Раздел: Документация

0 ... 44 45 46 47 48 49 50 ... 73

---

12 Class ALC: Life cycle support

Life-cycle support is an aspect of establishing discipline and control in the processes of refinement of the TOE during its development and maintenance. Confidence in the correspondence between the TOE security requirements and the TOE is greater if security analysis and the production of the evidence are done on a regular basis as an integral part of the development and maintenance activities.

Figure 12.1 shows the families within this class, and the hierarchy of components within the families.

Class ALC: Life cycle support

ALC DVS Development security

ALCFLR Flaw remediation

ALC LCD Life cycle definition

ALC TAT Tools and techniques

1

2

1

2

3

1

2

3

1

2

3

Figure 12.1 -Life-cycle support class decomposition

---

12.1 Development security (ALC DVS)

Objectives

Development security is concerned with physical, procedural, personnel, and other security measures that may be used in the development environment to protect the TOE. It includes the physical security of the development location and any procedures used to select development staff.

Component levelling

The components in this family are levelled on the basis of whether justification of the sufficiency of the security measures is required.

Application notes

This family deals with measures to remove or reduce threats existing at the developers site. Conversely, threats to be countered at the TOE users site are normally covered in the security environment subclause of a PP or ST.

The evaluator should determine whether there is a need for visiting the developers site in order to confirm that the requirements of this family are met.

It is recognised that confidentiality may not always be an issue for the protection of the TOE in its development environment. The use of the word "necessary" allows for the selection of appropriate safeguards.

ALC DVS.1 Identification of security measures

Dependencies:

No dependencies.

Developer action elements:

alc dvs.1.1d The developer shall produce development security documentation. Content and presentation of evidence elements:

alc dvs.1.1c The development security documentation shall describe all the physical, procedural, personnel, and other security measures that are necessary to protect the confidentiality and integrity of the TOE design and implementation in its development environment.

alc dvs.1.2c The development security documentation shall provide evidence that these security measures are followed during the development and maintenance of

the TOE.

0 ... 44 45 46 47 48 49 50 ... 73