Раздел: Документация

0 ... 9 10 11 12 13 14 15 ... 20

5 Common Criteria requirements and evaluation results

5.1 Introduction

This clause presents the expected results from PP and TOE evaluation. PP or TOE evaluations lead respectively to catalogues of evaluated PPs or TOEs. ST evaluation leads to intermediate results that are used in the frame of a TOE evaluation.

Evaluated TOE

Figure 5.1 - Evaluation results

Evaluation should lead to objective and repeatable results that can be cited as evidence, even if there is no totally objective scale for representing the results of an IT security evaluation. The existence of a set of evaluation criteria is a necessary pre-condition for evaluation to lead to a meaningful result and provides a technical basis for mutual recognition of evaluation results between evaluation authorities. But the application of criteria contains both objective and subjective elements, thats why precise and universal ratings for IT security are not, therefore, feasible.

A rating made relative to the CC represents the findings of a specific type of investigation of the security properties of a TOE. Such a rating does not guarantee fitness for use in any particular application environment. The decision to accept a TOE for use in a specific application environment is based on consideration of many security issues including the evaluation findings.

---

5.2Requirements in PPs and STs

The CC defines a set of IT security criteria that can address the needs of many communities. The CC has been developed around the central notion that the use of the security functional components contained in Part 2, and the EALs and assurance components contained in Part 3, represents the preferred course of action for expression of TOE requirements in PPs and STs, as they represent a well-known and understood domain.

The CC recognises the possibility that functional and assurance requirements not included in the provided catalogues may be required in order to represent the complete set of IT security requirements. The following shall apply to the inclusion of these extended functional or assurance requirements:

a)Any extended functional or assurance requirements included in a PP or ST shall be clearly and unambiguously expressed such that evaluation and demonstration of compliance is feasible. The level of detail and manner of expression of existing CC functional or assurance components shall be used as a model.

b)Evaluation results obtained using extended functional or assurance requirements shall be caveated as such.

c)The incorporation of extended functional or assurance requirements into a PP or ST shall conform to the APE or ASE classes of the Part 3, as appropriate.

5.2.1 pp evaluation results

The CC contains the evaluation criteria that permit an evaluator to state whether a PP is complete, consistent, and technically sound and hence suitable for use as a statement of requirements for an evaluatable TOE.

Evaluation of the PP shall result in a pass/fail statement. A PP for which the evaluation results in a pass statement shall be eligible for inclusion within a registry.

5.3Requirements in TOE

The CC contains the evaluation criteria that permit an evaluator to determine whether the TOE satisfies the security requirements expressed in the ST. By using the CC in evaluation of the TOE, the evaluator will be able to make statements about:

a)whether the specified security functions of the TOE meet the functional requirements and are thereby effective in meeting the security objectives of the TOE;

b)whether the specified security functions of the TOE are correctly implemented.

The security requirements expressed in the CC define the known working domain of applicability of IT security evaluation criteria. A TOE for which the security requirements are expressed only in terms of the functional and assurance requirements drawn from the CC will be evaluatable against the CC. Use of assurance packages that do not contain an EAL shall be justified.

---

However, there may be a need for a TOE to meet security requirements not directly expressed in the CC. The CC recognises the necessity to evaluate such a TOE but, as the additional requirements lie outside the known domain of applicability of the CC, the results of such an evaluation must be caveated accordingly. Such a caveat may place at risk universal acceptance of the evaluation results by the involved evaluation authorities.

The results of a TOE evaluation shall include a statement of conformance to the CC. The use of CC terms to describe the security of a TOE permits comparison of the security characteristics of TOEs in general.

5.3.1 toe evaluation results

The result of the TOE evaluation shall be a statement that describes the extent to which the TOE can be trusted to conform to the requirements.

Evaluation of the TOE shall result in a pass/fail statement. A TOE for which the evaluation results in a pass statement shall be eligible for inclusion within a registry.

5.4 Caveats on evaluation results

The pass result of evaluation shall be a statement that describes the extent to which the PP or TOE can be trusted to conform to the requirements. The results shall be caveated with respect to Part 2 (functional requirements), Part 3 (assurance requirements) or directly to a PP, as listed below.

a)Part 2 conformant - A PP or TOE is Part 2 conformant if the functional requirements are only based upon functional components in Part 2.

b)Part 2 extended - A PP or TOE is Part 2 extended if the functional requirements include functional components not in Part 2.

c)Part 3 conformant - A PP or TOE is Part 3 conformant if the assurance requirements are in the form of an EAL or assurance package that is based only upon assurance components in Part 3.

d)Part 3 augmented - A PP or TOE is Part 3 augmented if the assurance requirements are in the form of an EAL or assurance package, plus other assurance components in

Part 3.

e)Part 3 extended - A PP or TOE is Part 3 extended if the assurance requirements are in the form of an EAL associated with additional assurance requirements not in Part 3 or an assurance package that includes (or is entirely made up from) assurance requirements not in Part 3.

f)Conformant to PP - A TOE is conformant to a PP only if it is compliant with all parts

of the PP.

0 ... 9 10 11 12 13 14 15 ... 20