Joint task force transformation initiative

Yüklə 5,64 Mb.

səhifə	174/186
tarix	08.01.2019
ölçüsü	5,64 Mb.
	#93199

1 ... 170 171 172 173 174 175 176 177 ... 186

AcquisitionProcess

Design / Implementation Information For Security Controls

SA-17	Developer Security Architecture and Design
ADV_ARC.1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7	Security Architecture Security Architecture Description	AC-25	Reference Monitor
		SA-17	Developer Security Architecture and Design
		SA-18	Tamper Resistance and Detection
		SC-3	Security Function Isolation
		SC-3 (1)	Security Function Isolation Hardware Separation
		SC-3 (2)	Security Function Isolation Minimize Nonsecurity Functionality
		SC-41	Process Isolation
ADV_FSP.1 EAL1	Functional Specification Basic Functional Specification	SA-4 (1)	Acquisition Process Functional Properties of Security Controls
ADV_FSP.1 EAL1	Functional Specification Basic Functional Specification	SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
ADV_FSP.2 EAL2	Functional Specification Security-Enforcing Functional Specification	SA-4 (1)	Acquisition Process Functional Properties of Security Controls
		SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
		SA-17 (4)	Developer Security Architecture and Design Informal Correspondence
ADV_FSP.3 EAL3	Functional Specification Functional Specification With Complete Summary	SA-4 (1)	Acquisition Process Functional Properties of Security Controls
		SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
		SA-17 (4)	Developer Security Architecture and Design Informal Correspondence
ADV_FSP.4 EAL4	Functional Specification Complete Functional Specification	SA-4 (1)	Acquisition Process Functional Properties of Security Controls
		SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
		SA-17 (4)	Developer Security Architecture and Design Informal Correspondence
ADV_FSP.5 EAL5 EAL6	Functional Specification Complete Semi-Formal Functional Specification with Additional Error Information	SA-4 (1)	Acquisition Process Functional Properties of Security Controls
		SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
		SA-17 (4)	Developer Security Architecture and Design Informal Correspondence
ADV_FSP.6 EAL7	Functional Specification Complete Semi-Formal Functional Specification with Additional Formal Specification	SA-4 (1)	Acquisition Process Functional Properties of Security Controls
		SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
		SA-17 (3)	Developer Security Architecture and Design Formal Correspondence
		SA-17 (4)	Developer Security Architecture and Design Informal Correspondence
ADV_IMP.1 EAL4 EAL5	Implementation Representation Implementation Representation of the TSF	SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
ADV_IMP.2 EAL6 EAL7	Implementation Representation Complete Mapping of the Implementation Representation of the TSF	SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
ADV_IMP.2 EAL6 EAL7		SA-17 (3)	Developer Security Architecture and Design Formal Correspondence
ADV_INT.1	TSF Internals Well-Structured Subset of TSF Internals	SA-8	Security Engineering Principles
		SC-3 (3)	Security Function Isolation Minimize Nonsecurity Functionality
		SC-3 (4)	Security Function Isolation Module Coupling and Cohesiveness
		SC-3 (5)	Security Function Isolation Layered Structures
ADV_INT.2 EAL5	TSF Internals Well-Structured Internals	SA-8	Security Engineering Principles
		SC-3 (3)	Security Function Isolation Minimize Nonsecurity Functionality
		SC-3 (4)	Security Function Isolation Module Coupling and Cohesiveness
		SC-3 (5)	Security Function Isolation Layered Structures
ADV_INT.3 EAL6 EAL7	TSF Internals Minimally Complex Internals	SA-8	Security Engineering Principles
		SA-17 (5)	Developer Security Architecture and Design Conceptually Simple Design
		SC-3 (3)	Security Function Isolation Minimize Nonsecurity Functionality
		SC-3 (4)	Security Function Isolation Module Coupling and Cohesiveness
		SC-3 (5)	Security Function Isolation Layered Structures
		AC-25	Reference Monitor
