Docstoc

Req Number

Document Sample
Req Number Powered By Docstoc
					Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

The BOSS working group and the National Security Agency (NSA) have agreed that a single set of hierarchical, operating system requirement sets would be advantageous. NSA has indicated the willingness to consider modifications to their higher-assurance requirement set in order to achieve hierarchy. The BOSS working group has agreed that achieving hierarchy is a useful goal. This desire to achieve hierarchy between the BOSS standard and existing, higher assurance, NSA developed OS requirements results in the need to compare the BOSS base document with the NSA requirement set. These documents are the following and both are written as Common Criteria (CC) Protection Profiles: BOSS: COTS Security Protection Profile – OS (CSPP-OS), http://bosswg.org/basedoc.html NSA: Single Level, Medium Robustness OS PP (SLMRPP), http://www.iatf.net/protection_profiles/pdffile.cfm?chapter=SLMROSPPVer1_22 The requirements contained in these documents have been compared and the results of this comparison is expressed in the following subsections: 1. Assurance Components 2. Functionality included CSPP-OS and missing from SLMRPP 3. Higher Level Functionality in CSPP-OS than SLMRPP 4. Similar Functionality in CSPP-OS and SLMRPP 5. Functionality missing from CSPP-OS and included in SLMRPP NOTE: With regard to US Federal, operating system security needs; NSA has indicated that the minimum requirement for DoD systems is expected to become the medium robustness OS profiles (single level and multi-level). This results in the current CAPP and LSPP profiles being no longer recommended for DoD use after a grandfathering period. If NSA will not be recommending a lower assurance requirement set for their customers, then the NIST recommendation (which is expected to be the BOSS standard) is likely to be the only lower assurance recommendation for Federal use. NOTE: The following CC terminology is used in this comparison: Extension Refined Iteration Operations The CC requirement is changed in a manner that results in a new requirement The CC requirement is changed in a manner that clarifies and does not result in a new requirement The CC requirement is used multiple times with different refinements or extensions to cover various aspects of the security need In addition to refinement and iteration, the CC requirement contains multiplechoice selections or fill-in-the-blank assignments that are completed by the requirement set author Target of Evaluation; the IT for which requirements are being specified

TOE

Page 1 of 12

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

1. Assurance Components With regard to assurance components, CSPP-OS and SLMBPP will be hierarchical with the addition of ALC_FLR.2 (Flaw Reporting Procedures) to SLMRPP. Table 1 lists the assurance components in CSPP-OS and in SLMRPP. NOTE: As flaw remediation procedures are considered standard, best practice within the commercial software industry, the addition of ALC_FLR.2 to SLMRPP should result in minimal impact. Table 1: CC Assurance Components: CSPP-OS and SLMRPP
Assurance Class Configuration Management ACM_CAP.3 Authorization controls ACM_SCP.2 Problem tracking CM coverage Delivery and Operation ADO_DEL.1 Delivery procedures ADO_IGS.1 Installation, generation, and start-up procedures Development ADV_FSP.1 Informal functional specification ADV_HLD.1 Descriptive high-level design CSPP-OS SL Med Robust OS ACM_AUT.1 Partial CM automation ACM_CAP.4 Generation support and acceptance procedurs ACM_SCP.2 Problem tracking CM coverage ADO_DEL.2 Detection of modification ADO_IGS.1 Installation, generation, and start-up procedures ADV_FSP.2 Fully defined external interfaces ADV_HLD.2 Security enforcing high-level design ADV_IMP.2 Implementation of the TSF ADV_INT.1 Modularity ADV_LLD.1 Descriptive low-level design ADV_RCR.1 Informal correspondence demonstration ADV_SPM.1 Informal TOE security policy model Guidance Documents AGD_ADM.1 Administrator guidance AGD_USR.1 User guidance
Page 2 of 12

ADV_RCR.1 Informal correspondence demonstration ADV_SPM.1 Informal TOE security policy model AGD_ADM.1 Administrator guidance AGD_USR.1 User guidance

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

Life Cycle Support

ALC_DVS.1 Identification of security measures ALC_FLR.2 Flaw reporting procedures

ALC_DVS.1 Identification of security measures

ALC_LCD.1 Developer defined life-cycle model ALC_TAT.1 Well-defined development tools Tests ATE_COV.2 Analysis of coverage ATE_DPT.1 Testing: High-level design ATE_FUN.1 Functional testing ATE_IND.2 Independent testing - sample Vulnerability Assessment AVA_MSU.2 Validation of [misuse] analysis AVA_SOF.1 Strength of TOE security function evaluation AVA_VLA.1 Developer vulnerability analysis [obvious vulnerabilities] ATE_COV.2 Analysis of coverage ATE_DPT.2 Testing: High-level design ATE_FUN.1 Functional testing ATE_IND.2 Independent testing - sample AVA_CCA_EXP.2 (extended) Cryptographic module covert channel analysis AVA_MSU.2 Validation of [misuse] analysis AVA_SOF.1 Strength of TOE security function evaluation AVA_VLA.3 Moderately resistant [moderate attack capability]

Page 3 of 12

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

2. Functionality included CSPP-OS and missing from SLMRPP SLMRPP is missing the 19 functional components contained in CSPP-OS. These 19 functional components are listed in Table 2. NOTE: All of this functionality are requirements previously publicly-vetted as consistent with expectations for COTS products. Therefore, inclusion in SLMRPP should have minimal impact. Table 2: CC Functional Component in CSPP-OS but not in SLMRPP
CSPP-OS Extended Iteration Refined x x x x x x x x x x x x x x

CC Component

FAU_STG.3 Action in case of possible audit data loss FDP_ETC.1-CSPP Export of user data without security attributes FDP_ITC.1 Import of user data without security attributes FDP_UCT.1 Basic data exchange confidentiality FDP_UIT.1 Data exchange integrity FIA_UAU.5 Multiple authentication mechanisms FIA_UAU.6 Re-authenticating FIA_UAU.7 Protected authentication feedback FPT_FLS.1 Failure with preservation of secure state FPT_ITC.1-CSPP Inter-TSF confidentiality during transmission FPT_ITI.1-CSPP Inter-TSF detection of modification FPT_RPL.1-CSPP Replay detection Non-CC FPT_SYN-CSPP.1 TSF synchronization
Page 4 of 12

x

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

CSPP-OS Extended Iteration Extended x Iteration Refined Refined x x x x x x

CC Component

FTA_LSA.1 Limitation on scope of selectable attributes FTA_MCS.1-CSPP Basic limitation on multiple concurrent sessions FTA_SSL.3 TSF-initiated termination FTA_TSE.1 TOE session establishment FTP_ITC.1-CSPP Inter-TSF trusted channel

3. Higher Level Functionality in CSPP-OS than SLMRPP There is one case of a lower functional component in SLMRPP than the same functional component in CSPP-OS. Table 3 shows this component. Note: CSPP-OS refines FPT_RCV.2 to only require explicit statement of which, if any, failures the TOE can recover from using automated procedures. Therefore, the inclusion in SLMRPP of this component, as refined in CSPP-OS, should have minimal impact. Table 3: CC Functional Component in CSPP-OS Lower Component in SLMRPP
CSPP-OS Extended Iteration Refined SL Med Robustness PP

CC Component

CC Component

FPT_RCV.2-NIAP-0406 Automated recovery

x

FPT_RCV.1 Manual recovery

Page 5 of 12

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

4. Similar Functionality in CSPP-OS and SLMRPP Both PPs contain the 29 functional components listed in Table 4. NOTE: The extensions, refinements, and operation completions in each PP need to be reviewed to determine how the PPs really compare. Table 4: Similar CC Functional Component in Both PPs
CSPP-OS Extended Iteration Refined SL Med Robustness PP Extended Iteration x x x x Refined x x x x x x x x x x x x x

CC Component

CC Component

FAU_GEN.1-CSPP FAU_GEN.2 FAU_SAR.1 FAU_SAR.2 FAU_SAR.3 FAU_SEL.1-CSPP FAU_STG.1-NIAP-0423 FDP_ACF.1-CSPP FIA_AFL.1-NIAP-0425 FIA_ATD.1 FIA_SOS.1 FIA_UAU.1 FIA_UID.1 FIA_USB.1-NIAP-0415 FMT_MOF.1 FMT_MSA.1 FMT_MSA.3-NIAP-0409 FMT_MTD.1 FMT_SAE.1 FMT_SMR.1 FPT_AMT.1 FPT_RVM.1 FPT_TDC.1 FPT_TST.1 FRU_RSA.1-CSPP FTA_SSL.1

x

x x

FAU_GEN.1 FAU_GEN.2 FAU_SAR.1 FAU_SAR.2

x x x x x x x x x x x x x x x x x x x x x x

FAU_SAR.3 FAU_SEL.1 FAU_STG.1 FDP_ACF_US_INTERP.1 FIA_AFL_US_INTERP.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU.1 FIA_UID.1 FIA_USB_US_INTERP.1 FMT_MOF.1 FMT_MSA.1 FMT_MSA.3 FMT_MTD.1 FMT_SAE.1 FMT_SMR.1 FPT_AMT.1 FPT_RVM.1 FPT_TDC.1 FPT_TST.1 FRU_RSA.1 FTA_SSL.1
Page 6 of 12

x x

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

CSPP-OS Extended Iteration Refined

SL Med Robustness PP Extended Iteration Refined x x x

CC Component

CC Component

FTA_SSL.2 FTA_TAB.1-CSPP FTA_TAH.1 x x

FTA_SSL.2 FTA_TAB.1 FTA_TAH.1

Page 7 of 12

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

5. Functionality missing from CSPP-OS and included in SLMRPP SLMRPP contains 21 components that either CSPP-OS does not include or CSPP-OS includes a lower, similar component. Table 5 lists these 21 components. NOTE: As the issue is hierarchy between CSPP-OS and SLMRPP, there is no need to modify either PP with regard to most of these 21 components. In the cases of FDP_ACC, FDP_RIP, and FPT_SEP the refinements in CSPP-OS need to be reviewed to determine what, if any, changes need to be made between the requirement sets in order for hierarchy to be achieved. Table 5: CC Functional Component in SLMRPP but not in CSPP-OS
CSPP-OS Extended Iteration Refined SL Med Robustness PP Extended Iteration x x x Refined x x x x x x x x x x x x x x

CC Component

CC Component

FAU_ARP.1 FAU_SAA.1 FAU_STG.4 FCS_BCM_EXP.1 FCS_CKM.1 FCS_CKM.2 FCS_CKM.4 FCS_CKM_EXP.1 FCS_CKM_EXP.2 FCS_COP.1 FCS_COP_EXP.1 FDP_ACC.1 FDP_RIP.1 x FDP_ACC.2 FDP_ITT.1 FDP_RIP.2 FMT_MSA.2 FMT_MSA_EXP.1 FMT_REV.1 FPT_ITT.1 FPT_SEP.1 x FPT_SEP.2 FPT_STM.1 FPT_TRC.1 FTP_TRP.1

Page 8 of 12

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

BACKGROUND MATERIAL
Table 6: List of CC Functional Components: CSPP-OS and SLMRPP
CSPP-OS SL Med Robustness PP SL-Med verses CSPP-OS Iteration Refined x x

Extended

CC Component

CC Component

Extended

Iteration

Refined

FAU_ARP.1 FAU_GEN.1-CSPP FAU_GEN.2 FAU_SAR.1 FAU_SAR.2 FAU_SAR.3 FAU_SEL.1-CSPP FAU_STG.1-NIAP-0423 FAU_STG.3 FAU_STG.4 FCS_BCM_EXP.1 FCS_CKM.1 FCS_CKM.2 FCS_CKM.4 FCS_CKM_EXP.1 FCS_CKM_EXP.2 FCS_COP.1 FCS_COP_EXP.1 FDP_ACC.1 FDP_ACF.1-CSPP FDP_ETC.1-CSPP FDP_ITC.1 FDP_ITT.1 FDP_RIP.1 FDP_UCT.1 FDP_UIT.1 FIA_AFL.1-NIAP-0425 x x x x FIA_AFL_US_INTERP.1 x FDP_RIP.2 x x x FDP_ACC.2 FDP_ACF_US_INTERP.1 x x x x x x x x x x x x FAU_GEN.1 FAU_GEN.2 FAU_SAA.1 FAU_SAR.1 FAU_SAR.2 FAU_SAR.3 FAU_SEL.1 FAU_STG.1

More Similar Similar More

x x x

Similar Similar Similar Similar Similar Less

x x x x

More More More More More More More

x

x

More More More

x

Similar Less Less More

x

More Less Less

x

Similar

Page 9 of 12

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

CSPP-OS

SL Med Robustness PP

SL-Med verses CSPP-OS Iteration Similar x x Similar Similar Less Less Less Similar Similar Similar x Similar More Similar Refined x

Extended

CC Component

CC Component

FIA_ATD.1 FIA_SOS.1 FIA_UAU.1 FIA_UAU.5 FIA_UAU.6 FIA_UAU.7 FIA_UID.1 FIA_USB.1-NIAP-0415 FMT_MOF.1 FMT_MSA.1 FMT_MSA.3-NIAP-0409 FMT_MTD.1 FMT_SAE.1 FMT_SMR.1 FPT_AMT.1 FPT_FLS.1 FPT_ITC.1-CSPP FPT_ITI.1-CSPP FPT_RCV.2-NIAP-0406 FPT_RPL.1-CSPP FPT_RVM.1 FPT_SEP.1 Non-CC FPT_SYN-CSPP.1 FPT_TDC.1 x x x x

x x x x x x x x x

FIA_ATD.1 FIA_SOS.1 FIA_UAU.1

FIA_UID.1 FIA_USB_US_INTERP.1 FMT_MOF.1 FMT_MSA.1 FMT_MSA.2 FMT_MSA.3 FMT_MSA_EXP.1 x x

Extended

Iteration

Refined

More x x x Similar More Similar Similar x Similar Less Less Less

x x x x x x x

FMT_MTD.1 FMT_REV.1 FMT_SAE.1 FMT_SMR.1 FPT_AMT.1

FPT_ITT.1 x x x x x x FPT_TDC.1 FPT_TRC.1
Page 10 of 12

x x

More Less Less Similar More More Less Similar More

FPT_RCV.1 FPT_RVM.1 FPT_SEP.2 FPT_STM.1

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

CSPP-OS

SL Med Robustness PP

SL-Med verses CSPP-OS Iteration x x Similar Similar Less Less Similar Similar Less Similar Similar Less Less Refined x x x x x x

Extended

CC Component

CC Component

FPT_TST.1 FRU_RSA.1-CSPP FTA_LSA.1 FTA_MCS.1-CSPP FTA_SSL.1 FTA_SSL.2 FTA_SSL.3 FTA_TAB.1-CSPP FTA_TAH.1 FTA_TSE.1 FTP_ITC.1-CSPP x x x x

x x x x

FPT_TST.1 FRU_RSA.1

FTA_SSL.1 FTA_SSL.2 FTA_TAB.1 x x x FTP_TRP.1 FTA_TAH.1

Extended

Iteration

Refined

More

Page 11 of 12

Comparison: BOSS base document (CSPP-OS) with NSA’s SLMRPP

4/30/04

Table 7: List of CC Assurance Components: CSPP-OS and SLMRPP
Assurance Class Configuration Management CSPP-OS ACM_CAP.3 ACM_SCP.2 Delivery and Operation Development ADO_DEL.1 ADO_IGS.1 ADV_FSP.1 ADV_HLD.1 SL Med Robust ACM_AUT.1 ACM_CAP.4 ACM_SCP.2 ADO_DEL.2 ADO_IGS.1 ADV_FSP.2 ADV_HLD.2 ADV_IMP.2 ADV_INT.1 ADV_LLD.1 ADV_RCR.1 ADV_SPM.1 Guidance Documents Life Cycle Support AGD_ADM.1 AGD_USR.1 ALC_DVS.1 ALC_FLR.2 ALC_LCD.1 ALC_TAT.1 Tests ATE_COV.2 ATE_DPT.1 ATE_FUN.1 ATE_IND.2 Vulnerability Assessment AVA_MSU.2 AVA_SOF.1 AVA_VLA.1 ATE_COV.2 ATE_DPT.2 ATE_FUN.1 ATE_IND.2 AVA_CCA_EXP.2 AVA_MSU.2 AVA_SOF.1 AVA_VLA.3 ADV_RCR.1 ADV_SPM.1 AGD_ADM.1 AGD_USR.1 ALC_DVS.1 SL-Med vs CSPP-OS More More Same More Same More More More More More Same Same Same Same Same Less More More Same More Same Same More Same Same More

Page 12 of 12


				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:23
posted:1/29/2010
language:English
pages:12