Раздел: Документация
0 ... 26 27 28 29 30 31 32 ... 73 ACM CAP.5 Advanced support Objectives A unique reference is required to ensure that there is no ambiguity in terms of which instance of the TOE is being evaluated. Labelling the TOE with its reference ensures that users of the TOE can be aware of which instance of the TOE they are using. Unique identification of the configuration items leads to a clearer understanding of the composition of the TOE, which in turn helps to determine those items which are subject to the evaluation requirements for the TOE. Providing controls to ensure that unauthorised modifications are not made to the TOE, and ensuring proper functionality and use of the CM system, helps to maintain the integrity of the TOE. The purpose of acceptance procedures is to confirm that any creation or modification of configuration items is authorised. Integration procedures help to ensure that generation of the TOE from a managed set of configuration items is correctly performed in an authorised manner. Requiring that the CM system be able to identify the master copy of the material used to generate the TOE helps to ensure that the integrity of this material is preserved by the appropriate technical, physical and procedural safeguards. Dependencies: ACMSCP.1 TOE CM coverage ALCDVS.2 Sufficiency of security measures Developer action elements: acm cap.5.id The developer shall provide a reference for the TOE. acm cap.5.2d The developer shall use a CM system. acm cap.5.3d The developer shall provide CM documentation. Content and presentation of evidence elements: acm cap.5.ic The reference for the TOE shall be unique to each version of the TOE. acm cap.5.2c The TOE shall be labelled with its reference. acm cap.5.3c The CM documentation shall include a configuration list, a CM plan, an acceptance plan, and integration procedures. acm cap.5.4c The configuration list shall describe the configuration items that comprise the TOE. acm cap.5.5c The CM documentation shall describe the method used to uniquely identify the configuration items. acm cap.5.6c The CM system shall uniquely identify all configuration items. acm cap.5.7c The CM plan shall describe how the CM system is used. acm cap.5.8c The evidence shall demonstrate that the CM system is operating in accordance with the CM plan. acm cap.5.9c The CM documentation shall provide evidence that all configuration items have been and are being effectively maintained under the CM system. acm cap.5.i0c The CM system shall provide measures such that only authorised changes are made to the configuration items. acm cap.5.iic The CM system shall support the generation of the TOE. acm cap.5.i2c The acceptance plan shall describe the procedures used to accept modified or newly created configuration items as part of the TOE. acm cap.5.i3c The integration procedures shall describe how the CM system is applied in the TOE manufacturing process. acm cap.5.i4c The CM system shall require that the person responsible for accepting a configuration item into CM is not the person who developed it. acm cap.5.i5c The CM system shall clearly identify the configuration items that comprise the TSF. acm cap.5.i6c The CM system shall support the audit of all modifications to the TOE, including as a minimum the originator, date, and time in the audit trail. acm cap.5.i7c The CM system shall be able to identify the master copy of all material used to generate the TOE. acm cap.5.i8c The CM documentation shall demonstrate that the use of the CM system, together with the development security measures, allow only authorised changes to be made to the TOE. acm cap.5.i9c The CM documentation shall demonstrate that the use of the integration procedures ensures that the generation of the TOE is correctly performed in an authorised manner. acm cap.5.20c The CM documentation shall demonstrate that the CM system is sufficient to ensure that the person responsible for accepting a configuration item into CM is not the person who developed it. acm cap.5.2ic The CM documentation shall justify that the acceptance procedures provide for an adequate and appropriate review of changes to all configuration items. Evaluator action elements: acm cap.5.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 0 ... 26 27 28 29 30 31 32 ... 73
|