ADV_SPM.1 EAL6 EAL7	Security Policy Modeling Formal TOE Security Policy Model	SA-17 (1)	Developer Security Architecture and Design Formal Policy Model
ADV_SPM.1 EAL6 EAL7		SA-17 (3)	Developer Security Architecture and Design Formal Correspondence
ADV_TDS.1 EAL2	TOE Design Basic Design	SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
ADV_TDS.1 EAL2	TOE Design Basic Design	SA-17	Developer Security Architecture and Design
ADV_TDS.2 EAL3	TOE Design Architectural Design	SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
ADV_TDS.2 EAL3	TOE Design Architectural Design	SA-17	Developer Security Architecture and Design
ADV_TDS.3 EAL4	TOE Design Basic Modular Design	SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
ADV_TDS.3 EAL4	TOE Design Basic Modular Design	SA-17	Developer Security Architecture and Design
ADV_TDS.4 EAL5	TOE Design Semiformal Modular Design	SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
		SA-17	Developer Security Architecture and Design
		SA-17 (2)	Developer Security Architecture and Design Security Relevant Components
		SA-17 (4)	Developer Security Architecture and Design Informal Correspondence
ADV_TDS.5 EAL6	TOE Design Complete Semiformal Modular Design	SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
		SA-17	Developer Security Architecture and Design
		SA-17 (2)	Developer Security Architecture and Design Security Relevant Components
		SA-17 (4)	Developer Security Architecture and Design Informal Correspondence
ADV_TDS.6 EAL7	TOE Design Complete Semiformal Modular Design with Formal High-Level Design Presentation	SA-4 (2)	Acquisition Process Design / Implementation Information for Security Controls
		SA-17	Developer Security Architecture and Design
		SA-17 (2)	Developer Security Architecture and Design Security Relevant Components
		SA-17 (3)	Developer Security Architecture and Design Formal Correspondence
		SA-17 (4)	Developer Security Architecture and Design Informal Correspondence
AGD_OPE.1 EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7	Operational User Guidance Operational User Guidance	SA-5	Information System Documentation
AGD_PRE.1 EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7	Preparative Procedures Preparative Procedures	SA-5	Information System Documentation
ALC_CMC.1 EAL1	CM Capabilities Labeling of the TOE	CM-9	Configuration Management Plan
ALC_CMC.1 EAL1	CM Capabilities Labeling of the TOE	SA-10	Developer Configuration Management
ALC_CMC.2 EAL2	CM Capabilities Use of a CM System	CM-9	Configuration Management Plan
ALC_CMC.2 EAL2	CM Capabilities Use of a CM System	SA-10	Developer Configuration Management
ALC_CMC.3 EAL3	CM Capabilities Authorization Controls	CM-3	Configuration Change Control
		CM-9	Configuration Management Plan
		SA-10	Developer Configuration Management
ALC_CMC.4 EAL4 EAL5	CM Capabilities Production Support, Acceptance Procedures, and Automation	CM-3	Configuration Change Control
		CM-3 (1)	Configuration Change Control Automated Document / Notification / Prohibition of Changes
		CM-3 (3)	Configuration Change Control Automated Change Implementation
		CM-9	Configuration Management Plan
		SA-10	Developer Configuration Management
ALC_CMC.5 EAL6 EAL7	CM Capabilities Advanced Support	CM-3	Configuration Change Control
		CM-3 (1)	Configuration Change Control Automated Document / Notification / Prohibition of Changes
		CM-3 (2)	Configuration Change Control Test / Validate / Document Changes
		CM-3 (3)	Configuration Change Control Automated mechanisms to field and deploy
		CM-9	Configuration Management Plan
		SA-10	Developer Configuration Management
ALC_CMS.1 EAL1	CM Scope TOE CM Coverage	CM-9	Configuration Management Plan
ALC_CMS.1 EAL1	CM Scope TOE CM Coverage	SA-10	Developer Configuration Management
ALC_CMS.2 EAL2	CM Scope Parts of the TOE CM Coverage	CM-9	Configuration Management Plan
ALC_CMS.2 EAL2	CM Scope Parts of the TOE CM Coverage	SA-10	Developer Configuration Management
ALC_CMS.3 EAL3	CM Scope Implementation Representation CM Coverage	CM-9	Configuration Management Plan
ALC_CMS.3 EAL3	CM Scope Implementation Representation CM Coverage	SA-10	Developer Configuration Management
