On Wed, 26 Nov 2008 15:19:10 -0500, Anne & Lynn Wheeler <[EMAIL PROTECTED]> wrote:
>The following message is a courtesy copy of an article >that has been posted to bit.listserv.ibm-main as well. > > >[EMAIL PROTECTED] (Walt Farrell) writes: >> But personally, I would not call it an operating system (I would call it a >> hypervisor) nor would I claim it as EAL6+. > >above EAL4 gets kind of funny. I tried to get EAL5 for AADS chip ... one >of the things I was doing was putting everything in silicon; all part of >chip manufacturing, including EC/DSA (NIST digital signature >standard). Since everything was part of the silicon ... then it required >to be included in the evaluation. Problem was that there wasn't a >specification for EC/DSA that could be used as part of an EAL5 >evaluation (EAL4 didn't require demonstration that outputs of EC/DSA met >some specification, there had been a draft specification ... but it had >been withdrawn). I'll agree that things are generally different above EAL4, but in my experience typically because the mutual recognition agreements apply only at EAL4 and lower. And because (I think) in the US you may need the NSA involved in evaluations at EAL5 and higher. But in my experience you can add functional and assurance claims and still meet any EAL level you want. So I don't quite understand why you couldn't have gotten an EAL5 evaluation, but obviously I don't have all the details. What you can't do is change the basic nature of the assurance claims. Each assurance level (EAL1, EAL2, etc.) has a prescribed set of assurance claims that you need to satisfy. The Common Criteria allows some small intended kinds of modifications (selection from a specified list of actions, specification of a list of objects or users, etc.). But you're not allowed to take one of the standard claims and modify the wording to say something else. And as I understand it that's what the authors of the SKPP protection profile did. I believe they did so to make the claims better (stronger), as they see it, for their intended usage. But the changes make the profile no longer EAL6, or EAL6+ (since they included some EAL7 items) but really "designed to be like EAL6". That's not to say it's a bad or improper protection profile. But I don't think it's correct to call it EAL6+ (which is probably why the protection profile authors and the security target authors did not call their works EAL6+). -- Walt (still speaking personally, not officially for IBM) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
