Joint task force transformation initiative



Yüklə 5,64 Mb.
səhifə174/186
tarix08.01.2019
ölçüsü5,64 Mb.
#93199
1   ...   170   171   172   173   174   175   176   177   ...   186

AcquisitionProcess

Design / Implementation Information For Security Controls



SA-17

Developer Security Architecture and Design

ADV_ARC.1

EAL2
EAL3


EAL4
EAL5
EAL6
EAL7

Security Architecture

Security Architecture Description



AC-25

Reference Monitor

SA-17

Developer Security Architecture and Design

SA-18

Tamper Resistance and Detection

SC-3

Security Function Isolation

SC-3 (1)

Security Function Isolation

Hardware Separation



SC-3 (2)

Security Function Isolation

Minimize Nonsecurity Functionality



SC-41

Process Isolation

ADV_FSP.1

EAL1


Functional Specification

Basic Functional Specification



SA-4 (1)

Acquisition Process

Functional Properties of Security Controls



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



ADV_FSP.2

EAL2


Functional Specification

Security-Enforcing Functional Specification



SA-4 (1)

Acquisition Process

Functional Properties of Security Controls



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17 (4)

Developer Security Architecture and Design

Informal Correspondence



ADV_FSP.3

EAL3


Functional Specification

Functional Specification With Complete Summary



SA-4 (1)

Acquisition Process

Functional Properties of Security Controls



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17 (4)

Developer Security Architecture and Design

Informal Correspondence



ADV_FSP.4

EAL4


Functional Specification

Complete Functional Specification



SA-4 (1)

Acquisition Process

Functional Properties of Security Controls



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17 (4)

Developer Security Architecture and Design

Informal Correspondence



ADV_FSP.5

EAL5
EAL6



Functional Specification

Complete Semi-Formal Functional Specification with Additional Error Information



SA-4 (1)

Acquisition Process

Functional Properties of Security Controls



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17 (4)

Developer Security Architecture and Design

Informal Correspondence



ADV_FSP.6

EAL7


Functional Specification

Complete Semi-Formal Functional Specification with Additional Formal Specification



SA-4 (1)

Acquisition Process

Functional Properties of Security Controls



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17 (3)

Developer Security Architecture and Design

Formal Correspondence



SA-17 (4)

Developer Security Architecture and Design

Informal Correspondence



ADV_IMP.1

EAL4
EAL5



Implementation Representation

Implementation Representation of the TSF



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



ADV_IMP.2

EAL6
EAL7



Implementation Representation

Complete Mapping of the Implementation Representation of the TSF



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17 (3)

Developer Security Architecture and Design

Formal Correspondence



ADV_INT.1

TSF Internals

Well-Structured Subset of TSF Internals



SA-8

Security Engineering Principles

SC-3 (3)

Security Function Isolation

Minimize Nonsecurity Functionality



SC-3 (4)

Security Function Isolation

Module Coupling and Cohesiveness



SC-3 (5)

Security Function Isolation

Layered Structures



ADV_INT.2

EAL5


TSF Internals

Well-Structured Internals



SA-8

Security Engineering Principles

SC-3 (3)

Security Function Isolation

Minimize Nonsecurity Functionality



SC-3 (4)

Security Function Isolation

Module Coupling and Cohesiveness



SC-3 (5)

Security Function Isolation

Layered Structures



ADV_INT.3

EAL6
EAL7



TSF Internals

Minimally Complex Internals



SA-8

Security Engineering Principles

SA-17 (5)

Developer Security Architecture and Design

Conceptually Simple Design



SC-3 (3)

Security Function Isolation

Minimize Nonsecurity

Functionality


SC-3 (4)

Security Function Isolation

Module Coupling and Cohesiveness



SC-3 (5)

Security Function Isolation

Layered Structures



AC-25

Reference Monitor

ADV_SPM.1

EAL6
EAL7



Security Policy Modeling

Formal TOE Security Policy Model



SA-17 (1)

Developer Security Architecture and Design

Formal Policy Model



SA-17 (3)

Developer Security Architecture and Design

Formal Correspondence



ADV_TDS.1

EAL2


TOE Design

Basic Design



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17

Developer Security Architecture and Design

ADV_TDS.2

EAL3


TOE Design

Architectural Design



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17

Developer Security Architecture and Design

ADV_TDS.3

EAL4


TOE Design

Basic Modular Design



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17

Developer Security Architecture and Design

ADV_TDS.4

EAL5


TOE Design

Semiformal Modular Design



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17

Developer Security Architecture and Design

SA-17 (2)

Developer Security Architecture and Design

Security Relevant Components



SA-17 (4)

Developer Security Architecture and Design

Informal Correspondence



ADV_TDS.5

EAL6


TOE Design

Complete Semiformal Modular Design



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17

Developer Security Architecture and Design

SA-17 (2)

