8(495)909-90-01
8(964)644-46-00
pro@sio.su
Главная
Системы видеонаблюдения
Охранная сигнализация
Пожарная сигнализация
Система пожаротушения
Система контроля удаленного доступа
Оповещение и эвакуация
Контроль периметра
Система домофонии
Парковочные системы
Проектирование слаботочных сетей
Аварийный
контроль
Раздел: Документация

0 1 2 3 4 ... 73

4.4Security objectives (APE OBJ) ................................. 31

4.5IT security requirements (APEREQ) ............................ 33

4.6Explicitly stated IT security requirements (APE SRE) ............... 36

5Class ASE: Security Target evaluation............................. 39

5.1TOE description (ASE DES) ................................... 40

5.2Security environment (ASE ENV) .............................. 41

5.3ST introduction (ASE INT) .................................... 42

5.4Security objectives (ASE OBJ) ................................. 43

5.5PP claims (ASEPPC) ........................................ 45

5.6IT security requirements (ASE REQ) ............................ 47

5.7Explicitly stated IT security requirements (ASE SRE) ............... 49

5.8TOE summary specification (ASE TSS) .......................... 51

6Evaluation assurance levels ...................................... 53

6.1Evaluation assurance level (EAL) overview ....................... 53

6.2Evaluation assurance level details ............................... 53

6.2.1EAL1 -functionally tested................................. 55

6.2.2EAL2 - structurally tested.................................. 56

6.2.3EAL3 - methodically tested and checked...................... 58

6.2.4EAL4 - methodically designed, tested, and reviewed............. 60

6.2.5EAL5 - semiformally designed and tested..................... 62

6.2.6EAL6 - semiformally verified design and tested................ 64

6.2.7EAL7 -formally verified design and tested.................... 66

7Assurance classes, families, and components ........................ 69

8Class ACM: Configuration management ........................... 71

8.1CM automation (ACM AUT) .................................. 72

8.2CM capabilities (ACM CAP) .................................. 75

8.3CM scope (ACM SCP) ....................................... 83

9Class ADO: Delivery and operation ............................... 87

9.1Delivery (ADO DEL) ........................................ 88

9.2Installation, generation and start-up (ADOIGS) .................... 90

10Class ADV: Development ........................................ 93

10.1Functional specification (ADVFSP) ............................. 99

10.2High-level design (ADV HLD) .................................103

10.3Implementation representation (ADVIMP) .......................109

10.4TSF internals (ADV INT) .....................................1 13

10.5Low-level design (ADVLLD) .................................118

10.6Representation correspondence (ADVRCR) ......................122

10.7Security policy modeling (ADV SPM) ...........................125

11Class AGD: Guidance documents .................................129

11.1Administrator guidance (AGD ADM) ............................130

11.2User guidance (AGDUSR) ....................................132


12Class ALC: Life cycle support....................................135

12.1Development security (ALC DVS) ..............................136

12.2Flaw remediation (ALCFLR) ..................................138

12.3Life cycle definition(ALC LCD) ................................141

12.4Tools and techniques (ALC TAT) ...............................145

13Class ATE: Tests ...............................................149

13.1Coverage (ATE COV) ........................................ 151

13.2Depth (ATE DPT) ........................................... 154

13.3Functional tests (ATE FUN) ...................................158

13.4Independent testing (ATE IND) ................................161

14Class AVA: Vulnerability assessment..............................167

14.1Covert channel analysis (AVA CCA) ............................168

14.2Misuse (AVA MSU) .........................................173

14.3Strength of TOE security functions (AVASOF)....................178

14.4Vulnerability analysis (AVA VLA) ..............................180

15Assurance maintenance paradigm ................................187

15.1Introduction.................................................187

15.2Assurance maintenance cycle ...................................188

15.2.1TOE acceptance.......................................... 189

15.2.2TOE monitoring.........................................191

15.2.3Re-evaluation...........................................191

15.3Assurance maintenance class and families .........................192

15.3.1Assurance maintenance plan................................192

15.3.2TOE component categorisation report........................193

15.3.3Evidence of assurance maintenance..........................194

15.3.4Security impact analysis...................................195

16Class AMA: Maintenance of assurance ............................197

16.1Assurance maintenance plan (AMA AMP) ........................198

16.2TOE component categorisation report (AMA CAT) .................201

16.3Evidence of assurance maintenance (AMA EVD) ..................203

16.4Security impact analysis (AMA SIA) ............................205

Annex A Cross reference of assurance component dependencies ...............209

Annex B Cross reference of EALs and assurance components .................213


List of Figures

Figure 2.1 - Assurance class/family/component/element hierarchy......

Figure 2.2 - Assurance component structure .......................

Figure 2.3 - EAL structure ......................................

Figure 2.4 - Assurance and assurance level association ...............

Figure 2.5 - Sample class decomposition diagram ...................

Figure 4.1 - Protection Profile evaluation class decomposition .........

Figure 5.1 - Security Target evaluation class decomposition...........

Figure 8.1 - Configuration management class decomposition ..........

Figure 9.1 - Delivery and operation class decomposition ..............

Figure 10.1 - Development class decomposition .....................

Figure 10.2 - Relationships between TOE representations and requirements

Figure 11.1 - Guidance documents class decomposition ...............

Figure 12.1 - Life-cycle support class decomposition .................

Figure 13.1 - Tests class decomposition.............................

Figure 14.1 - Vulnerability assessment class decomposition ............

Figure 15.1 - Example assurance maintenance cycle ..................

Figure 15.2 - Example TOE acceptance approach ....................

Figure 15.3 - Example TOE monitoring approach .....................

Figure 16.1 - Maintenance of assurance class decomposition ...........

6 8 11 12 13 27 39 71 87 94 95 129 135 150 167 189 190 191 197



0 1 2 3 4 ... 73