Раздел: Документация

0 ... 66 67 68 69 70 71 72 73

Evaluator action elements:

ama amp.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.

ama amp.1.2e The evaluator shall confirm that the proposed schedules for AM audits and re-evaluation of the TOE are acceptable and consistent with the proposed changes to the TOE.

---

16.2 TOE component categorisation report (AMA CAT)

Objectives

The aim of the TOE component categorisation report is to complement the AM Plan by providing a categorisation of the components of a TOE (e.g. TSF subsystems) according to their relevance to security. This categorisation acts as a focus for the developers security impact analysis, and also for the subsequent re-evaluation of the TOE.

Component levelling

This family contains only one component.

Application notes

The term "least abstract TSF representation" in AMA CAT.1.1 refers to the least abstract representation of the TSF that was provided for the level of assurance that is being maintained. For example, if the TOE is to be maintained at an assurance level of EAL3, then the least abstract TSF representation is the high-level design, and the following TOE components must be categorised:

a)all external TSF interfaces identifiable in the functional specification;

b)all TSF subsystems identifiable in the high-level design.

While AMA CAT requires at least two categories to be defined, it may be appropriate (dependent on the type of TOE) to further subdivide the TSP-enforcing category in order to help focus the developers security impact analysis. For example, TSP-enforcing components could be categorised as either security critical or security supporting where:

a)security critical TOE components are those which are directly responsible for the enforcement of at least one IT security function defined in the security target;

b)security supporting TOE components are those which are not directly responsible for the enforcement of any IT security function (and hence are not security critical), but which are nonetheless relied upon to uphold the IT security functions; this category may in turn include two distinct types of TOE component:

-those that provide services to security critical TOE components, and hence are relied upon to function correctly;

-those that do not provide any such service, but which nonetheless have to be trusted not to behave in a malicious manner (i.e. introducing a vulnerability).

AMA CAT.1.3C requires an identification of any development tools that, if modified, will have an impact on the assurance that the TOE satisfies its security target (e.g. the compiler used to create the object code).

---

AMA CAT.1 TOE component categorisation report

Dependencies:

ACMCAP.2 Configuration items

Developer action elements:

ama cat.1.1d The developer shall provide a TOE component categorisation report for the certified version of the TOE.

Content and presentation of evidence elements:

ama cat.1.1c The TOE component categorisation report shall categorise each component of the TOE, identifiable in each TSF representation from the most abstract to the least abstract, according to its relevance to security; as a minimum, TOE components must be categorised as one of TSP-enforcing or non-TSP-enforcing.

ama cat.1.2c The TOE component categorisation report shall describe the categorisation scheme used, so that it can be determined how to categorise new components introduced into the TOE, and also when to re-categorise existing TOE components following changes to the TOE or its security target.

ama cat.1.3c The TOE component categorisation report shall identify any tools used in the development environment that, if modified, will have an impact on the assurance that the TOE satisfies its security target.

Evaluator action elements:

ama cat.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.

ama cat.1.2e The evaluator shall confirm that the categorisation of TOE components and tools, and the categorisation scheme used, are appropriate and consistent with the evaluation results for the certified version.

0 ... 66 67 68 69 70 71 72 73