Раздел: Документация
0 ... 16 17 18 19 20 21 22 ... 73 Content and presentation of evidence elements: ase sre.1.1c All TOE security requirements that are explicitly stated without reference to ISO/IEC 15408 shall be identified. ase sre.1.2c All security requirements for the IT environment that are explicitly stated without reference to ISO/IEC 15408 shall be identified. ase sre.1.3c The evidence shall justify why the security requirements had to be explicitly stated. ase sre.1.4c The explicitly stated IT security requirements shall use the ISO/IEC 15408 requirements components, families and classes as a model for presentation. ase sre.1.5c The explicitly stated IT security requirements shall be measurable and state objective evaluation requirements such that compliance or noncompliance of a TOE can be determined and systematically demonstrated. ase sre.1.6c The explicitly stated IT security requirements shall be clearly and unambiguously expressed. ase sre.1.7c The security requirements rationale shall demonstrate that the assurance requirements are applicable and appropriate to support any explicitly stated TOE security functional requirements. Evaluator action elements: ase sre.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ase sre.1.2e The evaluator shall determine that all of the dependencies of the explicitly stated IT security requirements have been identified. 5.8 TOE summary specification (ASE TSS) Objectives The TOE summary specification provides a high-level definition of the security functions claimed to meet the functional requirements and of the assurance measures taken to meet the assurance requirements. Application notes The relationship between the IT security functions and the TOE security functional requirements can be a "many to many" relationship. Nevertheless, every security function shall contribute to the satisfaction of at least one security requirement in order be able to clearly define the TSF. Security functions that do not fulfil this requirement should normally not be necessary. Note, however, that the requirement that a security function contributes to the satisfaction of at least one security requirement is worded in a quite general manner, so that all the security functions found to be useful for the TOE should be justifiable. The statement of assurance measures is of specific relevance in all those cases where assurance requirements not taken from ISO/IEC 15408 are included in the ST. If the TOE security assurance requirements in the ST are exclusively based on ISO/IEC 15408 evaluation assurance levels or other ISO/IEC 15408 assurance components, then the assurance measures could be presented in the form of a reference to the documents that show that the assurance requirements are met. In the ASETSS. 1 component, the word "appropriate" is used to indicate that certain elements allow options in certain cases. Which options are applicable depends on the given context in the ST. Detailed information for all these aspects is contained in ISO/IEC 15408-1, Annex C. ASE TSS.1 Security Target, TOE summary specification, Evaluation requirements Dependencies: ASEREQ.l Security Target, IT security requirements, Evaluation requirements Developer action elements: ase tss.i.id The developer shall provide a TOE summary specification as part of the ST. ase tss.i.2d The developer shall provide the TOE summary specification rationale. Content and presentation of evidence elements: ase tss.i.ic The TOE summary specification shall describe the IT security functions and the assurance measures of the TOE. ase tss.i.2c The TOE summary specification shall trace the IT security functions to the TOE security functional requirements such that it can be seen which IT security functions satisfy which TOE security functional requirements and that every IT security function contributes to the satisfaction of at least one TOE security functional requirement. ase tss.1.3c The IT security functions shall be defined in an informal style to a level of detail necessary for understanding their intent. ase tss.1.4c All references to security mechanisms included in the ST shall be traced to the relevant security functions so that it can be seen which security mechanisms are used in the implementation of each function. ase tss.1.5c The TOE summary specification rationale shall demonstrate that the IT security functions are suitable to meet the TOE security functional requirements. ase tss.1.6c The TOE summary specification rationale shall demonstrate that the combination of the specified IT security functions work together so as to satisfy the TOE security functional requirements. ase tss.1.7c The TOE summary specification shall trace the assurance measures to the assurance requirements so that it can be seen which measures contribute to the satisfaction of which requirements. ase tss.1.8c The TOE summary specification rationale shall demonstrate that the assurance measures meet all assurance requirements of the TOE. ase tss.1.9c The TOE summary specification shall identify all IT security functions that are realised by a probabilistic or permutational mechanism, as appropriate. ase tss.1.10c The TOE summary specification shall, for each IT security function for which it is appropriate, state the strength of function claim either as a specific metric, or as SOF-basic, SOF-medium or SOF-high. Evaluator action elements: ase tss.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ase tss.1.2e The evaluator shall confirm that the TOE summary specification is complete, coherent, and internally consistent. 0 ... 16 17 18 19 20 21 22 ... 73
|