Joint task force transformation initiative


Developer Security Architecture and Design



Download 5.8 Mb.
Page174/186
Date31.01.2017
Size5.8 Mb.
#13082
1   ...   170   171   172   173   174   175   176   177   ...   186

Developer Security Architecture and Design

ADV_ARC.1

EAL2
EAL3


EAL4
EAL5
EAL6
EAL7

Security Architecture

Security Architecture Description
AC-25

Reference Monitor

SA-17

Developer Security Architecture and Design

SA-18

Tamper Resistance and Detection

SC-3

Security Function Isolation

SC-3(1)

Security Function Isolation

Hardware Separation

SC-3(2)

Security Function Isolation

Minimize Nonsecurity Functionality



SC-41

Process Isolation

ADV_FSP.1

EAL1


Functional Specification

Basic Functional Specification
SA-4(1)

Acquisition Process

Functional Properties of Security Controls

SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls



ADV_FSP.2

EAL2


Functional Specification

Security-Enforcing Functional Specification
SA-4(1)

Acquisition Process

Functional Properties of Security Controls

SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17(4)

Developer Security Architecture and Design

Informal Correspondence

ADV_FSP.3

EAL3


Functional Specification

Functional Specification With Complete Summary
SA-4(1)

Acquisition Process

Functional Properties of Security Controls

SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17(4)

Developer Security Architecture and Design

Informal Correspondence

ADV_FSP.4

EAL4


Functional Specification

Complete Functional Specification
SA-4(1)

Acquisition Process

Functional Properties of Security Controls

SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls



SA-17(4)

Developer Security Architecture and Design

Informal Correspondence

ADV_FSP.5

EAL5
EAL6
Functional Specification

Complete Semi-Formal Functional Specification with Additional Error Information
SA-4(1)

Acquisition Process

Functional Properties of Security Controls

SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

SA-17(4)

Developer Security Architecture and Design

Informal Correspondence

ADV_FSP.6

EAL7


Functional Specification

Complete Semi-Formal Functional Specification with Additional Formal Specification
SA-4(1)

Acquisition Process

Functional Properties of Security Controls

SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

SA-17(3)

Developer Security Architecture and Design

Formal Correspondence

SA-17(4)

Developer Security Architecture and Design

Informal Correspondence

ADV_IMP.1

EAL4
EAL5
Implementation Representation

Implementation Representation of the TSF
SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

ADV_IMP.2

EAL6
EAL7
Implementation Representation

Complete Mapping of the Implementation Representation of the TSF
SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

SA-17(3)

Developer Security Architecture and Design

Formal Correspondence



ADV_INT.1

TSF Internals

Well-Structured Subset of TSF Internals
SA-8

Security Engineering Principles

SC-3(3)

Security Function Isolation

Minimize Nonsecurity Functionality

SC-3(4)

Security Function Isolation

Module Coupling and Cohesiveness

SC-3(5)

Security Function Isolation

Layered Structures

ADV_INT.2

EAL5


TSF Internals

Well-Structured Internals
SA-8

Security Engineering Principles

SC-3(3)

Security Function Isolation

Minimize Nonsecurity Functionality

SC-3(4)

Security Function Isolation

Module Coupling and Cohesiveness

SC-3(5)

Security Function Isolation

Layered Structures

ADV_INT.3

EAL6
EAL7
TSF Internals

Minimally Complex Internals
SA-8

Security Engineering Principles

SA-17(5)

Developer Security Architecture and Design

Conceptually Simple Design

SC-3(3)

Security Function Isolation

Minimize Nonsecurity

Functionality


SC-3(4)

Security Function Isolation

Module Coupling and Cohesiveness

SC-3(5)

Security Function Isolation

Layered Structures

AC-25

Reference Monitor

ADV_SPM.1

EAL6
EAL7
Security Policy Modeling

Formal TOE Security Policy Model
SA-17(1)

Developer Security Architecture and Design

Formal Policy Model

SA-17(3)

