Final Interpretation for RI # 25 - Level of detail required for hardware descriptions

Date: 07/31/2001
Subject: Level of detail required for hardware descriptions
CC Part #1 Reference: 
CC Part #2 Reference: 
CC Part #3 Reference: 
CEM Reference: CEM, Annex B.6.2
CEM, Annex B.6.3

Issue:

What level of detail must be provided about the hardware and firmware of a TOE comprising vendor developed software and generic "PC" firmware/hardware? Is it sufficient to identify the TOE hardware components by their "generic" identities (e.g. Pentium-based PC, 10-Base-T Network Interface Card, SCSI disk drive)? Or is it necessary instead to specify the precise specification of each component of an evaluated configuration (e.g. Intel P5-233Mhz, Intel Starfire 2-revision 6.2 motherboard, 16Mb of 70ns EDO RAM, 3Com 3C509 NICS, Quantum Fireball 4.3 SCSI disk drive, Adaptec 2940W SCSI adapter)?



Interpretation

The hardware and firmware portions of a TOE must be described at the same level of detail as the software portions of the TOE.

In identifying the TOE as required for ASE_INT and the ETR, the level of hardware identification is determined by the impact that the hardware features have upon the security functions and assurances being claimed. The TOE identification must be as detailed as necessary to capture all security relevant information.

In describing the TSF as required by components in the ADV class, the hardware features that provide the security being claimed are described in terms of how they provide those features.

Specific Changes

  • The following paragraph is inserted into section B.6.2 of the CEM after para 1817:
    This evaluated configuration is identified in sufficient detail to differentiate hardware included in the evaluated configuration from hardware that is not included in the evaluated configuration, though it might be available as part of the product upon which the TOE is based. This identification makes it apparent to potential customers what product must be purchased, and what configuration options must be used, in order for the TOE to run securely.
  • The following paragraph is inserted into section B.6.3 of the CEM after para 1818:

    The hardware portions of the TSF are described at a level of detail commensurate with the assurance requirements related to the relevant development documentation (functional specification, high-level design, low-level design) and the testing documentation. The level of hardware identification is determined by the impact that the hardware features have upon the security functions and assurances being claimed.

  • Rationale

    The hardware identification is used by potential customers to identify the TOE. This identification needs to be sufficient for the customer to know what product must be purchased, and what configuration options must be used, in order for the TOE to run in its evaluated configuration.

    The hardware description, which is more detailed than the identification, is provided to evaluators to analyse the hardware at a degree commensurate with the assurance. This includes the analysis of the relevant development documentation (functional specification, high-level design, low-level design) and the testing documentation.

    The amount of detail depends upon the security being claimed. For example,in the example cited in the Issue statement, the clock speed of the processor would not be mentioned unless it were a factor, as would be the case if a covert channel analysis were performed as part of the evaluation.