ALC_CMS.4 EAL4	CM Scope Problem Tracking CM Coverage	CM-9	Configuration Management Plan
ALC_CMS.4 EAL4	CM Scope Problem Tracking CM Coverage	SA-10	Developer Configuration Management
ALC_CMS.5 EAL5 EAL6 EAL7	CM Scope Development Tools CM Coverage	CM-9	Configuration Management Plan
ALC_CMS.5 EAL5 EAL6 EAL7	CM Scope Development Tools CM Coverage	SA-10	Developer Configuration Management
ALC_DEL.1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7	Delivery Delivery Procedures	MP-5	Media Transport
		SA-10 (1)	Developer Configuration Management Software / Firmware Integrity Verification
		SA-10 (6)	Developer Configuration Management Trusted Distribution
		SA-18	Tamper Resistance and Detection
		SA-19	Component Authenticity
ALC_DVS.1 EAL3 EAL4 EAL5	Development Security Identification of Security Measures	SA-1	System and Services Acquisition Policy and Procedures
		SA-3	System Development Lifecycle
		SA-12	Supply Chain Protection
ALC_DVS.2 EAL6 EAL7	Development Security Sufficiency of Security Measures	CM-5	Access Restrictions for Change
		SA-3	System Development Lifecycle
		SA-12	Supply Chain Protection
ALC_FLR.1	Flaw Remediation Basic Flaw Remediation	SA-10	Developer Configuration Management
		SA-11	Developer Security Testing / Evaluation
		SI-2	Flaw Remediation
ALC_FLR.2	Flaw Remediation Flaw Reporting Procedures	SA-10	Developer Configuration Management
		SA-11	Developer Security Testing / Evaluation
		SI-2	Flaw Remediation
ALC_FLR.3	Flaw Remediation Systematic Flaw Remediation	SA-10	Developer Configuration Management
		SA-11	Developer Security Testing / Evaluation
		SI-2	Flaw Remediation
ALC_LCD.1 EAL3 EAL4 EAL5 EAL6	Life-Cycle Definition Developer Defined Life-Cycle Model	SA-3	System Development Life Cycle
ALC_LCD.1 EAL3 EAL4 EAL5 EAL6		SA-15	Development Process, Standards, and Tools
ALC_LCD.2 EAL7	Life-Cycle Definition Measurable Life-Cycle Model	SA-3	System Development Life Cycle
ALC_LCD.2 EAL7	Life-Cycle Definition Measurable Life-Cycle Model	SA-15	Development Process, Standards, and Tools
ALC_TAT.1 EAL4	Tools and Techniques Well-Defined Development Tools	SA-15	Development Process, Standards, and Tools
ALC_TAT.2 EAL5	Tools and Techniques Compliance with Implementation Standards	SA-15	Development Process, Standards, and Tools
ALC_TAT.3 EAL6 EAL7	Tools and Techniques Compliance with Implementation Standards – All Parts	SA-15	Development Process, Standards, and Tools
ATE_COV.1 EAL2	Coverage Evidence of Coverage	SA-11	Developer Security Testing and Evaluation
ATE_COV.1 EAL2	Coverage Evidence of Coverage	SA-11 (7)	Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation
ATE_COV.2 EAL3 EAL4 EAL5	Coverage Analysis of Coverage	SA-11	Developer Security Testing and Evaluation
ATE_COV.2 EAL3 EAL4 EAL5	Coverage Analysis of Coverage	SA-11 (7)	Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation
ATE_COV.3 EAL6 EAL7	Coverage Rigorous Analysis of Coverage	SA-11	Developer Security Testing and Evaluation
ATE_COV.3 EAL6 EAL7	Coverage Rigorous Analysis of Coverage	SA-11 (7)	Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation
ATE_DPT.1 EAL3	Depth Testing: Basic Design	SA-11	Developer Security Testing and Evaluation
ATE_DPT.1 EAL3	Depth Testing: Basic Design	SA-11 (7)	Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation
ATE_DPT.2 EAL4	Depth Testing: Security Enforcing Modules	SA-11	Developer Security Testing and Evaluation
ATE_DPT.2 EAL4	Depth Testing: Security Enforcing Modules	SA-11 (7)	Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation
ATE_DPT.3 EAL5 EAL6	Depth Testing: Modular Design	SA-11	Developer Security Testing and Evaluation
ATE_DPT.3 EAL5 EAL6	Depth Testing: Modular Design	SA-11 (7)	Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation
ATE_DPT.4 EAL7	Depth Testing: Implementation Representation	SA-11	Developer Security Testing and Evaluation
ATE_DPT.4 EAL7	Depth Testing: Implementation Representation	SA-11 (7)	Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation
ATE_FUN.1 EAL2 EAL3 EAL4 EAL5	Functional Tests Functional Testing	SA-11	Developer Security Testing and Evaluation
