Раздел: Документация

0 1 2 3 4 5 6 7 ... 73

2 Security assurance requirements

2.1 Structures

The following subclauses describe the constructs used in representing the assurance classes, families, components, and EALs along with the relationships among them.

Figure 2.1 illustrates the assurance requirements defined in this part of ISO/IEC 15408. Note that the most abstract collection of assurance requirements is referred to as a class. Each class contains assurance families, which then contain assurance components, which in turn contain assurance elements. Classes and families are used to provide a taxonomy for classifying assurance requirements, while components are used to specify assurance requirements in a PP/ST.

2.1.1 Class structure

Figure 2.1 illustrates the assurance class structure.

2.1.1.1Class name

Each assurance class is assigned a unique name. The name indicates the topics covered by the assurance class.

A unique short form of the assurance class name is also provided. This is the primary means for referencing the assurance class. The convention adopted is an "A" followed by two letters related to the class name.

2.1.1.2Class introduction

Each assurance class has an introductory subclause that describes the composition of the class and contains supportive text covering the intent of the class.

2.1.1.3Assurance families

Each assurance class contains at least one assurance family. The structure of the assurance families is described in the following subclause.

---

Common criteria assurance requirements

Assurance class

Class name

I

Class introduction

Assurance family

Family name

Objectives

Component levelling

I

Application notes

I~

Assurance component

I Component identification I Objectives

Application notes
Dependencies
л 1 +
Assurance element
i
i

L

Figure 2.1 - Assurance class/family/component/element hierarchy 2.1.2 Assurance family structure

Figure 2.1 illustrates the assurance family structure.

---

2.1.2.1Family name

Every assurance family is assigned a unique name. The name provides descriptive information about the topics covered by the assurance family. Each assurance family is placed within the assurance class that contains other families with the same intent.

A unique short form of the assurance family name is also provided. This is the primary means used to reference the assurance family. The convention adopted is that the short form of the class name is used, followed by an underscore, and then three letters related to the family name.

2.1.2.2Objectives

The objectives subclause of the assurance family presents the intent of the assurance family.

This subclause describes the objectives, particularly those related to the ISO/IEC 15408 assurance paradigm, that the family is intended to address. The description for the assurance family is kept at a general level. Any specific details required for objectives are incorporated in the particular assurance component.

2.1.2.3Component levelling

Each assurance family contains one or more assurance components. This subclause of the assurance family describes the components available and explains the distinctions between them. Its main purpose is to differentiate between the assurance components once it has been determined that the assurance family is a necessary or useful part of the assurance requirements for a PP/ST.

Assurance families containing more than one component are levelled and rationale is provided as to how the components are levelled. This rationale is in terms of scope, depth, and/or rigour.

2.1.2.4Application notes

The application notes subclause of the assurance family, if present, contains additional information for the assurance family. This information should be of particular interest to users of the assurance family (e.g. PP and ST authors, designers of TOEs, evaluators). The presentation is informal and covers, for example, warnings about limitations of use and areas where specific attention may be required.

2.1.2.5Assurance components

Each assurance family has at least one assurance component. The structure of the assurance components is provided in the following subclause.

2.1.3 Assurance component structure

Figure 2.2 illustrates the assurance component structure.

0 1 2 3 4 5 6 7 ... 73