| Date: | 02/16/2001 |
| Subject: | Apparent higher standard for explicitly stated requirements |
| CC Part #1 Reference: | |
| CC Part #2 Reference: | |
| CC Part #3 Reference: | CC Part 3, Section 4.6 (APE_SRE) CC Part 3, Section 5.7 (ASE_SRE) |
| CEM Reference: |
APE/ASE_SRE.1.5C requires measurable, objective requirements that can be systematically demonstrated. However, by the very nature of security requirements, it is not always possible to produce fully measurable and objective requirements that can be subjected to a systematic demonstration.
The existing CC functional and assurance requirements are to be used as models of compliance with the requirements of this family.
Specific Changes
This new paragraph is added to the application
notes of the APE_SRE family following CC Part 3 paragraph 164:
The elements APE_SRE.1.5C and APE_SRE.1.6C require that the explicitly
stated IT security requirements shall be measurable and objective as well
as clearly and unambiguously expressed. The existing CC functional and
assurance requirements are to be used as models for compliance with these
requirements.
This new paragraph is added to the application notes of
the ASE_SRE family following CC Part 3 paragraph 185:
The elements ASE_SRE.1.5C and ASE_SRE.1.6C require that the explicitly
stated IT security requirements shall be measurable and objective as well
as clearly and unambiguously expressed. The existing CC functional and
assurance requirements are to be used as models for compliance with these
requirements.
The following paragraph is appended to these CEM
work-units: APE_SRE.1-5 after paragraph 281, APE_SRE.1-6 after the work
unit, ASE_SRE.1-5 after paragraph 470, and ASE_SRE.1-6 after the work
unit:
RationaleThe existing CC functional and assurance requirements are to be used as models for compliance with this requirement.