TD0564: NiT Technical Decision for Vulnerability Analysis Search Criteria
The NiT has issued a technical decision for Vulnerability Analysis Search Criteria.
NDSDv.2.2 paragraph 682 in section A.1.1 Type 1 Hypotheses - Public-Vulnerability-Based shall be replaced as follows:
According to section 126.96.36.199, the developer shall provide documentation identifying the list of software and hardware components that compose the TOE. The evaluator shall independently verify this list for completeness by comparing it to the security functionality defined in the TSS of the ST and ensuring that all expected components are accounted for.
Hardware components should identify at a minimum the processors used by the TOE. Software components that are in the scope of this requirement include libraries, frameworks, operating system and other major components that are independently identifiable and reusable (i.e. can be present in other products) components. The evaluator shall use the components list and determine that the TOE and its components are free of unmitigated vulnerabilities. It is expected that all remotely exploitable vulnerabilities present in the network device shall be considered as part of vulnerability assessment ("network device" is used to refer to the entire device and is not limited to the claimed security functionality).
The search criteria to be used when searching the sources shall include:
• The list of software and hardware components that compose the TOE
• The TOE name (including model information as appropriate)
As the search terms can contain proprietary information and there is a possibility that this information could be used by attackers to identify potential attack surfaces, there is no expectation that search terms containing proprietary information are published in any public-facing document.
In addition, NDSDv.2.2 paragraph 681 in section A.1.1 Type 1 Hypotheses - Public-Vulnerability-Based shall be replaced as follows:
The evaluators shall perform a search on the sources listed in Section A.4 to determine a list of potential flaw hypotheses that are specific to the TOE and its components as specified by the additional documentation mentioned above. Any duplicates – either in a specific entry, or in the flaw hypothesis that is generated from an entry from the same or a different source – can be noted and removed from consideration by the evaluation team.
For further information, please see the NiT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI202015.pdf
See issue description.