Раздел: Документация

0 ... 12 13 14 15 16 17 18 ... 20

protection profile

PP Introduction

PP identification PP overview

TOE Description

TOE Security environment

-Assumptions

-Threats

1- Organisational security policies

Security objectives

"1 Security objectives for the TOE - Security objectives for the environment

IT security requirements

TOE security requirements

TOE security functional

jrequirements

TOE security assurance requirements

I- Security requirements for the IT environment

PP application notes

Rationale

-i- Security objectives rationale I- Security requirements rationale

Figure B.1 - Protection Profile content

b.2.3 toe description

This part of the PP shall describe the TOE as an aid to the understanding of its security requirements, and shall address the product type and the general IT features of the TOE.

The TOE description provides context for the evaluation. The information presented in the TOE description will be used in the course of the evaluation to identify inconsistencies. As a PP does not normally refer to a specific implementation, the described TOE features may be assumptions. If the TOE is a product or system whose primary function is security, this part of the PP may be used to describe the wider application context into which such a TOE will fit.

b.2.4 toe security environment

The statement of TOE security environment shall describe the security aspects of the environment in which the TOE is intended to be used and the manner in which it is expected to be employed. This statement shall include the following:

---

a)A description of assumptions shall describe the security aspects of the environment in which the TOE will be used or is intended to be used. This shall include the following:

information about the intended usage of the TOE, including such aspects as the intended application, potential asset value, and possible limitations of use; and

information about the environment of use of the TOE, including physical, personnel, and connectivity aspects.

b)A description of threats shall include all threats to the assets against which specific protection within the TOE or its environment is required. Note that not all possible threats that might be encountered in the environment need to be listed, only those which are relevant for secure TOE operation.

A threat shall be described in terms of an identified threat agent, the attack, and the asset that is the subject of the attack. Threat agents should be described by addressing aspects such as expertise, available resources, and motivation. Attacks should be described by addressing aspects such as attack methods, any vulnerabilities exploited, and opportunity.

If security objectives are derived from only organisational security policies and assumptions, then the description of threats may be omitted.

c)A description of organisational security policies shall identify, and if necessary explain, any organisational security policy statements or rules with which the TOE must comply. Explanation and interpretation may be necessary to present any individual policy statement in a manner that permits it to be used to set clear security objectives.

If security objectives are derived from only threats and assumptions, then the description of organisational security policies may be omitted.

Where the TOE is physically distributed, it may be necessary to discuss the security environmental aspects (assumptions, threats, organisational security policies) separately for distinct domains of the TOE environment.

b.2.5 security objectives

The statement of security objectives shall define the security objectives for the TOE and its environment. The security objectives shall address all of the security environment aspects identified. The security objectives shall reflect the stated intent and shall be suitable to counter all identified threats and cover all identified organisational security policies and assumptions. The following categories of objectives shall be identified. Note: when a threat or organisational security policy is to be covered partly by the TOE and partly by its environment, then the related objective shall be repeated in each category.

a) The security objectives for the TOE shall be clearly stated and traced back to aspects of identified threats to be countered by the TOE and/or organisational security policies to be met by the TOE.

---

b) The security objectives for the environment shall be clearly stated and traced back to aspects of identified threats not completely countered by the TOE and/or organisational security policies or assumptions not completely met by the TOE.

Note that security objectives for the environment may be a re-statement, in whole or part, of the assumptions portion of the statement of the TOE security environment.

b.2.6 it security requirements

This part of the PP defines the detailed IT security requirements that shall be satisfied by the TOE or its environment. The IT security requirements shall be stated as follows:

a)The statement of TOE security requirements shall define the functional and assurance security requirements that the TOE and the supporting evidence for its evaluation need to satisfy in order to meet the security objectives for the TOE. The TOE security requirements shall be stated as follows:

1)The statement of TOE security functional requirements should define the functional requirements for the TOE as functional components drawn from Part 2 where applicable.

Where necessary to cover different aspects of the same requirement (e.g. identification of more than one type of user), repetitive use (i.e. applying the operation of iteration) of the same Part 2 component to cover each aspect is possible.

Where AVASOF. 1 is included in the TOE security assurance requirements (e.g. EAL2 and higher), the statement of TOE security functional requirements shall include a minimum strength level for the TOE security functions realised by a probabilistic or permutational mechanism (e.g. a password or hash function). All such functions shall meet this minimum level. The level shall be one of the following: SOF-basic, SOF-medium, SOF-high. The selection of the level shall be consistent with the identified security objectives for the TOE. Optionally, specific strength of function metrics may be defined for selected functional requirements, in order to meet certain security objectives for the

TOE.

As part of the strength of TOE security functions evaluation (AVASOF.1), it will be assessed whether the strength claims made for individual TOE security functions and the overall minimum strength level are met by the TOE.

2)The statement of TOE security assurance requirements should state the assurance requirements as one of the EALs optionally augmented by Part 3 assurance components. The PP may also extend the EAL by explicitly stating additional assurance requirements not taken from Part 3.

b)The optional statement of Security requirements for the IT environment shall identify the IT security requirements that are to be met by the IT environment of the TOE. If the TOE has no asserted dependencies on the IT environment, this part of the PP may be omitted.

0 ... 12 13 14 15 16 17 18 ... 20