Developer Security Architecture and Design

Formal Correspondence

ADV_TDS.1

EAL2


TOE Design

Basic Design
SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

SA-17

Developer Security Architecture and Design

ADV_TDS.2

EAL3


TOE Design

Architectural Design
SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

SA-17

Developer Security Architecture and Design

ADV_TDS.3

EAL4


TOE Design

Basic Modular Design
SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

SA-17

Developer Security Architecture and Design

ADV_TDS.4

EAL5


TOE Design

Semiformal Modular Design
SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

SA-17

Developer Security Architecture and Design

SA-17(2)

Developer Security Architecture and Design

Security Relevant Components

SA-17(4)

Developer Security Architecture and Design

Informal Correspondence

ADV_TDS.5

EAL6


TOE Design

Complete Semiformal Modular Design
SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

SA-17

Developer Security Architecture and Design

SA-17(2)

Developer Security Architecture and Design

Security Relevant Components

SA-17(4)

Developer Security Architecture and Design

Informal Correspondence

ADV_TDS.6

EAL7


TOE Design

Complete Semiformal Modular Design with Formal High-Level Design Presentation
SA-4(2)

Acquisition Process

Design / Implementation Information for Security Controls

SA-17

Developer Security Architecture and Design

SA-17(2)

Developer Security Architecture and Design

Security Relevant Components

SA-17(3)

Developer Security Architecture and Design

Formal Correspondence

SA-17(4)

Developer Security Architecture and Design

Informal Correspondence

AGD_OPE.1

EAL1
EAL2


EAL3
EAL4
EAL5
EAL6
EAL7

Operational User Guidance

Operational User Guidance
SA-5

Information System Documentation

AGD_PRE.1

EAL1
EAL2


EAL3
EAL4
EAL5
EAL6
EAL7

Preparative Procedures

Preparative Procedures
SA-5

Information System Documentation

ALC_CMC.1

EAL1


CM Capabilities

Labeling of the TOE
CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMC.2

EAL2


CM Capabilities

Use of a CM System
CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMC.3

EAL3


CM Capabilities

Authorization Controls
CM-3

Configuration Change Control

CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMC.4

EAL4
EAL5
CM Capabilities

Production Support, Acceptance Procedures, and Automation
CM-3

Configuration Change Control

CM-3(1)

Configuration Change Control

Automated Document / Notification / Prohibition of Changes



CM-3(3)

Configuration Change Control

Automated Change Implementation



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMC.5

EAL6
EAL7
CM Capabilities

Advanced Support
CM-3

Configuration Change Control

CM-3(1)

Configuration Change Control

Automated Document / Notification / Prohibition of Changes



CM-3(2)

Configuration Change Control

Test / Validate / Document Changes



CM-3(3)

Configuration Change Control

Automated mechanisms to field and deploy



CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.1

EAL1


CM Scope

TOE CM Coverage
CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.2

EAL2


CM Scope

Parts of the TOE CM Coverage
CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.3

EAL3


CM Scope

Implementation Representation CM Coverage
CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.4

EAL4


CM Scope

Problem Tracking CM Coverage
CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_CMS.5

EAL5
EAL6


EAL7

CM Scope

Development Tools CM Coverage
CM-9

Configuration Management Plan

SA-10

Developer Configuration Management

ALC_DEL.1

EAL2
EAL3


EAL4
EAL5
EAL6
EAL7

Delivery

Delivery Procedures
MP-5

Media Transport

SA-10(1)

Developer Configuration Management

Software / Firmware Integrity Verification

SA-10(6)

