Re: [2600] Question related to ALC_FLR
Hi,
This is really more of a commercial decision than a technical or CC one.
Many clients expect that devices will now be certified to EAL2+ or EAL3+
(or EAL4+ ...) where the "+" denotes an augmentation to the standard
assurance profile, often ALC_FLR, so commercial expectations may drive
you to including FLR.
It is generally much better understood now that devices cannot
realistically be issued as the certified version, with no attempt made
to provide patches for bug fixes and to protect against new
vulnerabilities, and many clients will want to see evidence that you, as
vendor, have well established (and certified) processes in place to
handle this. So, I would expect to see FLR in the PPs.
Whether you each submit your products for Assurance Maintenance as well
is another commercial decision, and depends on whether you will be able
to sell products, to your target markets, on the basis of a certified
version which is now out of date due to bug fixing patches, or whether
your target market actually requires you to maintain the certificates.
Perhaps I should also note here that re-evaluation work, should there be
a "Major" change, does not imply a complete re-evaluation, at a similar
cost to the original evaluation, but rather an evaluation of the changes
only, with some checking to make sure that only the identified changes
have been made so, depending on the scope of the change, the
re-evaluation work can be just a small fraction of the cost of the
original evaluation.
Best regards
Simon
Simon Milford
Head of SiVenture
Unit 6
Cordwallis Park
Clivemont Road
Maidenhead
Berkshire
SL6 7BU
Tel: +44 (0)1628 651 366
Mob: +44 (0) 7881 918 199
Fax: +44 (0)1628 651 365
simon.milford@siventure.com
www.siventure.com
-----Original Message-----
From: UEDA Shigeru [mailto:ueda.shigeru@CANON.CO.JP]
Sent: 18 October 2007 02:08
To: STDS-2600@LISTSERV.IEEE.ORG
Subject: Re: [2600] Question related to ALC_FLR
Hi
Thank you for your explanation.
Can I have another question?
That means that the corrected MFD have to certified again anyway
1) Minor case : Send "Assurance Maintenance report" and get approval to
keep the product to be valid as CC certified product.
2)Major case : Evaluate with the corrected MFD and get certified again.
These process have to be done anyway if you found bugs in CC certified
product, and want to keep customer having certified product.
So It looks like to me that ALC_FLR do not have to be in PP from
maintenance point of view.
What do you think?
Best Regards.
Shigeru Ueda.
On Wed, 17 Oct 2007 15:46:01 +0100
"Milford, Simon" <simon.milford@SIVENTURE.COM> wrote:
> Hi all,
>
> My view, as a CC lab in the UK scheme is this.
>
> ALC_FLR is about what processes you have internal to the development,
> to identify, track and resolve flaws in the product. This will be
> important to those customers who want to be sure that you as a
> developer do have processes in place to respond to flaws.
>
> You are correct that implementing changes to a certified product will,
> potentially, result in the certificate no longer being valid. This is
> why CC has the Assurance Continuity process, which allows you to
> classify (in conjunction with your CC lab or the Scheme) patches and
> fixes as either Minor or Major. Minor means that there is no impact
> on the security functionality, and these can be implemented without
> affecting the certified status of the product. Major means that there
> probably is some impact on the certification, then the Scheme will
> decide whether any further evaluation work needs to be done to look at
> the Major changes, before they too can be included in the certified
> configuration.
>
> This may be of more interest to Government clients who are
> particularly concerned about having a certified device, as opposed to
> those who may want to buy a product from someone known to produce
> certified devices, but also to want the latest patches.
>
> As an example, here is a link to an Assurance Maintenance report,
> showing that the Scheme (in this case, the German Scheme) have
> assessed the changes to be Minor in nature and, therefore, the
> certification status remains valid.
>
> <http://www.commoncriteriaportal.org/public/files/epfiles/0379-ma1.pdf
> >
>
> The two processes are not mutually exclusive, so you can include FLR
> in the evaluation, and also then enter Assurance Maintenance to
> maintain the certification once the initial evaluation is complete.
>
> Hope that helps!
>
> Best regards
>
>
> Simon
> Simon Milford
> Head of SiVenture
> Unit 6
> Cordwallis Park
> Clivemont Road
> Maidenhead
> Berkshire
> SL6 7BU
>
> Tel: +44 (0)1628 651 366
> Mob: +44 (0) 7881 918 199
> Fax: +44 (0)1628 651 365
>
> simon.milford@siventure.com
>
> www.siventure.com
>
>
> -----Original Message-----
> From: UEDA Shigeru [mailto:ueda.shigeru@CANON.CO.JP]
> Sent: 17 October 2007 01:17
> To: STDS-2600@LISTSERV.IEEE.ORG
> Subject: [2600] Question related to ALC_FLR
>
> Hi
>
> Can I have your opinion regarding ALC_FLR? ( because I have no idea
> how to solve my problem )
>
> As you know, ALC_FLR is the "Flaw remediation" which requires that
> discovered security flaws be tracked and corrected by the developer.
>
> However, once corrected, the TOE becomes to be different from the TOE
> which was certified. this is my understanding.
>
> So you will need to get certified again with the corrected TOE before
> providing it to the customer.
>
> However, ALC_FLR does not require this process.
>
> Is that mean that we leave the risk that vendor provides un-certified
> software when he corrected the security bug?
>
> Or, do you (or NIAP) think that corrected TOE is still the certified
> one ?
