Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [2600] Question related to ALC_FLR

To: STDS-2600@xxxxxxxxxxxxxxxxx
Subject: Re: [2600] Question related to ALC_FLR
From: UEDA Shigeru <ueda.shigeru@xxxxxxxxxxx>
Date: Thu, 18 Oct 2007 10:08:02 +0900
In-Reply-To: <5792DC5B1CCDD349BB7E1B3E677DCC7F01F40E2A@ukex06.UK.NDS.COM>
List-Help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-2600>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20STDS-2600>
List-Owner: <mailto:STDS-2600-request@LISTSERV.IEEE.ORG>
List-Subscribe: <mailto:STDS-2600-subscribe-request@LISTSERV.IEEE.ORG>
List-Unsubscribe: <mailto:STDS-2600-unsubscribe-request@LISTSERV.IEEE.ORG>
References: <20071017085747.AF83.UEDA.SHIGERU@canon.co.jp> <5792DC5B1CCDD349BB7E1B3E677DCC7F01F40E2A@ukex06.UK.NDS.COM>
Reply-To: UEDA Shigeru <ueda.shigeru@xxxxxxxxxxx>

Hi

Thank you for your explanation.

Can I have another question?

That means that the corrected MFD have to certified again anyway

1) Minor case : Send "Assurance Maintenance report" and get approval to
keep the product to be valid as CC certified product.

2)Major case : Evaluate with the corrected MFD  and get certified again.

These process have to be done anyway if you found bugs in CC certified
product, and want to keep customer having certified product.

So It looks like to me that ALC_FLR do not have to be in PP from
maintenance point of view.


What do you think?

Best Regards.

Shigeru Ueda.




On Wed, 17 Oct 2007 15:46:01 +0100
"Milford, Simon" <simon.milford@SIVENTURE.COM> wrote:

> Hi all,
> 
> My view, as a CC lab in the UK scheme is this.
> 
> ALC_FLR is about what processes you have internal to the development, to
> identify, track and resolve flaws in the product.  This will be
> important to those customers who want to be sure that you as a developer
> do have processes in place to respond to flaws.
> 
> You are correct that implementing changes to a certified product will,
> potentially, result in the certificate no longer being valid.  This is
> why CC has the Assurance Continuity process, which allows you to
> classify (in conjunction with your CC lab or the Scheme) patches and
> fixes as either Minor or Major.  Minor means that there is no impact on
> the security functionality, and these can be implemented without
> affecting the certified status of the product.  Major means that there
> probably is some impact on the certification, then the Scheme will
> decide whether any further evaluation work needs to be done to look at
> the Major changes, before they too can be included in the certified
> configuration.  
> 
> This may be of more interest to Government clients who are particularly
> concerned about having a certified device, as opposed to those who may
> want to buy a product from someone known to produce certified devices,
> but also to want the latest patches.
> 
> As an example, here is a link to an Assurance Maintenance report,
> showing that the Scheme (in this case, the German Scheme) have assessed
> the changes to be Minor in nature and, therefore, the certification
> status remains valid.
> 
> <http://www.commoncriteriaportal.org/public/files/epfiles/0379-ma1.pdf>
> 
> The two processes are not mutually exclusive, so you can include FLR in
> the evaluation, and also then enter Assurance Maintenance to maintain
> the certification once the initial evaluation is complete.
> 
> Hope that helps!
> 
> Best regards
> 
> 
> Simon
> Simon Milford
> Head of SiVenture
> Unit 6
> Cordwallis Park
> Clivemont Road
> Maidenhead
> Berkshire
> SL6 7BU
>  
> Tel: +44 (0)1628 651 366
> Mob: +44 (0) 7881 918 199
> Fax: +44 (0)1628 651 365
>  
> simon.milford@siventure.com
>  
> www.siventure.com
> 
> 
> -----Original Message-----
> From: UEDA Shigeru [mailto:ueda.shigeru@CANON.CO.JP] 
> Sent: 17 October 2007 01:17
> To: STDS-2600@LISTSERV.IEEE.ORG
> Subject: [2600] Question related to ALC_FLR
> 
> Hi
> 
> Can I have your opinion regarding ALC_FLR? ( because I have no idea how
> to solve my problem )
> 
> As you know, ALC_FLR is the "Flaw remediation" which  requires that
> discovered security flaws be tracked and corrected by the developer.
> 
> However, once corrected, the TOE becomes to be different from the TOE
> which was certified. this is my understanding.
> 
> So you will need to get certified again with the corrected TOE before
> providing it to the customer.
> 
> However, ALC_FLR does not require this process.
> 
> Is that mean that we leave the risk that vendor provides un-certified
> software when he corrected the security bug?
> 
> Or, do you (or NIAP) think that corrected TOE is still the certified one
> ?
> 
> Or should we ask vendor to get certified again with the corrected TOE
> before providing it to the customer? 
> 
> Regards.
> 
> Shigeru Ueda.
> ************************************************************************
> **************
> This e-mail is confidential, the property of NDS Ltd and intended for
> the addressee only.  Any dissemination, copying or distribution of this
> message or any attachments by anyone other than the intended recipient
> is strictly prohibited.  If you have received this message in error,
> please immediately notify the postmaster@nds.com and destroy the
> original message.  Messages sent to and from NDS may be monitored.  NDS
> cannot guarantee any message delivery method is secure or error-free.
> Information could be intercepted, corrupted, lost, destroyed, arrive
> late or incomplete, or contain viruses.  We do not accept responsibility
> for any errors or omissions in this message and/or attachment that arise
> as a result of transmission.  You should carry out your own virus checks
> before opening any attachment.  Any views or opinions presented are
> solely those of the author and do not necessarily represent those of
> NDS.
> 
> To protect the environment please do not print this e-mail unless
> necessary.
> 
> NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road,
> West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered
> in England and Wales  Registered no. 3080780   VAT no. GB 603 8808 40-00
> ************************************************************************
> **************
> ************************************************************************
> *********************************
> This e-mail is confidential, the property of NDS Ltd and intended for
> the addressee only.  Any dissemination, copying or distribution of this
> message or any attachments by anyone other than the intended recipient
> is strictly prohibited.  If you have received this message in error,
> please immediately notify the postmaster@nds.com and destroy the
> original message.  Messages sent to and from NDS may be monitored.  NDS
> cannot guarantee any message delivery method is secure or error-free.
> Information could be intercepted, corrupted, lost, destroyed, arrive
> late or incomplete, or contain viruses.  We do not accept responsibility
> for any errors or omissions in this message and/or attachment that arise
> as a result of transmission.  You should carry out your own virus checks
> before opening any attachment.  Any views or opinions presented are
> solely those of the author and do not necessarily represent those of
> NDS.
> 
> To protect the environment please do not print this e-mail unless
> necessary.
> 
> NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road,
> West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered
> in England and Wales  Registered no. 3080780   VAT no. GB 603 8808 40-00
> ************************************************************************
> **********************************
> 
> *********************************************************************************************************
> This e-mail is confidential, the property of NDS Ltd and intended for the addressee only.  Any dissemination, copying or distribution of this message or any attachments by anyone other than the intended recipient is strictly prohibited.  If you have received this message in error, please immediately notify the postmaster@nds.com and destroy the original message.  Messages sent to and from NDS may be monitored.  NDS cannot guarantee any message delivery method is secure or error-free.  Information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.  We do not accept responsibility for any errors or omissions in this message and/or attachment that arise as a result of transmission.  You should carry out your own virus checks before opening any attachment.  Any views or opinions presented are solely those of the author and do not necessarily represent those of NDS.
> 
> To protect the environment please do not print this e-mail unless necessary.
> 
> NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road, West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered in England and Wales  Registered no. 3080780   VAT no. GB 603 8808 40-00
> **********************************************************************************************************

Follow-Ups:
- Re: [2600] Question related to ALC_FLR
  - From: Milford, Simon

References:
- [2600] Question related to ALC_FLR
  - From: UEDA Shigeru
- Re: [2600] Question related to ALC_FLR
  - From: Milford, Simon

Prev by Date: Re: [2600] Question related to ALC_FLR
Next by Date: [2600] Comments against P2600.1, Version 30b
Prev by thread: Re: [2600] Question related to ALC_FLR
Next by thread: Re: [2600] Question related to ALC_FLR
Index(es):
- Date
- Thread