Зарубежные нормативные документы и критерии на английском / CCPART3V21
.pdfSecurity impact analysis (AMA_SIA) |
16 - Class AMA: Maintenance of |
|
assurance |
AMA_SIA.2.3C
AMA_SIA.2.4C
AMA_SIA.2.5C
AMA_SIA.2.6C
AMA_SIA.2.7C
AMA_SIA.2.1E
AMA_SIA.2.2E
The security impact analysis shall, for each change affecting the security target or TSF representations, briefly describe the change and any effects it has on lower representation levels.
The security impact analysis shall, for each change affecting the security target or TSF representations, identify all IT security functions and all TOE components categorised as TSP-enforcing that are affected by the change.
The security impact analysis shall, for each change which results in a modification of the implementation representation of the TSF or the IT environment, identify the test evidence that shows, to the required level of assurance, that the TSF continues to be correctly implemented following the change.
The security impact analysis shall, for each applicable assurance requirement in the configuration management (ACM), life cycle support (ALC), delivery and operation (ADO) and guidance documents (AGD) assurance classes, identify any evaluation deliverables that have changed, and provide a brief description of each change and its impact on assurance.
The security impact analysis shall, for each applicable assurance requirement in the vulnerability assessment (AVA) assurance class, identify which evaluation deliverables have changed and which have not, and give reasons for the decision taken as to whether or not to update the deliverable.
Evaluator action elements:
The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
The evaluator shall check that the security impact analysis documents all changes to an appropriate level of detail, together with appropriate justifications that assurance has been maintained in the current version of the TOE.
August 1999 |
Version 2.1 |
Page 203 of 208 |
Part 3: Security assurance requirements
Annex A (informative)
Cross reference of assurance component dependencies
588 |
|
The dependencies documented in the components of clauses 8-14 and clause 16, are |
||||||||||||||||||||||||||
|
|
the direct dependencies between the assurance components. Table A.1 summarises |
||||||||||||||||||||||||||
|
|
both the direct dependencies and the indirect dependencies. The indirect |
||||||||||||||||||||||||||
|
|
dependencies are the cumulative result of iteratively including all the dependencies |
||||||||||||||||||||||||||
|
|
of each component identified as being a dependency. |
||||||||||||||||||||||||||
|
|
|
|
|
|
|
Table A.1 - Assurance component dependenciesa |
|||||||||||||||||||||
|
Comp. |
|
A |
C |
S |
D |
I |
F |
H |
I |
I |
L |
R |
S |
A |
U |
D |
F |
L |
T |
C |
D |
F |
I |
C |
M |
S |
V |
|
|
U |
A |
C |
E |
G |
S |
L |
M |
N |
L |
C |
P |
D |
S |
V |
L |
C |
A |
O |
P |
U |
N |
C |
S |
O |
L |
|
|
Names |
|
||||||||||||||||||||||||||
|
|
T |
P |
P |
L |
S |
P |
D |
P |
T |
D |
R |
M |
M |
R |
S |
R |
D |
T |
V |
T |
N |
D |
A |
U |
F |
A |
|
|
|
|
||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AUT.1-2 |
|
|
3 |
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
CAP.1-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CAP.3-4 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
CAP.5 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
|
|
|
SCP.1-3 |
|
|
3 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DEL.1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DEL.2-3 |
|
|
3 |
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
IGS.1-2 |
|
|
|
|
|
|
1 |
|
|
|
|
1 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FSP.1-4 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HLD.1-2 |
|
|
|
|
|
|
1 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HLD.3-4 |
|
|
|
|
|
|
3 |
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HLD.5 |
|
|
|
|
|
|
4 |
|
|
|
|
