Nuke ALC_DVS.1.2C

Subject: Nuke ALC_DVS.1.2C
From: "Knoke, Jim" <Jim.Knoke@GetronicsGov.com>
Date: Wed, 7 Aug 2002 12:11:14 -0400
content-class: urn:content-classes:message
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="us-ascii"
Thread-Index: AcIuiZeXEntnX8aUSsKZqE9D80IdHwPoj6jQ
Thread-Topic: Nuke ALC_DVS.1.2C


ALC_DVS.1.2C says the development security "documentation" shall provide
evidence that these security measures are followed. It seems to me that
the requirement against the developer should be to maintain some records
of use of the mechanisms. Then the evaluator should be required to
investigate to some degree whether the documented measures are being
followed well enough. I think this investigation would be probably in
conjunction with a site visit and talking to some developers and would
tend to involve spot checking some of the pertinent on-line records. It
seems misleading to me to have the CC requirement state that evidence
must be included in the "documentation".

Prev by Date: Re: Does TSF include administrator?
Next by Date: RI: when must abstract machine and self-test tests run?
Prev by thread: Re: RI: when must abstract machine and self-test tests run?
Next by thread: Re: Nuke ALC_DVS.1.2C

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov