Bundesamt für Sicherheit in der Informationstechnik
Godesberger Allee 185-189 - D-53175 Bonn - Postfach 20 03 63 - D-53133 Bonn
Phone +49 3018 9582-0 - Fax +49 3018 9582-5477 - Infoline +49 3018 9582-111
Assurance Continuity Maintenance Report
BSI-PP-0026-2006-MA-01
Protection Profile
for a
Machine Readable Travel Document with
„ICAO Application“, Extended Access Control,
Version 1.2
developed on behalf of the
Federal Ministry of the Interior, Germany
Common Criteria Arrangement
for components up to EAL4
The Protection Profile identified in this report was assessed according to the Assurance
Continuity: CCRA Requirements, version 1.0, February 2004 and the developers Impact
Analysis Report (IAR). The baseline for this assessment was the Certification Report,
the Protection Profile and the Evaluation Technical Report of the Protection Profile
certified by the Federal Office for Information Security (BSI) under BSI-PP-0026-2006.
The changes to the certified Protection Profile are at the level clarifications, changes that
have no effect on assurance. The identification of the maintained Protection Profile is
indicated by a new version number compared to the certified product.
Consideration of the nature of the changes leads to the conclusion that they are
classified as a minor changes and that certificate maintenance is the correct path to
continuity of assurance.
Therefore, the assurance as outlined in the Certification Report BSI-PP-0026-2006 is
maintained for this version of the Protection Profile. Details can be found on the
following pages.
This report is an addendum to the Certification Report
BSI-PP-0026-2006.
Bonn, 30th
January 2008
Assurance Continuity Maintenance Report BSI- -PP- 0026- 2006- MA- 01
Maintenance Report V1.0
ZS_01_01_F_502_V106 Page 2 of 2
Assessment
The Protection Profile identified in this report was assessed according to the Assurance
Continuity: CCRA Requirements [1] and the Impact Analysis Report (IAR) [2]. The
baseline for this assessment was the Certification Report of the certified Protection
Profile [3], the Protection Profile [4] and the Evaluation Technical Report as outlined in
[3].
The IAR for the Protection Profile for a Machine Readable Travel Document with „ICAO
Application“ Extended Access Control, Version 1.2 is intended to satisfy the
requirements outlined in the document Assurance Continuity: CCRA Requirements [1].
In accordance with those requirements, the IAR describes the changes made to the
certified Protection Profile.
The Protection Profile was changed due to clarification of the definition of the TOE,
clarification of the Life-cycle Phases and clarification of the security needs of the assets.
The changes are not significant from the standpoint of security, however Configuration
Management procedures required a change in the version number from Version 1.1 to
Version 1.2.
Conclusion
The changes to the Protection Profile are at the level clarifications, changes that have no
effect on assurance. Consideration of the nature of the changes leads to the conclusion
that they are classified as a minor changes and that certificate maintenance is the
correct path to continuity of assurance.
Therefore, BSI agrees that the assurance as outlined in the Certification Report [3] is
maintained for this version of the Protection Profile. This report is an addendum to the
Certification Report [3].
References
[1] Common Criteria document CCIMB-2004-02-009 “Assurance Continuity:
CCRA Requirements”, version 1.0, February 2004
[2] Impact Analysis Report (Appendix to the Application for the
Maintenanceprocess, dated 19th
November 2007, confidential document)
[3] Certification Report BSI-PP-0026-2006 for Protection Profile for Machine
Readable Travel Document with „ICAO Application“ Extended Access
Control, Version 1.2 , Bundesamt für Sicherheit in der Informationstechnik,
11th
December 2006
[4] Common Criteria Protection Profile - Machine Readable Travel Document
with „ICAO Application", Extended Access Control – BSI-PP-0026-2006,
Version 1.1, 7th
September 2006
[5] Common Criteria Protection Profile - Machine Readable Travel Document
with „ICAO Application", Extended Access Control – BSI-PP-0026-2006,
Version 1.2, 19th
November 2007