3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
IMP.1-2 |
|
|
|
|
|
|
1 |
2 |
|
|
1 |
1 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
IMP.3 |
|
|
|
|
|
|
1 |
2 |
|
1 |
1 |
1 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
INT.1-2 |
|
|
|
|
|
|
1 |
2 |
1 |
|
1 |
1 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
INT.3 |
|
|
|
|
|
|
1 |
2 |
2 |
|
1 |
1 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
LLD.1 |
|
|
|
|
|
|
1 |
2 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LLD.2 |
|
|
|
|
|
|
3 |
3 |
|
|
|
2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LLD.3 |
|
|
|
|
|
|
4 |
5 |
|
|
|
3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RCR.1-3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SPM.1-3 |
|
|
|
|
|
|
1 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ADM.1 |
|
|
|
|
|
|
1 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
USR.1 |
|
|
|
|
|
|
1 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
August 1999 |
Version 2.1 |
Page 204 of 208 |
A - Cross reference of assurance component dependencies
Table A.1 - Assurance component dependenciesa
Comp. |
A |
C |
S |
D |
I |
F |
H |
I |
I |
L |
R |
S |
A |
U |
D |
F |
L |
T |
C |
D |
F |
I |
C |
M |
S |
V |
|
U |
A |
C |
E |
G |
S |
L |
M |
N |
L |
C |
P |
D |
S |
V |
L |
C |
A |
O |
P |
U |
N |
C |
S |
O |
L |
||
Names |
|||||||||||||||||||||||||||
T |
P |
P |
L |
S |
P |
D |
P |
T |
D |
R |
M |
M |
R |
S |
R |
D |
T |
V |
T |
N |
D |
A |
U |
F |
A |
||
|
|||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DVS.1-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FLR.1-3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LCD.1-3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TAT.1-3 |
|
|
|
|
|
1 |
2 |
1 |
|
1 |
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
COV.1-3 |
|
|
|
|
|
1 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
DPT.1 |
|
|
|
|
|
1 |
1 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
DPT.2 |
|
|
|
|
|
1 |
2 |
|
|
1 |
1 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
DPT.3 |
|
|
|
|
|
1 |
2 |
2 |
|
1 |
1 |
|
|
|
|
|
|
1 |
|
|
1 |
|
|
|
|
|
|
FUN.1-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
IND.1 |
|
|
|
|
|
1 |
|
|
|
|
1 |
|
1 |
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
IND.2-3 |
|
|
|
|
|
1 |
|
|
|
|
1 |
|
1 |
1 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CCA.1-3 |
|
|
|
|
|
2 |
2 |
2 |
|
1 |
1 |
|
1 |
1 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
MSU.1-3 |
|
|
|
|
1 |
1 |
|
|
|
|
1 |
|
1 |
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
SOF.1 |
|
|
|
|
|
1 |
1 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
VLA.1 |
|
|
|
|
|
1 |
1 |
|
|
|
1 |
|
1 |
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
VLA.2-4 |
|
|
|
|
|
1 |
2 |
1 |
|
1 |
1 |
|
1 |
1 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AMP.1 |
|
2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
CAT.1 |
|
2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EVD.1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SIA.1-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
a.In Table A.1, the left column represents groupings of specific components (using only the last three digits of the component name and an indicator of component number or range of numbers). Each non-empty box in the table indicates a specific component, identified by its name at the top of the column and the number in the box, on which the component in the left column is dependent. Bold numbers represent direct dependencies. Italicised numbers represent indirect dependencies. Dark shading represents the intersection of a component with itself. Dependencies from AMA components to assurance components are included in Table A.1, while AMA internal dependencies are shown in Table A.2 below. There are no dependencies from any non-AMA components to those in AMA, and so Table A.1 has no columns representing the AMA families.