Developer Configuration Management

Trusted Distribution

SA-18

Tamper Resistance and Detection

SA-19

Component Authenticity

ALC_DVS.1

EAL3
EAL4


EAL5

Development Security

Identification of Security Measures
SA-1

System and Services Acquisition Policy and Procedures

SA-3

System Development Lifecycle

SA-12

Supply Chain Protection

ALC_DVS.2

EAL6
EAL7
Development Security

Sufficiency of Security Measures
CM-5

Access Restrictions for Change

SA-3

System Development Lifecycle

SA-12

Supply Chain Protection

ALC_FLR.1

Flaw Remediation

Basic Flaw Remediation
SA-10

Developer Configuration Management

SA-11

Developer Security Testing / Evaluation

SI-2

Flaw Remediation

ALC_FLR.2

Flaw Remediation

Flaw Reporting Procedures
SA-10

Developer Configuration Management

SA-11

Developer Security Testing / Evaluation

SI-2

Flaw Remediation

ALC_FLR.3

Flaw Remediation

Systematic Flaw Remediation
SA-10

Developer Configuration Management

SA-11

Developer Security Testing / Evaluation

SI-2

Flaw Remediation

ALC_LCD.1

EAL3
EAL4


EAL5
EAL6

Life-Cycle Definition

Developer Defined Life-Cycle Model
SA-3

System Development Life Cycle

SA-15

Development Process, Standards, and Tools

ALC_LCD.2

EAL7


Life-Cycle Definition

Measurable Life-Cycle Model
SA-3

System Development Life Cycle

SA-15

Development Process, Standards, and Tools

ALC_TAT.1

EAL4


Tools and Techniques

Well-Defined Development Tools
SA-15

Development Process, Standards, and Tools

ALC_TAT.2

EAL5


Tools and Techniques

Compliance with Implementation Standards
SA-15

Development Process, Standards, and Tools

ALC_TAT.3

EAL6
EAL7
Tools and Techniques

Compliance with Implementation Standards – All Parts
SA-15

Development Process, Standards, and Tools

ATE_COV.1

EAL2


Coverage

Evidence of Coverage
SA-11

Developer Security Testing and Evaluation

SA-11(7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_COV.2

EAL3
EAL4


EAL5

Coverage

Analysis of Coverage
SA-11

Developer Security Testing and Evaluation

SA-11(7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_COV.3

EAL6
EAL7
Coverage

Rigorous Analysis of Coverage
SA-11

Developer Security Testing and Evaluation

SA-11(7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_DPT.1

EAL3


Depth

Testing: Basic Design
SA-11

Developer Security Testing and Evaluation

SA-11(7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_DPT.2

EAL4


Depth

Testing: Security Enforcing Modules
SA-11

Developer Security Testing and Evaluation

SA-11(7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_DPT.3

EAL5
EAL6
Depth

Testing: Modular Design
SA-11

Developer Security Testing and Evaluation

SA-11(7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_DPT.4

EAL7


Depth

Testing: Implementation Representation
SA-11

Developer Security Testing and Evaluation

SA-11(7)

Developer Security Testing and Evaluation Verify Scope of Testing / Evaluation

ATE_FUN.1

EAL2
EAL3


EAL4
EAL5

Functional Tests

Functional Testing
SA-11

Developer Security Testing and Evaluation

ATE_FUN.2

EAL6
EAL7
Functional Tests

Ordered Functional Testing
SA-11

Developer Security Testing and Evaluation

ATE_IND.1

EAL1


Independent Testing

Independent Testing – Conformance



CA-2

Security Assessments

CA-2(1)

Security Assessments

Independent Assessors

SA-11(3)

Developer Security Testing and Evaluation Independent Verification of Assessment Plans / Evidence

ATE_IND.2

EAL2
EAL3


EAL4
EAL5
EAL6

Independent Testing

Independent Testing – Sample
CA-2

Security Assessments

CA-2(1)

Security Assessments

Independent Assessors

SA-11(3)

Developer Security Testing and Evaluation Independent Verification of Assessment Plans / Evidence

ATE_IND.3

EAL7


Independent Testing

Independent Testing – Complete
CA-2

Security Assessments

CA-2(1)

Security Assessments

Independent Assessors

SA-11(3)

Developer Security Testing and Evaluation Independent Verification of Assessment Plans / Evidence