>
> Or should we ask vendor to get certified again with the corrected TOE
> before providing it to the customer?
>
> Regards.
>
> Shigeru Ueda.
> **********************************************************************
> **
> **************
> This e-mail is confidential, the property of NDS Ltd and intended for
> the addressee only. Any dissemination, copying or distribution of
> this message or any attachments by anyone other than the intended
> recipient is strictly prohibited. If you have received this message
> in error, please immediately notify the postmaster@nds.com and destroy
> the original message. Messages sent to and from NDS may be monitored.
> NDS cannot guarantee any message delivery method is secure or
error-free.
> Information could be intercepted, corrupted, lost, destroyed, arrive
> late or incomplete, or contain viruses. We do not accept
> responsibility for any errors or omissions in this message and/or
> attachment that arise as a result of transmission. You should carry
> out your own virus checks before opening any attachment. Any views or
> opinions presented are solely those of the author and do not
> necessarily represent those of NDS.
>
> To protect the environment please do not print this e-mail unless
> necessary.
>
> NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road,
> West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered
> in England and Wales Registered no. 3080780 VAT no. GB 603 8808
40-00
> **********************************************************************
> **
> **************
> **********************************************************************
> **
> *********************************
> This e-mail is confidential, the property of NDS Ltd and intended for
> the addressee only. Any dissemination, copying or distribution of
> this message or any attachments by anyone other than the intended
> recipient is strictly prohibited. If you have received this message
> in error, please immediately notify the postmaster@nds.com and destroy
> the original message. Messages sent to and from NDS may be monitored.
> NDS cannot guarantee any message delivery method is secure or
error-free.
> Information could be intercepted, corrupted, lost, destroyed, arrive
> late or incomplete, or contain viruses. We do not accept
> responsibility for any errors or omissions in this message and/or
> attachment that arise as a result of transmission. You should carry
> out your own virus checks before opening any attachment. Any views or
> opinions presented are solely those of the author and do not
> necessarily represent those of NDS.
>
> To protect the environment please do not print this e-mail unless
> necessary.
>
> NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road,
> West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered
> in England and Wales Registered no. 3080780 VAT no. GB 603 8808
40-00
> **********************************************************************
> **
> **********************************
>
> **********************************************************************
> ***********************************
> This e-mail is confidential, the property of NDS Ltd and intended for
the addressee only. Any dissemination, copying or distribution of this
message or any attachments by anyone other than the intended recipient
is strictly prohibited. If you have received this message in error,
please immediately notify the postmaster@nds.com and destroy the
original message. Messages sent to and from NDS may be monitored. NDS
cannot guarantee any message delivery method is secure or error-free.
Information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. We do not accept responsibility
for any errors or omissions in this message and/or attachment that arise
as a result of transmission. You should carry out your own virus checks
before opening any attachment. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
NDS.
>
> To protect the environment please do not print this e-mail unless
necessary.
>
> NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road,
West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered
in England and Wales Registered no. 3080780 VAT no. GB 603 8808 40-00
> **********************************************************************
> ************************************
Disclaimer:
************************************************************************
*********************************
This e-mail is confidential, the property of NDS Ltd and intended for
the addressee only. Any dissemination, copying or distribution of this
message or any attachments by anyone other than the intended recipient
is strictly prohibited. If you have received this message in error,
please immediately notify the postmaster@nds.com and destroy the
original message. Messages sent to and from NDS may be monitored. NDS
cannot guarantee any message delivery method is secure or error-free.
Information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. We do not accept responsibility
for any errors or omissions in this message and/or attachment that arise
as a result of transmission. You should carry out your own virus checks
before opening any attachment. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
NDS.
To protect the environment please do not print this e-mail unless
necessary.
NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road,
West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered
in England and Wales Registered no. 3080780 VAT no. GB 603 8808 40-00
************************************************************************
**********************************
************************************************************************
*********************************
This e-mail is confidential, the property of NDS Ltd and intended for
the addressee only. Any dissemination, copying or distribution of this
message or any attachments by anyone other than the intended recipient
is strictly prohibited. If you have received this message in error,
please immediately notify the postmaster@nds.com and destroy the
original message. Messages sent to and from NDS may be monitored. NDS
cannot guarantee any message delivery method is secure or error-free.
Information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. We do not accept responsibility
for any errors or omissions in this message and/or attachment that arise
as a result of transmission. You should carry out your own virus checks
before opening any attachment. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
NDS.
To protect the environment please do not print this e-mail unless
necessary.
NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road,
West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered
in England and Wales Registered no. 3080780 VAT no. GB 603 8808 40-00
************************************************************************
**********************************
*********************************************************************************************************
This e-mail is confidential, the property of NDS Ltd and intended for the addressee only. Any dissemination, copying or distribution of this message or any attachments by anyone other than the intended recipient is strictly prohibited. If you have received this message in error, please immediately notify the postmaster@nds.com and destroy the original message. Messages sent to and from NDS may be monitored. NDS cannot guarantee any message delivery method is secure or error-free. Information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. We do not accept responsibility for any errors or omissions in this message and/or attachment that arise as a result of transmission. You should carry out your own virus checks before opening any attachment. Any views or opinions presented are solely those of the author and do not necessarily represent those of NDS.
To protect the environment please do not print this e-mail unless necessary.
NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road, West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered in England and Wales Registered no. 3080780 VAT no. GB 603 8808 40-00
**********************************************************************************************************