|Subject:||Augmented and Conformant overlap|
|CC Part #1 Reference:||CC Part 1, Section 5.4|
|CC Part #2 Reference:|
|CC Part #3 Reference:|
|CEM Reference:||CEM, Section 4.4.3 (ASE_INT.1)|
The notion of assurance packages, without any evaluation requirements for packages, has caused the definitions of "augmented" and "conformant" to become merged. An assurance package is effectively the same as an assurance package plus other assurance components, since the content of an assurance package is arbitrary.
An assurance package is not so much "arbitrary" as "not pre-defined". One defined assurance package can be augmented and the resulting set of assurance requirements could be defined as a new assurance package. To clarify this issue, and to make the results of evaluations more clear to potential consumers, the CC is interpreted as detailed in the specific change below.
To address this interpretation, the following changes are made to CC v2.1, Part 1:
The following sentence is added to the end of paragraph 175 in CC v2.1 Part 1:
The results of evaluation shall also include a "Conformance Result".
The title of CC Part 1, section/Clause 5.4 is changed to "Conformance results".
The following text replaces CC Part 1, section/Clause 5.4:
The conformance result indicates the source of the collection of requirements that is met by a TOE or PP that passes its evaluation. This conformance result is presented with respect to Part 2 (functional requirements), Part 3 (assurance requirements) and, if applicable, to a pre-defined set of requirements (e.g., EAL, Protection Profile).
The conformance result consists of one of the following:
Part 2 conformant - A PP or TOE is Part 2 conformant if the functional requirements are based only upon functional components in Part 2
Part 2 extended - A PP or TOE is Part 2 extended if the functional requirements include functional components not in Part 2
plus one of the following:
Part 3 conformant - A PP or TOE is Part 3 conformant if the assurance requirements are based only upon assurance components in Part 3
Part 3 extended - A PP or TOE is Part 3 extended if the assurance requirements include assurance requirements not in Part 3.
Additionally, the conformance result may include a statement made with respect to sets of defined requirements, in which case it consists of one of the following:
Package name Conformant - A PP or TOE is conformant to a pre-defined named functional and/or assurance package (e.g. EAL) if the requirements (functions or assurance) include all components in the packages listed as part of the conformance result.
Package name Augmented - A PP or TOE is an augmentation of a pre-defined named functional and/or assurance package (e.g. EAL) if the requirements (functions or assurance) are a proper superset of all components in the packages listed as part of the conformance result.
Finally, the conformance result may also include a statement made with respect to Protection Profiles, in which case it includes the following:
PP Conformant - A TOE meets specific PP(s), which are listed as part of the conformance result.
To address this interpretation, the following change is made to CEM Part 2 v1.0:
The evaluator determines that the CC conformance claim contains either Part 3 conformant or Part 3 extended.
If Part 3 extended is claimed and the assurance requirements package includes assurance requirements in Part 3, the evaluator determines that the CC conformance claim states which assurance requirements that are in Part 3 are claimed.
If Package Name conformant is claimed, the evaluator determines that the CC conformance claim states which package is claimed.
If Package Name augmented is claimed, the evaluator determines that the CC conformance claim states which package is claimed and which augmentations to that package are claimed.
If PP conformant is claimed, the evaluator determines that the CC conformance claim states to which PP or PPs conformance is claimed.
This new nomenclature makes the results of evaluations more meaningful to potential consumers.
For example, the US Department of Agriculture might construct a protection profile for an EAL2 operating system. The European Central Bank might take this profile, add data integrity requirements from Part 2, some assurance requirements from Part 3 (though not all remaining EAL3 requirements), and issue its own resulting profile. Health Canada might take this resulting profile and augment it with data protection during transmission requirements from Part 2, its own assurance requirements, and issue the resulting profile. These profiles would be listed on the protection profile registry with the following descriptors:
US Department of Agriculture - Part 2 conformant and Part 3 conformant;
European Central Bank - Part 2 conformant, Part 3 conformant, and conformant to the US Department of Agriculture profile;
Health Canada - Part 2 conformant, Part 3 extended, and conformant to the US Department of Agriculture and European Central Bank profiles.
To extend the example, let us imagine
a successful evaluation of a product against the set of requirements in
the Health Canada profile, plus the remaining Part 3 requirements for
EAL3, as well as an additional Part 3 component Y. The entry in the evaluation
registry for this TOE would have the following evaluation descriptor:
Part 2 conformant;
Part 3 extended with component X;
EAL3 augmented with component Y;
PP Conformant with the US Department of Agriculture profile, the European Central Bank profile, and the Health Canada profile.