AVA_VAN.1

EAL1


Vulnerability Analysis

Vulnerability Survey
CA-2(2)

Security Assessments

Specialized Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11(2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11(5)

Developer Security Testing and Evaluation Penetration Testing

AVA_VAN.2

EAL2
EAL3
Vulnerability Analysis

Vulnerability Analysis
CA-2(2)

Security Assessments

Specialized Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11(2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11(5)

Developer Security Testing and Evaluation Penetration Testing

AVA_VAN.3

EAL4


Vulnerability Analysis

Focused Vulnerability Analysis
CA-2(2)

Security Assessments

Specialized Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11( 2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11(5)

Developer Security Testing and Evaluation Penetration Testing

AVA_VAN.4

EAL5


Vulnerability Analysis

Methodical Vulnerability Analysis
CA-2(2)

Security Assessments

Types of Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11(2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11(5)

Developer Security Testing and Evaluation Penetration Testing

AVA_VAN.5

EAL6
EAL7
Vulnerability Analysis

Advanced Methodical Vulnerability Analysis
CA-2(2)

Security Assessments

Types of Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11(2)

Developer Security Testing and Evaluation Threat And Vulnerability Analyses / Flaw Remediation

SA-11(5)

Developer Security Testing and Evaluation Penetration Testing

ACO_COR.1

Composition Rationale

Composition Rationale
SA-17

Developer Security Architecture and Design

ACO_DEV.1

Development Evidence

Functional Description
SA-17

Developer Security Architecture and Design

ACO_DEV.2

Development Evidence

Basic Evidence of Design
SA-17

Developer Security Architecture and Design

ACO_DEV.3

Development Evidence

Detailed Evidence of Design
SA-17

Developer Security Architecture and Design

ACO_REL.1

Reliance on Dependent Component

Basic Reliance Information
SA-17

Developer Security Architecture and Design

ACO_REL.2

Reliance on Dependent Component

Reliance Information
SA-17

Developer Security Architecture and Design

ACO_CTT.1

Composed TOE Testing

Interface Testing



SA-11

Developer Security Testing and Evaluation

ACO_CTT.2

Composed TOE Testing

Rigorous Interface Testing



SA-11

Developer Security Testing and Evaluation

ACO_VUL.1

Composition Vulnerability Analysis

Composition Vulnerability Review
CA-2

Security Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11

Developer Security Testing and Evaluation

ACO_VUL.2

Composition Vulnerability Analysis

Composition Vulnerability Analysis
CA-2

Security Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11

Developer Security Testing and Evaluation

ACO_VUL.3

Composition Vulnerability Analysis

Enhanced-Basic Composition Vulnerability Review
CA-2

Security Assessments

CA-8

Penetration Testing

RA-3

Risk Assessment

SA-11

Developer Security Testing and Evaluation


appendix i

Directory: publications
publications -> Acm word Template for sig site
publications ->  Preparation of Papers for ieee transactions on medical imaging
publications -> Adjih, C., Georgiadis, L., Jacquet, P., & Szpankowski, W. (2006). Multicast tree structure and the power law
publications -> Swiss Federal Institute of Technology (eth) Zurich Computer Engineering and Networks Laboratory
publications -> Quantitative skills
publications -> Multi-core cpu and gpu implementation of Discrete Periodic Radon Transform and Its Inverse
publications -> List of Publications Department of Mechanical Engineering ucek, jntu kakinada
publications -> 1. 2 Authority 1 3 Planning Area 1
publications -> Sa michelson, 2011: Impact of Sea-Spray on the Atmospheric Surface Layer. Bound. Layer Meteor., 140 ( 3 ), 361-381, doi: 10. 1007/s10546-011-9617-1, issn: Jun-14, ids: 807TW, sep 2011 Bao, jw, cw fairall, sa michelson

Download 5.8 Mb.

Share with your friends:
1   ...   170   171   172   173   174   175   176   177   ...   186



The database is protected by copyright ©ininet.org 2024
send message

    Main page
federal government
private sector
national institute
guidance provided