Life cycle support consists of Development Security (DVS) and optionally Flaw Remediation (FLR).
Flaws in the TOE are only relevant for flaw remediation activities if they pose a security threat.
For the TOE and its environment, assumptions (A.) are made and threats to the TOE (T.) and its environment (TE.) are listed.
Objectives for the TOE (O.objective)
and the IT environment (OE.objective)
are defined.
Examples:
O.AUTHENTICATION, describing the authentication mechanisms of the TOE,
OE.PHYSICAL. defining the physical environment in which the TOE is operated, such as a data center.
The Security Functions are the technical security measures taken to meet the security functional requirements.
The FSP describes the external interfaces of the TOE,
that is the security functions
which are needed to satisfy the security functional requirements of the ST.
Therefore, all logical external interfaces are documented in the FSP.
Interfaces which provide security functions (directly or indirectly)
are called TOE Security Function Interface (TSFI).
All effects, exceptions and error messages
of TSFI are described in detail in the FSP.
The following subjects are also part of the FSP:
Hardware (and operating system, when evaluating an application)
are typically considered the 'underlying abstract machine',
which the TSFs may rely upon.
If hardware is accessed directly by the TOE, this is an internal interface.
Should access to the hardware be somehow influenced by the operating system, this might be an external interface.
A secure configuration of the TOE is ensured by procedures for
If the TOE is already delivered in an operational state, ADO is not applicable.
ACM | Configuration Management | |
ACM_CAP | CM capabilities | |
ACM_SCP | CM scope | |
ADO | Delivery and operation | |
ADO_DEL | Delivery | |
ADO_IGS | Installation, generation and start-up | |
ALC | Life cycle support | |
ALC_DVS | Development Security | |
ALC_FLR (opt.) | Flaw remediation | also includes change management |
AGD | Guidance | |
AGD_ADM | Administrator guidance | |
AGD_USR | User guidance |
FSP | Functional Specification |
SF | Security Function |
SFR | Security Function Requirements |
ST | Security Target |
TOE | Target Of Evaluation |
TSF | TOE Security Functions |
TSFI | TSF Interface |