Rescission of NIAP Interpretation I-0389
The CCIMB has found that NIAP Interpretation 0389 would violate Mutual Recognition. The interpretation calls for allowing a system to "recoveR" to a previously-known state, rather then a *secure* state. The CCIMB believes such an interpretation could lead to the acceptance of products that revert to states which would compromise the intent of security. For example, if, after a user logs out, the system could revert to a state where that user was logged in, thereby permitting anyone else at that workstation to assume the user's identity. Even more drastically, the interpretation could permit a system reverting to a state that is known to be insecure.
The NIB and CCEVS management agree with the CCIMB that this NIAP interpretation could result in undesirable situations not envisaged by the NIB. CCEVS management therefore rescinds Interpretation I-0389.