Common Criteria

Organisational

ACM Configuration Management
ALC Life Cycle Support

ALC_DVS Development Security
ALC_FLR Flaw Remediation

ADO Delivery and Operations

ADO_DEL Delivery
ADO_IGS Installation, generation and startup

AGD Guidance

AGD_ADM Adminstrator Guidance
AGD_USR User guidance

Technical

ASE_ST Security Target
ADV_FSP Functional Specification
ADV_HLD High-Level Design
ADV_RCR Representation Correspondence
Glossary

Configuration Management

Life Cycle Support

Life cycle support consists of Development Security (DVS) and optionally Flaw Remediation (FLR).

Development Security

Flaw Remediation

Flaws in the TOE are only relevant for flaw remediation activities if they pose a security threat.

Tracking of security flaws
Identify corrective actions
distribution of remediation information to users of the TOE

Security Target

Security Environment

For the TOE and its environment, assumptions (A.) are made and threats to the TOE (T.) and its environment (TE.) are listed.

Security Objectives

Objectives for the TOE (O.objective) and the IT environment (OE.objective) are defined.
Examples: O.AUTHENTICATION, describing the authentication mechanisms of the TOE,
OE.PHYSICAL. defining the physical environment in which the TOE is operated, such as a data center.

SFR - Security Functional Requirements

SF - Security Functions

The Security Functions are the technical security measures taken to meet the security functional requirements.

TOE Assurance Measures

Functional Specification (FSP)

The FSP describes the external interfaces of the TOE, that is the security functions which are needed to satisfy the security functional requirements of the ST. Therefore, all logical external interfaces are documented in the FSP.
Interfaces which provide security functions (directly or indirectly) are called TOE Security Function Interface (TSFI). All effects, exceptions and error messages of TSFI are described in detail in the FSP.

The following subjects are also part of the FSP:

Output of the TOE, e.g. event log entries
Reasons for an interface to be irrelevant in terms of security (e.g. no reconfiguration possible)

High-Level Design (HLD)

Hardware (and operating system, when evaluating an application) are typically considered the 'underlying abstract machine', which the TSFs may rely upon.
If hardware is accessed directly by the TOE, this is an internal interface. Should access to the hardware be somehow influenced by the operating system, this might be an external interface.

Delivery and Operations

A secure configuration of the TOE is ensured by procedures for

secure installation
generation
startup

Such procedures are documented in the administrator guidance as well as additional documents specific for these procedures, such as:

changing security relevant settings
handling of exceptions of problems
minimum system requirements for secure installation

If the TOE is already delivered in an operational state, ADO is not applicable.

Representation CoRrespondence analysis (RCR)

The RCR maps security requirements of the ST to the security functions of the FSP. Therefore, the TOE security functions (e.g., SF.AUDIT, SF.IA) are mapped to the descriptions in the FSP.

Mapping EAL3


ACM	Configuration Management
ACM_CAP	CM capabilities
ACM_SCP	CM scope

ADO	Delivery and operation
ADO_DEL	Delivery
ADO_IGS	Installation, generation and start-up

ALC	Life cycle support
ALC_DVS	Development Security
ALC_FLR (opt.)	Flaw remediation	also includes change management

AGD	Guidance
AGD_ADM	Administrator guidance
AGD_USR	User guidance

Glossary

FSP	Functional Specification
SF	Security Function
SFR	Security Function Requirements
ST	Security Target
TOE	Target Of Evaluation
TSF	TOE Security Functions
TSFI	TSF Interface