0 ... 14 15 16 18 19 20
TOE is of interest. The overview should also be usable as a stand alone abstract for incorporation in evaluated products lists.
c) A CC conformance claim shall state any evaluatable claim of CC conformance for the TOE, as identified in section 5.4 of this Part 1.
TOE Security environment
IT security requirements
TOE summary specification
ST identification ST overview CC conformance
Organisational security policies
Security objectives for the TOE Security objectives for the environment
TOE security requirements
tTOE security functional requirements TOE security assurance requirements
I-Security requirements for the IT environment
TOE security functions Assurance measures
PP reference PP tailoring PP additions
Security objectives rationale Security requirements rationale TOE summary specification rationale PP claims rationale
Figure C.1 - Security Target content
c.2.3 toe description
This part of the ST shall describe the TOE as an aid to the understanding of its security requirements, and shall address the product or system type. The scope and boundaries of the TOE shall be described in general terms both in a physical way (hardware and/or software components/ modules) and a logical way (IT and security features offered by the TOE).
The TOE description provides context for the evaluation. The information presented in the TOE description will be used in the course of the evaluation to identify inconsistencies. If the TOE is a product or system whose primary function is security, this part of the ST may be used to describe the wider application context into which such a TOE will fit.
c.2.4 toe security environment
The statement of TOE security environment shall describe the security aspects of the environment in which the TOE is intended to be used and the manner in which it is expected to be employed. This statement shall include the following:
a)A description of assumptions shall describe the security aspects of the environment in which the TOE will be used or is intended to be used. This shall include the following:
information about the intended usage of the TOE, including such aspects as the intended application, potential asset value, and possible limitations of use; and
information about the environment of use of the TOE, including physical, personnel, and connectivity aspects.
b)A description of threats shall include all threats to the assets against which specific protection within the TOE or its environment is required. Note that not all possible threats that might be encountered in the environment need to be listed, only those which are relevant for secure TOE operation.
A threat shall be described in terms of an identified threat agent, the attack, and the asset that is the subject of the attack. Threat agents should be described by addressing aspects such as expertise, available resources, and motivation. Attacks should be described by addressing aspects such as attack methods, any vulnerabilities exploited, and opportunity.
If security objectives are derived from only organisational security policies and assumptions, then the description of threats may be omitted.
c)A description of organisational security policies shall identify, and if necessary explain, any organisational security policy statements or rules with which the TOE must comply. Explanation and interpretation may be necessary to present any individual policy statement in a manner that permits it to be used to set clear security objectives.
If security objectives are derived from only threats and assumptions, then the description of organisational security policies may be omitted.
Where the TOE is physically distributed, it may be necessary to discuss the security environmental aspects (assumptions, threats, organisational security policies) separately for distinct domains of the TOE environment.
c.2.5 security objectives
The statement of security objectives shall define the security objectives for the TOE and its environment. The security objectives shall address all of the security environment aspects identified. The security objectives shall reflect the stated intent and shall be suitable to counter all identified threats and cover all identified organisational security policies and assumptions. The following categories of objectives shall be identified. Note: when a threat or organisational security policy is to be covered partly by the TOE and partly by its environment, then the related objective shall be repeated in each category.
a)The security objectives for the TOE shall be clearly stated and traced back to aspects of identified threats to be countered by the TOE and/or organisational security policies to be met by the TOE.
b)The security objectives for the environment shall be clearly stated and traced back to aspects of identified threats not completely countered by the TOE and/or organisational security policies or assumptions not completely met by the TOE.
Note that security objectives for the environment may be a re-statement, in whole or part, of the assumptions portion of the statement of the TOE security environment.
c.2.6 it security requirements
This part of the ST defines the detailed IT security requirements that shall be satisfied by the TOE or its environment. The IT security requirements shall be stated as follows:
a) The statement of TOE security requirements shall define the functional and assurance security requirements that the TOE and the supporting evidence for its evaluation need to satisfy in order to meet the security objectives for the TOE. The TOE security requirements shall be stated as follows:
1) The statement of TOE security functional requirements should define the functional requirements for the TOE as functional components drawn from Part 2 where applicable.
Where necessary to cover different aspects of the same requirement (e.g. identification of more than one type of user), repetitive use (i.e., applying the operation of iteration) of the same Part 2 component to cover each aspect is possible.
Where AVASOF. 1 is included in the TOE security assurance requirements (e.g. EAL2 and higher), the statement of TOE security functional requirements shall include a minimum strength level for the TOE security functions realised by a probabilistic or permutational mechanism (e.g. a password or hash function). All such functions shall meet this minimum level. The level shall be one of the following: SOF-basic, SOF-medium, SOF-high. The selection of the
0 ... 14 15 16 18 19 20