8(495)909-90-01
8(964)644-46-00
pro@sio.su
Главная
Системы видеонаблюдения
Охранная сигнализация
Пожарная сигнализация
Система пожаротушения
Система контроля удаленного доступа
Оповещение и эвакуация
Контроль периметра
Система домофонии
Парковочные системы
Проектирование слаботочных сетей
Аварийный
контроль
Раздел: Документация

0 ... 24 25 26 27 28 29 30 ... 73

acm aut.2.2c The CM system shall provide an automated means to support the generation of the

TOE.

acm aut.2.3c The CM plan shall describe the automated tools used in the CM system.

acm aut.2.4c The CM plan shall describe how the automated tools are used in the CM system.

acm aut.2.5c The CM system shall provide an automated means to ascertain the changes between the TOE and its preceding version.

acm aut.2.6c The CM system shall provide an automated means to identify all other configuration items that are affected by the modification of a given configuration item.

Evaluator action elements:

acm aut.2.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.

8.2 CM capabilities (ACM CAP)

Objectives

The capabilities of the CM system address the likelihood that accidental or unauthorised modifications of the configuration items will occur. The CM system should ensure the integrity of the TOE from the early design stages through all subsequent maintenance efforts.

The objectives of this family include the following:

a)ensuring that the TOE is correct and complete before it is sent to the consumer;

b)ensuring that no configuration items are missed during evaluation;

c)preventing unauthorised modification, addition, or deletion of TOE configuration items.

Component levelling

The components in this family are levelled on the basis of the CM system capabilities, the scope of the CM documentation provided by the developer, and whether the developer provides justification that the CM system meets its security requirements.

Application notes

ACM CAP.2 introduces several elements which refer to configuration items. The ACM SCP family contains requirements for the configuration items to be tracked by the CM system.

ACMCAP.2.3C introduces a requirement that a configuration list be provided. The configuration list contains all configuration items that are maintained by the CM system.

ACM CAP.2.6C introduces a requirement that the CM system uniquely identify all configuration items. This also requires that modifications to configuration items result in a new, unique identifier being assigned.

ACM CAP.3.8C introduces the requirement that the evidence shall demonstrate that the CM system operates in accordance with the CM plan. Examples of such evidence might be documentation such as screen snapshots or audit trail output from the CM system, or a detailed demonstration of the CM system by the developer. The evaluator is responsible for determining that this evidence is sufficient to show that the CM system operates in accordance with the CM plan.

ACMCAP.3.9C introduces the requirement that evidence be provided to show that all configuration items are being maintained under the CM system. Since a configuration item refers to an item that is on the configuration list, this requirement states that all items on the configuration list are maintained under the CM system.

ACM CAP.4.11C introduces the requirement that the CM system support the generation of the TOE. This requires that the CM system provide information and/or electronic means to assist in determining that the correct configuration items are used in generating the TOE.

ACM CAP.1 Version numbers

Objectives

A unique reference is required to ensure that there is no ambiguity in terms of which instance of the TOE is being evaluated. Labelling the TOE with its reference ensures that users of the TOE can be aware of which instance of the TOE they are using.

Dependencies:

No dependencies.

Developer action elements:

acm cap.i.id The developer shall provide a reference for the TOE. Content and presentation of evidence elements:

acm cap.i.ic The reference for the TOE shall be unique to each version of the TOE. acm cap.i.2c The TOE shall be labelled with its reference. Evaluator action elements:

acm cap.i.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.

ACM CAP.2 Configuration items

Objectives

A unique reference is required to ensure that there is no ambiguity in terms of which instance of the TOE is being evaluated. Labelling the TOE with its reference ensures that users of the TOE can be aware of which instance of the TOE they are using.

Unique identification of the configuration items leads to a clearer understanding of the composition of the TOE, which in turn helps to determine those items which are subject to the evaluation requirements for the TOE.

Dependencies:

No dependencies.

Developer action elements:

acm cap.2.id The developer shall provide a reference for the TOE.



0 ... 24 25 26 27 28 29 30 ... 73