Developer Security Architecture and Design

Security Relevant Components



SA-17 (4)

Developer Security Architecture and Design

Informal Correspondence



ADV_TDS.6

EAL7


TOE Design

Complete Semiformal Modular Design with Formal High-Level Design Presentation



SA-4 (2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17

Developer Security Architecture and Design

SA-17 (2)

Developer Security Architecture and Design

Security Relevant Components



SA-17 (3)

Developer Security Architecture and Design

Formal Correspondence



SA-17 (4)

Developer Security Architecture and Design

Informal Correspondence



AGD_OPE.1

EAL1
EAL2


EAL3
EAL4
EAL5
EAL6
EAL7

Operational User Guidance

Operational User Guidance



SA-5

Information System Documentation

AGD_PRE.1

EAL1
EAL2


EAL3
EAL4
EAL5
EAL6
EAL7

Preparative Procedures

Preparative Procedures



SA-5

Information System Documentation

ALC_CMC.1

EAL1


CM Capabilities

Labeling of the TOE



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMC.2

EAL2


CM Capabilities

Use of a CM System



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMC.3

EAL3


CM Capabilities

Authorization Controls



CM-3

Configuration Change Control

CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMC.4

EAL4
EAL5



CM Capabilities

Production Support, Acceptance Procedures, and Automation



CM-3

Configuration Change Control

CM-3 (1)

Configuration Change Control

Automated Document / Notification / Prohibition of Changes



CM-3 (3)

Configuration Change Control

Automated Change Implementation



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMC.5

EAL6
EAL7



CM Capabilities

Advanced Support



CM-3

Configuration Change Control

CM-3 (1)

Configuration Change Control

Automated Document / Notification / Prohibition of Changes



CM-3 (2)

Configuration Change Control

Test / Validate / Document Changes



CM-3 (3)

Configuration Change Control

Automated mechanisms to field and deploy



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.1

EAL1


CM Scope

TOE CM Coverage



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.2

EAL2


CM Scope

Parts of the TOE CM Coverage



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.3

EAL3


CM Scope

Implementation Representation CM Coverage



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.4

EAL4


CM Scope

Problem Tracking CM Coverage



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.5

EAL5
EAL6


EAL7

CM Scope

Development Tools CM Coverage



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_DEL.1

EAL2
EAL3


EAL4
EAL5
EAL6
EAL7

Delivery

Delivery Procedures



MP-5

Media Transport

SA-10 (1)

Developer Configuration Management

Software / Firmware Integrity Verification



SA-10 (6)

