Assumptions Section - commoncriteria/pp-template GitHub Wiki

Updated 29 January 2024

CC:2022: "The SPD describes the assumptions that are made on the operational environment in order to be able to provide security functionality. If the TOE is placed in an operational environment that does not meet these assumptions, there is a possibility that the TOE will be unable to provide all of its security functionality. Assumptions may be on physical, personnel and connectivity of the operational environment."

The Assumptions element can be defined in the usual three ways:

  <section title="Assumptions" id="sec-uniqueId">

  <sec:Assumptions>

  <sec:assumptions title="Threats">

In XML, the Assumptions section consists of an <assumptions> element that contains one or more <assumption> elements.

Each <assumption> element has a name attribute and an optional id. The id is only needed if there is a reason to refer to the assumption by other than its name elsewhere in the document. Which is very unlikely.

The assumption name should be of the form A.ASSUMPTION_NAME where the name is unique in the document. Ideally, assumption names should be common across all PPs so that they can be maintained in a library. So you should try to use assumptions that you've seen before.

Each assumption includes a description, a reference to one or more Objectives or Operational Environment Objectives, and a rationale explaining how the Assumption realizes the Objective. The rationale is used to auto-generate the Security Objectives Rationale section.

	<assumption name="A.ROT_INTEGRITY">
		<description>The TOE includes one or more Roots of Trust composed of TOE firmware, hardware, and
		     pre-installed credentials. Roots of Trust are assumed to be free of malicious capabilities as
	   	     their integrity cannot be verified. </description>
		<objective-refer ref="OE.SUPPLY_CHAIN">
			<rationale>The operational environment objective OE.SUPPLY_CHAIN is realized through
				A.ROT_INTEGRITY.</rationale>
		</objective-refer>
	</assumption>
	<assumption name="A.TRUSTED_ADMIN">
		<description> TOE Security Administrator are assumed to be trusted and to act in the best interest
			of security for the organization. The TOE is not expected to be capable of defending against a 
			malicious Administrator that actively works to bypass or compromise the security of the platform.
		</description>
		<objective-refer ref="OE.TRUSTED_ADMIN">
			<rationale>The operational environment objective OE.TRUSTED_ADMIN is realized through
				A.TRUSTED_ADMIN.</rationale>
		</objective-refer>
	</assumption>

If there are no assumptions, the Assumptions section should contain a single empty <assumptions/> element.

⚠️ **GitHub.com Fallback** ⚠️