Раздел: Документация
0 ... 9 10 11 12 13 14 15 ... 73 4.2 Security environment (APE ENV) Objectives In order to determine whether the IT security requirements in the PP are sufficient, it is important that the security problem to be solved is clearly understood by all parties to the evaluation. APE ENV.1 Protection Profile, Security environment, Evaluation requirements Dependencies: No dependencies. Developer action elements: ape env.1.1d The PP developer shall provide a statement of TOE security environment as part of the PP. Content and presentation of evidence elements: apeenv.i.ic The statement of TOE security environment shall identify and explain any assumptions about the intended usage of the TOE and the environment ofuse of the TOE. ape env.i.2c The statement of TOE security environment shall identify and explain any known or presumed threats to the assets against which protection will be required, either by the TOE or by its environment. ape env.i.3c The statement of TOE security environment shall identify and explain any organisational security policies with which the TOE must comply. Evaluator action elements: apeenv.i.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ape env.i.2e The evaluator shall confirm that the statement of TOE security environment is coherent and internally consistent. 4.3 PP introduction (APE INT) Objectives The PP introduction contains document management and overview information necessary to operate a PP registry. Evaluation of the PP introduction is required to demonstrate that the PP is correctly identified and that it is consistent with all other parts of the PP. APE INT.1 Protection Profile, PP introduction, Evaluation requirements Dependencies: APE DES.1 Protection Profile, TOE description, Evaluation requirements APE ENV.1 Protection Profile, Security environment, Evaluation requirements APE OBJ.1 Protection Profile, Security objectives, Evaluation requirements APE REQ.1 Protection Profile, IT security requirements, Evaluation requirements Developer action elements: apeint.i.id The PP developer shall provide a PP introduction as part of the PP. Content and presentation of evidence elements: apeint.i.ic The PP introduction shall contain a PP identification that provides the labelling and descriptive information necessary to identify, catalogue, register, and cross reference the PP. ape int.i.2c The PP introduction shall contain a PP overview which summarises the PP in narrative form. Evaluator action elements: apeint.i.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ape int.i.2e The evaluator shall confirm that the PP introduction is coherent and internally consistent. ape int.i.3e The evaluator shall confirm that the PP introduction is consistent with the other parts of the PP. 4.4 Security objectives (APE OBJ) Objectives The security objectives is a concise statement of the intended response to the security problem. Evaluation of the security objectives is required to demonstrate that the stated objectives adequately address the security problem. The security objectives are categorised as security objectives for the TOE and as security objectives for the environment. The security objectives for both the TOE and the environment must be shown to be traced back to the identified threats to be countered and/or policies and assumptions to be met by each. APE OBJ.1 Protection Profile, Security objectives, Evaluation requirements Dependencies: APE ENV.1 Protection Profile, Security environment, Evaluation requirements Developer action elements: apeobj.i.id The PP developer shall provide a statement of security objectives as part of the PP. ape obj.i.2d The PP developer shall provide the security objectives rationale. Content and presentation of evidence elements: apeobj.i.ic The statement of security objectives shall define the security objectives for the TOE and its environment. ape obj.i.2c The security objectives for the TOE shall be clearly stated and traced back to aspects of the identified threats to be countered by the TOE and/or organisational security policies to be met by the TOE. ape obj.i.3c The security objectives for the environment shall be clearly stated and traced back to aspects of identified threats not completely countered by the TOE and/ or organisational security policies or assumptions not completely met by the TOE. ape obj.i.4c The security objectives rationale shall demonstrate that the stated security objectives are suitable to counter the identified threats to security. ape obj.i.5c The security objectives rationale shall demonstrate that the stated security objectives are suitable to cover all of the identified organisational security policies and assumptions. Evaluator action elements: apeobj.i.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 0 ... 9 10 11 12 13 14 15 ... 73
|
