Раздел: Документация
0 ... 68 69 70 71 72 73 ama sia.1.4c The security impact analysis shall, for each change affecting the security target or TSF representations, identify all IT security functions and all TOE components categorised as TSP-enforcing that are affected by the change. ama sia.1.5c The security impact analysis shall, for each change which results in a modification of the implementation representation of the TSF or the IT environment, identify the test evidence that shows, to the required level of assurance, that the TSF continues to be correctly implemented following the change. ama sia.1.6c The security impact analysis shall, for each applicable assurance requirement in the configuration management (AcM), life cycle support (ALc), delivery and operation (ADO) and guidance documents (AGD) assurance classes, identify any evaluation deliverables that have changed, and provide a brief description of each change and its impact on assurance. ama sia.1.7c The security impact analysis shall, for each applicable assurance requirement in the vulnerability assessment (AvA) assurance class, identify which evaluation deliverables have changed and which have not, and give reasons for the decision taken as to whether or not to update the deliverable. Evaluator action elements: ama sia.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ama sia.1.2e The evaluator shall check, by sampling, that the security impact analysis documents changes to an appropriate level of detail, together with appropriate justifications that assurance has been maintained in the current version of the TOE. AMA SIA.2 Examination of security impact analysis Dependencies: AMACAT.1 TOE component categorisation report Developer action elements: ama sia.2.1d The developer security analyst shall, for the current version of the TOE, provide a security impact analysis that covers all changes affecting the TOE as compared with the certified version. Content and presentation of evidence elements: ama sia.2.1c The security impact analysis shall identify the certified TOE from which the current version of the TOE was derived. ama sia.2.2c The security impact analysis shall identify all new and modified TOE components that are categorised as TSP-enforcing. ama sia.2.3c The security impact analysis shall, for each change affecting the security target or TSF representations, briefly describe the change and any effects it has on lower representation levels. ama sia.2.4c The security impact analysis shall, for each change affecting the security target or TSF representations, identify all IT security functions and all TOE components categorised as TSP-enforcing that are affected by the change. ama sia.2.5c The security impact analysis shall, for each change which results in a modification of the implementation representation of the TSF or the IT environment, identify the test evidence that shows, to the required level of assurance, that the TSF continues to be correctly implemented following the change. ama sia.2.6c The security impact analysis shall, for each applicable assurance requirement in the configuration management (ACM), life cycle support (ALC), delivery and operation (ADO) and guidance documents (AGD) assurance classes, identify any evaluation deliverables that have changed, and provide a brief description of each change and its impact on assurance. ama sia.2.7c The security impact analysis shall, for each applicable assurance requirement in the vulnerability assessment (AVA) assurance class, identify which evaluation deliverables have changed and which have not, and give reasons for the decision taken as to whether or not to update the deliverable. Evaluator action elements: ama sia.2.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ama sia.2.2e The evaluator shall check that the security impact analysis documents all changes to an appropriate level of detail, together with appropriate justifications that assurance has been maintained in the current version of the TOE. 0 ... 68 69 70 71 72 73
|