August 1999 |
Version 2.1 |
Page 205 of 208 |
A - Cross reference of assurance component dependencies
Table A.2 - AMA Internal Dependencies
AMA |
A |
C |
E |
S |
Comp. |
M |
A |
V |
I |
Names |
P |
T |
D |
A |
|
|
|
|
|
AMP.1 |
|
1 |
|
|
CAT.1 |
|
|
|
|
EVD.1 |
1 |
1 |
|
1 |
SIA.1-2 |
|
1 |
|
|
|
|
|
|
|
Page 206 of 208 |
Version 2.1 |
August 1999 |
Part 3: Security assurance requirements
Annex B (informative)
Cross reference of EALs and assurance components
589 |
Table B.1 describes the relationship between the evaluation assurance levels and |
||||||||||
|
the assurance classes, families and components. |
|
|
|
|
|
|||||
|
|
Table B.1 - Evaluation assurance level summary |
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|||
|
Assurance |
Assurance |
|
Assurance Components by |
|
|
|
||||
|
|
Evaluation Assurance Level |
|
|
|
||||||
|
Class |
Family |
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
||
|
EAL1 |
EAL2 |
EAL3 |
EAL4 |
EAL5 |
EAL6 |
EAL7 |
|
|||
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuration |
ACM_AUT |
|
|
|
1 |
1 |
|
2 |
2 |
|
|
ACM_CAP |
1 |
2 |
3 |
4 |
4 |
|
5 |
5 |
|
|
|
management |
|
|
||||||||
|
ACM_SCP |
|
|
1 |
2 |
3 |
|
3 |
3 |
|
|
|
|
|
|
|
|
||||||
|
Delivery and |
ADO_DEL |
|
1 |
1 |
2 |
2 |
|
2 |
3 |
|
|
operation |
ADO_IGS |
1 |
1 |
1 |
1 |
1 |
|
1 |
1 |
|
|
|
ADV_FSP |
1 |
1 |
1 |
2 |
3 |
|
3 |
4 |
|
|
|
ADV_HLD |
|
1 |
2 |
2 |
3 |
|
4 |
5 |
|
|
|
ADV_IMP |
|
|
|
1 |
2 |
|
3 |
3 |
|
|
Development |
ADV_INT |
|
|
|
|
1 |
|
2 |
3 |
|
|
|
ADV_LLD |
|
|
|
1 |
1 |
|
2 |
2 |
|
|
|
ADV_RCR |
1 |
1 |
1 |
1 |
2 |
|
2 |
3 |
|
|
|
ADV_SPM |
|
|
|
1 |
3 |
|
3 |
3 |
|
|
Guidance |
AGD_ADM |
1 |
1 |
1 |
1 |
1 |
|
1 |
1 |
|
|
documents |
AGD_USR |
1 |
1 |
1 |
1 |
1 |
|
1 |
1 |
|
|
|
ALC_DVS |
|
|
1 |
1 |
1 |
|
2 |
2 |
|
|
Life cycle |
ALC_FLR |
|
|
|
|
|
|
|
|
|
|
support |
ALC_LCD |
|
|
|
1 |
2 |
|
2 |
3 |
|
|
|
ALC_TAT |
|
|
|
1 |
2 |
|
3 |
3 |
|
|
|
ATE_COV |
|
1 |
2 |
2 |
2 |
|
3 |
3 |
|
|
Tests |
ATE_DPT |
|
|
1 |
1 |
2 |
|
2 |
3 |
|
|
ATE_FUN |
|
1 |
1 |
1 |
1 |
|
2 |
2 |
|
|
|
|
|
|
|
|||||||
|
|
ATE_IND |
1 |
2 |
2 |
2 |
2 |
|
2 |
3 |
|
|
|
AVA_CCA |
|
|
|
|
1 |
|
2 |
2 |
|
|
Vulnerability |
AVA_MSU |
|
|
1 |
2 |
2 |
|
3 |
3 |
|
|
assessment |
AVA_SOF |
|
1 |
1 |
1 |
1 |
|
1 |
1 |
|
|
|
AVA_VLA |
|
1 |
1 |
2 |
3 |
|
4 |
4 |
|
|
|
|
|
|
|
|
|
|
|
|
|
August 1999 |
Version 2.1 |
Page 207 of 208 |
Annex B - EALs and components |
Part 3: Security assurance requirements |
Page 208 of 208 |
Version 2.1 |
August 1999 |