Раздел: Документация
0 ... 23 24 25 26 27 28 29 ... 73 8 Class ACM: Configuration management Configuration management (CM) is one method or means for establishing that the functional requirements and specifications are realised in the implementation of the TOE. CM meets these objectives by requiring discipline and control in the processes of refinement and modification of the TOE and the related information. CM systems are put in place to ensure the integrity of the portions of the TOE that they control, by providing a method of tracking any changes, and by ensuring that all changes are authorised. Figure 8.1 shows the families within this class, and the hierarchy of components within the families. Class ACM: Configuration management ACMAUT CM automation 1H2 ACMCAP CM capabilities 1H2U3U4U5 ACM SCP CM scope 1H2H3 Figure 8.1 -Configuration management class decomposition 8.1 CM automation (ACM AUT) Objectives The objective of introducing automated CM tools is to increase the effectiveness of the CM system. While both automated and manual CM systems can be bypassed, ignored, or prove insufficient to prevent unauthorised modification, automated systems are less susceptible to human error or negligence. Component levelling The components in this family are levelled on the basis of the set of configuration items that are controlled through automated means. Application notes ACMAUT.1.1C introduces a requirement that is related to the implementation representation of the TOE. The implementation representation of the TOE consists of all hardware, software, and firmware that comprise the physical TOE. In the case of a software-only TOE, the implementation representation may consist solely of source and object code. ACM AUT.1.2C introduces a requirement that the CM system provide an automated means to support the generation of the TOE. This requires that the CM system provide an automated means to assist in determining that the correct configuration items are used in generating the TOE. ACM AUT.2.5C introduces a requirement that the CM system provide an automated means to ascertain the changes between the TOE and its preceding version. If no previous version of the TOE exists, the developer still needs to provide an automated means to ascertain the changes between the TOE and a future version of the TOE. ACM AUT.1 Partial CM automation Objectives In development environments where the implementation representation is complex or is being developed by multiple developers, it is difficult to control changes without the support of automated tools. In particular, these automated tools need to be able to support the numerous changes that occur during development and ensure that those changes are authorised. It is the objective of this component to ensure that the implementation representation is controlled through automated means. Dependencies: ACMCAP.3 Authorisation controls Developer action elements: acm aut.i.id The developer shall use a CM system. acm aut.i.2d The developer shall provide a CM plan. acm aut.i.ic The CM system shall provide an automated means by which only authorised changes are made to the TOE implementation representation. acm aut.i.2c The CM system shall provide an automated means to support the generation of the TOE. acm aut.i.3c The CM plan shall describe the automated tools used in the CM system. acm aut.i.4c The CM plan shall describe how the automated tools are used in the CM system. Evaluator action elements: acm aut.i.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ACM AUT.2 Complete CM automation Objectives In development environments where the configuration items are complex or are being developed by multiple developers, it is difficult to control changes without the support of automated tools. In particular, these automated tools need to be able to support the numerous changes that occur during development and ensure that those changes are authorised. It is the objective of this component to ensure that all configuration items are controlled through automated means. Providing an automated means of ascertaining changes between versions of the TOE and identifying which configuration items are affected by modifications to other configuration items assists in determining the impact of the changes between successive versions of the TOE. This in turn can provide valuable information in determining whether changes to the TOE result in all configuration items being consistent with one another. Dependencies: ACMCAP.3 Authorisation controls Developer action elements: acm aut.2.id The developer shall use a CM system. acm aut.2.2d The developer shall provide a CM plan. Content and presentation of evidence elements: acm aut.2.ic The CM system shall provide an automated means by which only authorised changes are made to the TOE implementation representation, and to all other configuration items. 0 ... 23 24 25 26 27 28 29 ... 73
|