ATE_FUN.2 EAL6 EAL7	Functional Tests Ordered Functional Testing	SA-11	Developer Security Testing and Evaluation
ATE_IND.1 EAL1	Independent Testing Independent Testing – Conformance	CA-2	Security Assessments
		CA-2 (1)	Security Assessments Independent Assessors
		SA-11 (3)	Developer Security Testing and Evaluation Independent Verification of Assessment Plans / Evidence
ATE_IND.2 EAL2 EAL3 EAL4 EAL5 EAL6	Independent Testing Independent Testing – Sample	CA-2	Security Assessments
		CA-2 (1)	Security Assessments Independent Assessors
		SA-11 (3)	Developer Security Testing and Evaluation Independent Verification of Assessment Plans / Evidence
ATE_IND.3 EAL7	Independent Testing Independent Testing – Complete	CA-2	Security Assessments
		CA-2 (1)	Security Assessments Independent Assessors
		SA-11 (3)	Developer Security Testing and Evaluation Independent Verification of Assessment Plans / Evidence
AVA_VAN.1 EAL1	Vulnerability Analysis Vulnerability Survey	CA-2 (2)	Security Assessments Specialized Assessments
		CA-8	Penetration Testing
		RA-3	Risk Assessment
		SA-11 (2)	Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation
		SA-11 (5)	Developer Security Testing and Evaluation Penetration Testing
AVA_VAN.2 EAL2 EAL3	Vulnerability Analysis Vulnerability Analysis	CA-2 (2)	Security Assessments Specialized Assessments
		CA-8	Penetration Testing
		RA-3	Risk Assessment
		SA-11 (2)	Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation
		SA-11 (5)	Developer Security Testing and Evaluation Penetration Testing
AVA_VAN.3 EAL4	Vulnerability Analysis Focused Vulnerability Analysis	CA-2 (2)	Security Assessments Specialized Assessments
		CA-8	Penetration Testing
		RA-3	Risk Assessment
		SA-11 ( 2)	Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation
		SA-11 (5)	Developer Security Testing and Evaluation Penetration Testing
AVA_VAN.4 EAL5	Vulnerability Analysis Methodical Vulnerability Analysis	CA-2 (2)	Security Assessments Types of Assessments
		CA-8	Penetration Testing
		RA-3	Risk Assessment
		SA-11 (2)	Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation
		SA-11 (5)	Developer Security Testing and Evaluation Penetration Testing
AVA_VAN.5 EAL6 EAL7	Vulnerability Analysis Advanced Methodical Vulnerability Analysis	CA-2 (2)	Security Assessments Types of Assessments
		CA-8	Penetration Testing
		RA-3	Risk Assessment
		SA-11 (2)	Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation
		SA-11 (5)	Developer Security Testing and Evaluation Penetration Testing
ACO_COR.1	Composition Rationale Composition Rationale	SA-17	Developer Security Architecture and Design
ACO_DEV.1	Development Evidence Functional Description	SA-17	Developer Security Architecture and Design
ACO_DEV.2	Development Evidence Basic Evidence of Design	SA-17	Developer Security Architecture and Design
ACO_DEV.3	Development Evidence Detailed Evidence of Design	SA-17	Developer Security Architecture and Design
ACO_REL.1	Reliance on Dependent Component Basic Reliance Information	SA-17	Developer Security Architecture and Design
ACO_REL.2	Reliance on Dependent Component Reliance Information	SA-17	Developer Security Architecture and Design
ACO_CTT.1	Composed TOE Testing Interface Testing	SA-11	Developer Security Testing and Evaluation
ACO_CTT.2	Composed TOE Testing Rigorous Interface Testing	SA-11	Developer Security Testing and Evaluation
ACO_VUL.1	Composition Vulnerability Analysis Composition Vulnerability Review	CA-2	Security Assessments
		CA-8	Penetration Testing
		RA-3	Risk Assessment
		SA-11	Developer Security Testing and Evaluation
ACO_VUL.2	Composition Vulnerability Analysis Composition Vulnerability Analysis	CA-2	Security Assessments
		CA-8	Penetration Testing
		RA-3	Risk Assessment
		SA-11	Developer Security Testing and Evaluation
ACO_VUL.3	Composition Vulnerability Analysis Enhanced-Basic Composition Vulnerability Review	CA-2	Security Assessments
		CA-8	Penetration Testing
		RA-3	Risk Assessment
		SA-11	Developer Security Testing and Evaluation

appendix i

Yüklə 5,64 Mb.

Dostları ilə paylaş: