Раздел: Документация
0 ... 13 14 15 16 17 18 19 ... 73 5.2 Security environment (ASE ENV) Objectives In order to determine whether the IT security requirements in the ST are sufficient, it is important that the security problem to be solved is clearly understood by all parties to the evaluation. ASE ENV.1 Security Target, Security environment, Evaluation requirements Dependencies: No dependencies. Developer action elements: aseenv.i.id The developer shall provide a statement of TOE security environment as part of the ST. Content and presentation of evidence elements: aseenv.i.ic The statement of TOE security environment shall identify and explain any assumptions about the intended usage of the TOE and the environment of use of the TOE. ase env.i.2c The statement of TOE security environment shall identify and explain any known or presumed threats to the assets against which protection will be required, either by the TOE or by its environment. ase env.i.3c The statement of TOE security environment shall identify and explain any organisational security policies with which the TOE must comply. Evaluator action elements: aseenv.i.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ase env.i.2e The evaluator shall confirm that the statement of TOE security environment is coherent and internally consistent. 5.3 ST introduction (ASE INT) Objectives The ST introduction contains identification and indexing material. Evaluation of the ST introduction is required to demonstrate that the ST is correctly identified and that it is consistent with all other parts of the ST. ASE INT.1 Security Target, ST introduction, Evaluation requirements Dependencies: ASEDES.l Security Target, TOE description, Evaluation requirements ASEENV.l Security Target, Security environment, Evaluation requirements ASEOBJ.l Security Target, Security objectives, Evaluation requirements ASEPPC.l Security Target, PP claims, Evaluation requirements ASEREQ.l Security Target, IT security requirements, Evaluation requirements ASETSS.l Security Target, TOE summary specification, Evaluation requirements Developer action elements: ase int.i.id The developer shall provide an ST introduction as part of the ST. Content and presentation of evidence elements: ase int.i.ic The ST introduction shall contain an ST identification that provides the labelling and descriptive information necessary to control and identify the ST and the TOE to which it refers. ase int.i.2c The ST introduction shall contain an ST overview which summarises the ST in narrative form. ase int.i.3c The ST introduction shall contain a ISO/IEC 15408 conformance claim that states any evaluatable claim of ISO/IEC 15408 conformance for the TOE. Evaluator action elements: ase int.i.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ase int.i.2e The evaluator shall confirm that the ST introduction is coherent and internally consistent. ase int.i.3e The evaluator shall confirm that the ST introduction is consistent with the other parts of the ST. 5.4 Security objectives (ASE OBJ) Objectives The security objectives are a concise statement of the intended response to the security problem. Evaluation of the security objectives is required to demonstrate that the stated objectives adequately address the security problem. The security objectives are categorised as security objectives for the TOE and as security objectives for the environment. The security objectives for both the TOE and the environment must be shown to be traced back to the identified threats to be countered and/or policies and assumptions to be met by each. ASE OBJ.1 Security Target, Security objectives, Evaluation requirements Dependencies: ASEENV.l Security Target, Security environment, Evaluation requirements Developer action elements: ase obj.i.id The developer shall provide a statement of security objectives as part of the ST. ase obj.i.2d The developer shall provide the security objectives rationale. Content and presentation of evidence elements: ase obj.i.ic The statement of security objectives shall define the security objectives for the TOE and its environment. ase obj.i.2c The security objectives for the TOE shall be clearly stated and traced back to aspects of the identified threats to be countered by the TOE and/or organisational security policies to be met by the TOE. ase obj.i.3c The security objectives for the environment shall be clearly stated and traced back to aspects of identified threats not completely countered by the TOE and/ or organisational security policies or assumptions not completely met by the TOE. ase obj.i.4c The security objectives rationale shall demonstrate that the stated security objectives are suitable to counter the identified threats to security. ase obj.i.5c The security objectives rationale shall demonstrate that the stated security objectives are suitable to cover all of the identified organisational security policies and assumptions. Evaluator action elements: ase obj.i.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 0 ... 13 14 15 16 17 18 19 ... 73
|