Offline RI Listing

Final Interpretation for RI # 4 - ACM_SCP.*.1C requirements unclear

Date:	11/12/2001
Subject:	ACM_SCP.*.1C requirements unclear
CC Part #1 Reference:
CC Part #2 Reference:
CC Part #3 Reference:	CC Part 3, Section 8.3 (ACM_SCP)
CEM Reference:	CEM, Section 8.4.3 (ACM_SCP.2)

Issue:

ACM_SCP.*.1C requires that "design documentation" is tracked by the CM system. This term is not used elsewhere, and clearly does not map directly to ADV requirements (since it appears to exclude the implementation representation).

Interpretation

ACM_SCP is interpreted as intending to extend the requirements of ACM_CAP to additional items, not to impose additional CM capabilities (i.e. the requirement to 'track').

ACM_SCP.1.1C requires that the following must be included in the list of configuration items: the implementation representation and the evaluation evidence required by the assurance components in the ST.

Specific Changes

In CC Part 3, the following changes are made:

The following is inserted after paragraph 257 (last application note for ACM_CAP):

ACM_CAP identifies the CM requirements to be imposed on all items identified in the configuration item list. Other than the TOE itself, ACM_CAP leaves the contents of the configuration item list to the discretion of the developer. (ACM_SCP can be used to identify specific items that must be included in the configuration item list, and hence covered by CM.)

Paragraphs 274 and 275 (Objectives for ACM_SCP) are replaced with:

The objective of this family is to require items to be included as configuration items and hence placed under the CM requirements of ACM_CAP. Applying configuration management to these additional items provides additional assurance that the integrity of TOE is maintained.

Paragraph 276 (Component levelling for ACM_SCP) is replaced with:

The components in this family are levelled on the basis of which of the following are required to be included as configuration items: implementation representation; the evaluation evidence required by the assurance components in the ST; security flaws; and development tools and related information.

Immediately before paragraph 277, the following is inserted as the new first paragraph of the application notes for ACM_SCP:

While ACM_CAP mandates a list of configuration items and that each item on this list be under CM, other than the TOE itself, ACM_CAP leaves the contents of the configuration item list to the discretion of the developer. ACM_SCP narrows this discretion by identifying items that must be included in the configuration item list, and hence come under the CM requirements of ACM_CAP.

Paragraphs 277, 279, and 280 (application notes for ACM_SCP) are changed as follows:

"tracked by the CM system" is replaced by "included in the list of configuration items"

Paragraph 278 (second application note for ACM_SCP) is replaced with:

ACM_SCP.1.1C also introduces the requirement that the evaluation evidence required by the other assurance components in the ST be included in the list of configuration items.

Paragraphs 281, 282, and 284 (first objective for ACM_SCP.1, ACM_SCP.2, and ACM_SCP.3) are each replaced with:

A CM system can control changes only to those items that have been placed under CM (i.e., the configuration items identified in the configuration item list). Placing the TOE implementation and the evaluation evidence required by the other assurance components in the ST under CM provides assurance that they have been modified in a controlled manner with proper authorisations.

Paragraphs 283 and 285 (second objective for ACM_SCP.2 and ACM_SCP.3) are changed as follows:

"The ability to track security flaws under CM ensures" is replaced with "Placing security flaws under CM ensures"

ACM_SCP.*.1D is changed to:

ACM_SCP.*.1D The developer shall provide a list of configuration items for the TOE.

ACM_SCP.*.1C is changed to:

ACM_SCP.1.1C The list of configuration items shall include the following: implementation representation and the evaluation evidence required by the assurance components in the ST.

ACM_SCP.2.1C The list of configuration items shall include the following: implementation representation; security flaws; and the evaluation evidence required by the assurance components in the ST.

ACM_SCP.3.1C The list of configuration items shall include the following: implementation representation; security flaws; development tools and related information; and the evaluation evidence required by the assurance components in the ST.

ACM_SCP.*.2C is deleted.

In the CEM, the following changes are made:

Paragraphs 953 and 1327 (input for ACM_SCP.1 and ACM_SCP.2 sub-activities respectively) are each changed to:

"configuration management documentation" is changed to "configuration item list"

Work units 3:ACM_SCP.1-1 and 4:ACM_SCP.2-1 are each replaced by:

The evaluator shall check that the configuration item list includes the set of items required by the CC.

Paragraphs 955 (guidance for work units 3:ACM_SCP.1-1) is replaced with:

The list includes thefollowing:

a) the TOE implementation representation (i.e., the components or subsystems that compose the TOE). For a software-only TOE, the implementation representation may consist solely of source code; for a TOE that includes a hardware platform, the implementation representation may refer to a combination of software, firmware and a description of the hardware.

b) the evaluation evidence required by the assurance components in the ST.

Paragraph 1329 (guidance for work unit 4:ACM_SCP.2-1) is replaced with:

The list includes the following:

a) the TOE implementation representation (i.e., the components or subsystems that compose the TOE). For a software-only TOE, the implementation representation may consist solely of source code; for a TOE that includes a hardware platform, the implementation representation may refer to a combination of software, firmware and a description of the hardware.

b) the evaluation evidence required by the assurance components in the ST.

c) the documentation used to record details of reported security flaws associated with the implementation (e.g., problem status reports derived from a developer's problem database).

Work units 3:ACM_SCP.1-2 and 4:ACM_SCP.2-2 and their associated guidance are deleted.

Rationale

ACM_CAP is already written to impose all CM requirements on all configuration items. Therefore the only thing that ACM_SCP need do is indicate what additional items over the TOE itself (the ACM_CAP requirement for configuration items) must be included in the list of configuration items.
ACM_SCP is interpreted as intending to extend the requirements of ACM_CAP to additional items, not to impose additional CM capabilities (i.e. the requirement to 'track'). The control of configuration items is fully covered by ACM_CAP.*.9C (appearing in ACM_CAP.3 and above).