Re: HLD and IT Environment SFRs

Subject: Re: HLD and IT Environment SFRs
From: Tom Benkart <teb@coact.com>
Date: Thu, 20 Jul 2006 12:31:24 -0400
Content-Type: text/plain; charset="us-ascii"; format=flowed
In-Reply-To: <CD6BB6072E0DF243B7862BAC93CA291A01F751D9@0581-its-exmp01.u s.saic.com>
References: <CD6BB6072E0DF243B7862BAC93CA291A01F751D9@0581-its-exmp01.us.saic.com>


Jim, we ran into this issue a while back and PD-0091 addresses your 
question concerning indirect dependencies in the IT Environment, at least 
as far as inclusion in the ST.  It does not specifically address HLD.

Tom

At 11:25 AM 7/20/2006, Arnold, James L. Jr. wrote:

>I have questions about the required handling of IT environment SFRs in
>the HLD. I have two specific scenarios in mind.
>
>1) There is a threat that is addressed exclusively by the IT environment
>and the TOE has no actual dependency on any of the resulting IT
>environment SFRs. This may seem kind of silly, but it is not clear the
>CC disallows this situation.
>
>2) There is a TOE dependency on the IT environment for which an SFR
>(e.g., FCS_COP.1) is articulated. However, FCS_COP.1, according to the
>CC, has dependencies (e.g., FCS_CKM.4 and FMT_MSA.2) upon which the TOE
>has no direct dependency.
>
>The CEM guidance for 2:ADV_HLD.1-5, for example, indicates the HLD and
>IT environment SFRs must agree and inconsistencies between the IT
>environment requirements indicated in the HLD vs. the ST would be
>addressed in ADV_HLD.1.2E. Further, the guidance for 2:ADV_HLD.1-6
>indicates that the HLD should explain how the TOE uses the IT
>environment functions upon which it depends and tests should ensure the
>functions actually exist.
>
>The problem is that IT Environment requirements might not be driven by
>TOE dependencies and as a result likely would not normally be addressed
>in the HLD.
>
>Questions:
>
>1) Should IT environment SFRs not driven by direct TOE dependencies not
>be included in the ST? Perhaps there should be some standard rationale
>(or better the CC should be modified to excuse unsatisfied environment
>dependencies). Also, perhaps the CC should require that all threats and
>policies be at least partially satisfied by the TOE itself.
>
>2) Do all IT environment requirements really have to be addressed in the
>HLD? Can there be exceptions when the IT environment SFRs result from IT
>environment dependencies, for example, or even more generally when it
>can be otherwise concluded that the TOE isn't really dependent on the
>applicable SFRs?
>
>-Jim Arnold

Tom Benkart
Operations Manager
COACT, Inc.
9140 Guilford Road, Suite N
Columbia, MD. 21046
301-498-0150
Fax: 301-498-0855
teb@coact.com

References:
- HLD and IT Environment SFRs
  - From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>

Prev by Date: HLD and IT Environment SFRs
Next by Date: RE: HLD and IT Environment SFRs
Prev by thread: HLD and IT Environment SFRs
Next by thread: RE: HLD and IT Environment SFRs

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov