search

CC-in-the-Cloud / General

Common Criteria in the Cloud Technical Community
https://cc-in-the-cloud.github.io/
MIT License
6 stars 1 forks source link

German Scheme Feedback--Evaluation of the Shared Security Model #147

Open jgb1128 opened 4 months ago

jgb1128 commented 4 months ago

Page 14, last paragraph.
"Additionally, it may be important to add a third element to the shared security model for CCitC evaluations." Even a fourth element may be required depending on the use case as noted on page 36: "infrastructure vendor, platform vendor, software vendor, and end user"

This is a scenario that may be more common in TOE types that are meant to incorporate physical hardware into Cloud Infrastructure such as a Hardware Security Module (HSM)." This might be the case for even more cases as mentioned in Section "Cloud Equivalence Considerations" on page 10: "However, if the TOE is relying on the TOE platform for any SFR enforcing functionality, then the TOE must be able to conclusively demonstrate knowledge of the underlying TOE platform for this functionality."

jgb1128 commented 4 months ago

Suggestion to genericize. Other elements....