Re: Do we need explicitly stated IT security requirement for FPT_ STM?
2004-01-13, k keltezéssel YOKOTA HIROFUMI ezt írta:
> I think, many would prefer to think time is TSF Data and to evaluate the
> reliable time.
> But, developers (of the time server) may not think so.
> Because, reliable time is the very thing to be expected.
> It is the very purpose of the product.
This is why we take the following approach:
-there are 3 set of security functions, hence functional requirements:
-requirements against the TOE in the classical sense
-requirements against the environment
-business requirements are defined like normal security functional
-business requirements are requirements against the TOE
-business requirements of TOE A can be used as requirements against the
environment in TOE B
-business requirements in an ST does not have to be fully defined, but
the "owning" TOE should be suitable to be configured according to the
possible assignments and/or selections, for multiple iterations of the
-business requirements cannot be refined in a TOE which not "owns" them
beyond the scope of assignments and/or selections open in the ST of the
We call TOEs having business requirements/security functions as our
"IT security infrastructure".
GNU GPL: csak tiszta forrásból
Date Index |
Thread Index |
Problems or questions? Contact email@example.com