8(495)909-90-01
8(964)644-46-00
pro@sio.su
Главная
Системы видеонаблюдения
Охранная сигнализация
Пожарная сигнализация
Система пожаротушения
Система контроля удаленного доступа
Оповещение и эвакуация
Контроль периметра
Система домофонии
Парковочные системы
Проектирование слаботочных сетей
Аварийный
контроль
Раздел: Документация

0 ... 19 20 21 22 23 24 25 ... 73

Assurance class

Assurance components

Configuration management

ACMCAP.3 Authorisation controls

ACM SCP.l TOE CM coverage

Delivery and operation

ADO DEL.1 Delivery procedures

ADOIGS.1 Installation, generation, and start-up procedures

Development

ADV FSP.1 Informal functional specification

ADV HLD.2 Security enforcing high-level design

ADV RCR. 1 Informal correspondence demonstration

Guidance documents

AGDADM.1 Administrator guidance

AGDUSR.1 User guidance

Life cycle support

ALCDVS.l Identification of security measures

Tests

ATECOV.2 Analysis of coverage

ATEDPT.l Testing: high-level design

ATE FUN.1 Functional testing

ATE IND.2 Independent testing - sample

Vulnerability assessment

AVAMSU.l Examination of guidance

AVASOF. 1 Strength of TOE security function evaluation

AVA VLA. 1 Developer vulnerability analysis


6.2.4 Evaluation assurance level 4 (EAL4) - methodically designed, tested, and reviewed

Objectives

EAL4 permits a developer to gain maximum assurance from positive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line.

EAL4 is therefore applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs.

Assurance components

EAL4 (see Table 6.5) provides assurance by an analysis of the security functions, using a functional and complete interface specification, guidance documentation, the high-level and low-level design of the TOE, and a subset of the implementation, to understand the security behaviour. Assurance is additionally gained through an informal model of the TOE security policy.

The analysis is supported by independent testing of the TOE security functions, evidence of developer testing based on the functional specification and high-level design, selective independent confirmation of the developer test results, strength of function analysis, evidence of a developer search for vulnerabilities, and an independent vulnerability analysis demonstrating resistance to penetration attackers with a low attack potential.

EAL4 also provides assurance through the use of development environment controls and additional TOE configuration management including automation, and evidence of secure delivery procedures.

This EAL represents a meaningful increase in assurance from EAL3 by requiring more design description, a subset of the implementation, and improved mechanisms and/or procedures that provide confidence that the TOE will not be tampered with during development or delivery.


Assurance class

Assurance components

Configuration management

ACMAUT.l Partial CM automation

ACMCAP.4 Generation support and acceptance procedures

ACMSCP.2 Problem tracking CM coverage

Delivery and operation

ADO DEL.2 Detection of modification

ADOIGS.1 Installation, generation, and start-up procedures

Development

ADVFSP.2 Fully defined external interfaces

ADV HLD.2 Security enforcing high-level design

ADVIMP.l Subset of the implementation of the TSF

ADVLLD.l Descriptive low-level design

ADV RCR. 1 Informal correspondence demonstration

ADVSPM.l Informal TOE security policy model

Guidance documents

AGDADM.1 Administrator guidance

AGDUSR.1 User guidance

Life cycle support

ALCDVS.l Identification of security measures

ALCLCD.l Developer defined life-cycle model

ALCTAT.l Well-defined development tools

Tests

ATE COV.2 Analysis of coverage

ATE DPT.1 Testing: high-level design

ATE FUN. 1 Functional testing

ATE IND.2 Independent testing - sample

AVAMSU.2 Validation of analysis

Vulnerability assessment

AVASOF.1 Strength of TOE security function evaluation

AVAVLA.2 Independent vulnerability analysis



0 ... 19 20 21 22 23 24 25 ... 73