer.
Note: No changes are made to FDP_IFF and FDP_IFC, as the annex text for these families already includes appropriate words.
|