Раздел: Документация
0 ... 7 8 9 10 11 12 13 ... 73 3 Protection Profile and Security Target evaluation criteria 3.1Overview This clause introduces the evaluation criteria for PPs and STs. The evaluation criteria are then fully presented in clause 4, Class APE: Protection Profile evaluation, and clause 5, Class ASE: Security Target evaluation. These criteria are the first requirements presented in this part of ISO/IEC 15408 because the PP and ST evaluation will normally be performed before the TOE evaluation. They play a special role in that information about the TOE is assessed and the functional and assurance requirements are evaluated in order to find out whether the PP or ST is a meaningful basis for a TOE evaluation. Although these evaluation criteria differ somewhat from the requirements in clauses 7 through 14, they are presented in a similar manner because the developer and evaluator activities are comparable for PP, ST and TOE evaluations. The PP and ST classes differ from the TOE classes in that all the requirements in the PP or ST class need to be considered for a PP or ST evaluation, whereas the requirements presented in the TOE classes cover a wide range of topics not all of which need be considered for a given TOE. The evaluation criteria for PPs and STs are based on the information provided in Annexes B and C of ISO/IEC 15408-1. Useful background information for the requirements in the classes APE and ASE, as presented in the following clauses, can be found there. 3.2Protection Profile criteria overview 3.2.1Protection Profile evaluation The goal of a PP evaluation is to demonstrate that the PP is complete, consistent, technically sound, and hence suitable for use as a statement of requirements for one or more evaluatable TOEs. Such a PP may be eligible for inclusion within a PP registry. 3.2.2Relation to the Security Target evaluation criteria As described in Annexes B and C of ISO/IEC 15408-1, there are many similarities in structure and content between the generic PP and the TOE-specific ST. Consequently, the criteria for evaluating PPs contain requirements that are similar to many of those for STs, and the criteria for both are presented in a similar manner. 3.2.3 Evaluator tasks 3.2.3.1 Evaluator tasks for an evaluation based on ISO/IEC 15408 requirements only Evaluators performing a PP evaluation that does not include requirements from outside the standard shall apply the requirements of the APE class as described in Table 3.1. Table 3.1 -Protection Profile families - only ISO/IEC 15408 requirements Class Class APE: Protection Profile evaluation
3.2.3.2 Evaluator tasks for a ISO/IEC 15408 extended evaluation Evaluators performing a PP evaluation that includes requirements from outside the standard shall apply the requirements of the APE class as described in Table 3.2. Table 3.2 -Protection Profile families - ISO/IEC 15408 extended requirements Class Class APE: Protection Profile evaluation
3.3 Security Target criteria overview 3.3.1Security Target evaluation The goal of an ST evaluation is to demonstrate that the ST is complete, consistent, technically sound, and hence suitable for use as the basis for the corresponding TOE evaluation. 3.3.2Relation to the other evaluation criteria in this part of ISO/IEC 15408 There are two identified stages for the evaluation of a TOE; the ST evaluation and the corresponding TOE evaluation. The requirements for ST evaluations are discussed here and in clause 6 while the requirements for TOE evaluations are contained in clauses 7 through 14. An ST evaluation includes a PP claims evaluation. If the ST does not claim PP conformance, the PP claims part of the ST shall contain a statement that the TOE does not claim conformance to any PP. 3.3.3 Evaluator tasks 3.3.3.1 Evaluator tasks for an evaluation based on ISO/IEC 15408 requirements only Evaluators performing an ST evaluation that does not include requirements from outside the standard shall apply the requirements of the ASE class as described in Table 3.3. Table 3.3 -Security Target families - only ISO/IEC 15408 requirements Class
Class ASE: Security Target evaluation 3.3.3.2 Evaluator tasks for a ISO/IEC 15408 extended evaluation Evaluators performing an ST evaluation that includes requirements from outside the standard shall apply the requirements of the ASE class as described in Table 3.4. Table 3.4 -Security Target families - ISO/IEC 15408 extended requirements Class
Class ASE: Security Target evaluation 0 ... 7 8 9 10 11 12 13 ... 73
|