8(495)909-90-01
8(964)644-46-00
pro@sio.su
Главная
Системы видеонаблюдения
Охранная сигнализация
Пожарная сигнализация
Система пожаротушения
Система контроля удаленного доступа
Оповещение и эвакуация
Контроль периметра
Система домофонии
Парковочные системы
Проектирование слаботочных сетей
Аварийный
контроль
Раздел: Документация

0 ... 27 28 29 30 31 32 33 ... 73

8.3 CM scope (ACM SCP)

Objectives

The objective of this family is to ensure that all necessary TOE configuration items are tracked by the CM system. This helps to ensure that the integrity of these configuration items is protected through the capabilities of the CM system.

The objectives of this family include the following:

a)ensuring that the TOE implementation representation is tracked;

b)ensuring that all necessary documentation, including problem reports, are tracked during development and operation;

c)ensuring that configuration options (e.g. compiler switches) are tracked; and

d)ensuring that development tools are tracked. Component levelling

The components in this family are levelled on the basis of which of the following are tracked by the CM system: the TOE implementation representation; design documentation; test documentation; user documentation; administrator documentation; CM documentation; security flaws; and development tools.

Application notes

ACMSCP.1.1C introduces the requirement that the TOE implementation representation be tracked by the CM system. The TOE implementation representation refers to all hardware, software, and firmware that comprise the physical TOE. In the case of a software-only TOE, the implementation representation may consist solely of source and object code.

ACMSCP.1.1C also introduces the requirement that the CM documentation be tracked by the CM system. This includes the CM plan, as well as information on the current versions of any tools that comprise the CM system.

ACM SCP.2.1C introduces the requirement that security flaws be tracked by the CM system. This requires that information regarding previous security flaws and their resolution be maintained, as well as details regarding current security flaws.

ACMSCP.3.1C introduces the requirement that development tools and other related information be tracked by the CM system. Examples of development tools are programming languages and compilers. Information pertaining to TOE generation items (such as compiler options, installation/ generation options, and build options) is an example of information relating to development tools.


ACM SCP.1 TOE CM coverage

Objectives

A CM system can control changes only to those items that have been placed under CM. Placing the TOE implementation representation, design, tests, user and administrator documentation, and CM documentation under CM provides assurance that they have been modified in a controlled manner with proper authorisations.

Dependencies:

ACMCAP.3 Authorisation controls

Developer action elements:

acm scp.i.id The developer shall provide CM documentation. Content and presentation of evidence elements:

acm scp.i.ic The CM documentation shall show that the CM system, as a minimum, tracks the following: the TOE implementation representation, design documentation, test documentation, user documentation, administrator documentation, and cM documentation.

acm scp.i.2c The CM documentation shall describe how configuration items are tracked by the cM system.

Evaluator action elements:

acm scp.i.ie The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.

ACM SCP.2 Problem tracking CM coverage

Objectives

A CM system can control changes only to those items that have been placed under CM. Placing the TOE implementation representation, design, tests, user and administrator documentation, and CM documentation under CM provides assurance that they have been modified in a controlled manner with proper authorisations.

The ability to track security flaws under CM ensures that security flaw reports are not lost or forgotten, and allows a developer to track security flaws to their resolution.

Dependencies:

ACMCAP.3 Authorisation controls

Developer action elements:

acm scp.2.id The developer shall provide CM documentation.


acm scp.2.1c The CM documentation shall show that the CM system, as a minimum, tracks the following: the TOE implementation representation, design documentation, test documentation, user documentation, administrator documentation, CM documentation, and security flaws.

acm scp.2.2c The CM documentation shall describe how configuration items are tracked by the CM system.

Evaluator action elements:

acm scp.2.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.

ACM SCP.3 Development tools CM coverage

Objectives

A CM system can control changes only to those items that have been placed under CM. Placing the TOE implementation representation, design, tests, user and administrator documentation, and CM documentation under CM provides assurance that they have been modified in a controlled manner with proper authorisations.

The ability to track security flaws under CM ensures that security flaw reports are not lost or forgotten, and allows a developer to track security flaws to their resolution.

Development tools play an important role in ensuring the production of a quality version of the TOE. Therefore, it is important to control modifications to these tools.

Dependencies:

ACMCAP.3 Authorisation controls

Developer action elements:

acm scp.3.1d The developer shall provide CM documentation. Content and presentation of evidence elements:

acm scp.3.1c The CM documentation shall show that the CM system, as a minimum, tracks the following: the TOE implementation representation, design documentation, test documentation, user documentation, administrator documentation, CM documentation, security flaws, and development tools and related information.

acm scp.3.2c The CM documentation shall describe how configuration items are tracked by the CM system.



0 ... 27 28 29 30 31 32 33 ... 73