0 ... 16 17 18 20
the TOE summary specification addresses the requirements. The rationale also demonstrates that any PP conformance claims are valid. The rationale shall include the following:
a)The security objectives rationale shall demonstrate that the stated security objectives are traceable to all of the aspects identified in the TOE security environment and are suitable to cover them.
b)The security requirements rationale shall demonstrate that the set of security requirements (TOE and environment) is suitable to meet and traceable to the security objectives. The following shall be demonstrated:
1)that the combination of the individual functional and assurance requirements components for the TOE and its IT environment together meet the stated security objectives;
2)that the set of security requirements together forms a mutually supportive and internally consistent whole;
3)that the choice of security requirements is justified. Any of the following conditions shall be specifically justified:
-choice of requirements not contained in Parts 2 or 3;
-choice of assurance requirements not including an EAL; and
-non-satisfaction of dependencies;
4)that the selected strength of function level for the ST, together with any explicit strength of function claim, is consistent with the security objectives for the
c)The TOE summary specification rationale shall show that the TOE security functions and assurance measures are suitable to meet the TOE security requirements. The following shall be demonstrated:
1)that the combination of specified TOE IT security functions work together so as to satisfy the TOE security functional requirements;
2)that the strength of TOE function claims made are valid, or that assertions that such claims are unnecessary are valid.
3)that the claim is justified that the stated assurance measures are compliant with the assurance requirements.
The statement of rationale shall be presented at a level of detail that matches the level of detail of the definition of the security functions.
d)The PP claims rationale statement shall explain any difference between the ST security objectives and requirements and those of any PP to which conformance is claimed. This part of the ST may be omitted if no claims of PP conformance are made or if ST security objectives and requirements are identical to those of any claimed PP.
This potentially bulky material may be distributed separately as it may not be appropriate or useful to all ST users.
0 ... 16 17 18 20