Final Interpretation for RI # 104 - Association of Information Flow Attributes with Subjects and Objects

Date: 07/15/2003
Subject: Association of Information Flow Attributes with Subjects and Objects
CC Part #1 Reference: 
CC Part #2 Reference: CC Part 2, FDP_IFF
CC Part #3 Reference: 
CEM Reference: 

Issue:

The Common Criteria does not currently provide functional requirements for identifying the clear association of controlled entities (subjects, information) with relevant security attributes. The existing FDP_IFF family provides only for a simple list of security attributes, without the ability to describe the required association to controlled entities.



Interpretation

The statement of Information Flow Control Policy should provide a clear association of controlled entities (subjects, information) with relevant security attributes.



Specific Changes

To address this interpretation, the following changes are made to CC Part 2 v2.1:

The FDP_IFF.1.1 element is replaced as follows:

FDP_IFF.1.1: The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: list of subjects and information controlled under the indicated SFP, and for each, the security attributes]

The FDP_IFF.2.1 element is replaced as follows:

FDP_IFF.2.1: The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: list of subjects and information controlled under the indicated SFP, and for each, the security attributes]

Subclause F.6, paragraph 810 is replaced by:

In FDP_IFF.1.1, the PP/ST author should specify, for each type of controlled subject and information, the security attributes that are relevant to the specification of the SFP rules. For example, such security attributes may be things such the subject identifier, subject sensitivity label, subject clearance label, information sensitivity label, etc. The types of security attributes should be sufficient to support the environmental needs.

Subclause F.6, paragraph 822 is replaced by:

In FDP_IFF.2.1, the PP/ST author should specify, for each type of controlled subject and information, the security attributes that are relevant to the specification of the SFP rules. For example, such security attributes may be things such the subject identifier, subject sensitivity label, subject clearance label, information sensitivity label, etc. The types of security attributes should be sufficient to support the environmental needs.

Rationale

This interpretation makes it clear that an appropriate assignment is one that provides, for each controlled entity, the security attributes of that entity.  It addresses all the issues identified in the request for interpretation.