Developer Configuration Management

Trusted Distribution



SA-18

Tamper Resistance and Detection

SA-19

Component Authenticity

ALC_DVS.1

EAL3
EAL4


EAL5

Development Security

Identification of Security Measures



SA-1

System and Services Acquisition Policy and Procedures

SA-3

System Development Lifecycle

SA-12

Supply Chain Protection

ALC_DVS.2

EAL6
EAL7



Development Security

Sufficiency of Security Measures



CM-5

Access Restrictions for Change

SA-3

System Development Lifecycle

SA-12

Supply Chain Protection

ALC_FLR.1

Flaw Remediation

Basic Flaw Remediation



SA-10

Developer Configuration Management

SA-11

Developer Security Testing / Evaluation

SI-2

Flaw Remediation

ALC_FLR.2

Flaw Remediation

Flaw Reporting Procedures



SA-10

Developer Configuration Management

SA-11

Developer Security Testing / Evaluation

SI-2

Flaw Remediation

ALC_FLR.3

Flaw Remediation

Systematic Flaw Remediation



SA-10

Developer Configuration Management

SA-11

Developer Security Testing / Evaluation

SI-2

Flaw Remediation

ALC_LCD.1

EAL3
EAL4


EAL5
EAL6

Life-Cycle Definition

Developer Defined Life-Cycle Model



SA-3

System Development Life Cycle

SA-15

Development Process, Standards, and Tools

ALC_LCD.2

EAL7


Life-Cycle Definition

Measurable Life-Cycle Model



SA-3

System Development Life Cycle

SA-15

Development Process, Standards, and Tools

ALC_TAT.1

EAL4


Tools and Techniques

Well-Defined Development Tools



SA-15

Development Process, Standards, and Tools

ALC_TAT.2

EAL5


Tools and Techniques

Compliance with Implementation Standards



SA-15

Development Process, Standards, and Tools

ALC_TAT.3

EAL6
EAL7



Tools and Techniques

Compliance with Implementation Standards – All Parts



SA-15

Development Process, Standards, and Tools

ATE_COV.1

EAL2


Coverage

Evidence of Coverage



SA-11

Developer Security Testing and Evaluation

SA-11 (7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_COV.2

EAL3
EAL4


EAL5

Coverage

Analysis of Coverage



SA-11

Developer Security Testing and Evaluation

SA-11 (7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_COV.3

EAL6
EAL7



Coverage

Rigorous Analysis of Coverage



SA-11

Developer Security Testing and Evaluation

SA-11 (7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_DPT.1

EAL3


Depth

Testing: Basic Design



SA-11

Developer Security Testing and Evaluation

SA-11 (7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_DPT.2

EAL4


Depth

Testing: Security Enforcing Modules



SA-11

Developer Security Testing and Evaluation

SA-11 (7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_DPT.3

EAL5
EAL6



Depth

Testing: Modular Design



SA-11

Developer Security Testing and Evaluation

SA-11 (7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_DPT.4

EAL7


Depth

Testing: Implementation Representation



SA-11

Developer Security Testing and Evaluation

SA-11 (7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_FUN.1

EAL2
EAL3


EAL4
EAL5

Functional Tests

Functional Testing



SA-11

Developer Security Testing and Evaluation

ATE_FUN.2

EAL6
EAL7



Functional Tests

Ordered Functional Testing



SA-11

Developer Security Testing and Evaluation

ATE_IND.1

EAL1


Independent Testing

Independent Testing – Conformance



CA-2

Security Assessments

CA-2 (1)

Security Assessments

Independent Assessors

SA-11 (3)

Developer Security Testing and Evaluation Independent Verification of Assessment Plans / Evidence

ATE_IND.2

EAL2
EAL3


EAL4
EAL5
EAL6

Independent Testing

Independent Testing – Sample



CA-2

Security Assessments

CA-2 (1)

Security Assessments

Independent Assessors

SA-11 (3)

Developer Security Testing and Evaluation Independent Verification of Assessment Plans / Evidence

ATE_IND.3

EAL7


Independent Testing

Independent Testing – Complete



CA-2

Security Assessments

CA-2 (1)

Security Assessments

Independent Assessors

SA-11 (3)

Developer Security Testing and Evaluation Independent Verification of Assessment Plans / Evidence

AVA_VAN.1

EAL1


Vulnerability Analysis

Vulnerability Survey



CA-2 (2)

Security Assessments

Specialized Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11 (2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11 (5)

Developer Security Testing and Evaluation Penetration Testing

AVA_VAN.2

EAL2
EAL3



Vulnerability Analysis

Vulnerability Analysis



CA-2 (2)

Security Assessments

Specialized Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11 (2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11 (5)

Developer Security Testing and Evaluation Penetration Testing

AVA_VAN.3

EAL4


Vulnerability Analysis

Focused Vulnerability Analysis



CA-2 (2)

Security Assessments

Specialized Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11 ( 2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11 (5)

Developer Security Testing and Evaluation Penetration Testing

AVA_VAN.4

EAL5


Vulnerability Analysis

Methodical Vulnerability Analysis



CA-2 (2)

Security Assessments

Types of Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11 (2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11 (5)

Developer Security Testing and Evaluation Penetration Testing

AVA_VAN.5

EAL6
EAL7



Vulnerability Analysis

Advanced Methodical Vulnerability Analysis



CA-2 (2)

Security Assessments

Types of Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11 (2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11 (5)

Developer Security Testing and Evaluation Penetration Testing

ACO_COR.1

Composition Rationale

Composition Rationale



SA-17

Developer Security Architecture and Design

ACO_DEV.1

Development Evidence

Functional Description



SA-17

Developer Security Architecture and Design

ACO_DEV.2

Development Evidence

Basic Evidence of Design



SA-17

Developer Security Architecture and Design

ACO_DEV.3

Development Evidence

Detailed Evidence of Design



SA-17

Developer Security Architecture and Design

ACO_REL.1

Reliance on Dependent Component

Basic Reliance Information



SA-17

Developer Security Architecture and Design

ACO_REL.2

Reliance on Dependent Component

Reliance Information



SA-17

Developer Security Architecture and Design

ACO_CTT.1

Composed TOE Testing

Interface Testing



SA-11

Developer Security Testing and Evaluation

ACO_CTT.2

Composed TOE Testing

Rigorous Interface Testing



SA-11

Developer Security Testing and Evaluation

ACO_VUL.1

Composition Vulnerability Analysis

Composition Vulnerability Review



CA-2

Security Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11

Developer Security Testing and Evaluation

ACO_VUL.2

Composition Vulnerability Analysis

Composition Vulnerability Analysis



CA-2

Security Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11

Developer Security Testing and Evaluation

ACO_VUL.3

Composition Vulnerability Analysis

Enhanced-Basic Composition Vulnerability Review



CA-2

Security Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11

Developer Security Testing and Evaluation


appendix i

Yüklə 5,64 Mb.

Dostları ilə paylaş:
1   ...   170   171   172   173   174   175   176   177   ...   186




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin