Test Tool Specification
- Subject: Test Tool Specification
- From: "Krall Ed-P27726" <Ed.Krall@gdds.com>
- Date: Fri, 13 Feb 2004 10:38:10 -0700
- content-class: urn:content-classes:message
- Content-Transfer-Encoding: 8bit
- Content-Type: text/plain; charset="iso-8859-1"
- Thread-Index: AcPyQck0AhiorDfhS6GRC6HUJKFWpAAFZ7Ig
- Thread-Topic: Do we need explicitly stated IT security requirement for FPT_ STM?
I am reviewing a draft protection profile for a system that demands high assurance. To that end there are a lot of explicit assurance requirements, including the following:
ATE_FUN_EXP.2.4D The developer shall provide the implementation representation (e.g., source code) for any tools that execute within the TSF boundary.
My first reaction was that this requirement belongs in ADV_IMP, but now I am not so sure. The intent --I presume -- is to allow the evaluator to look at source code of *test* tools, so where does this requirement belong?
(I don't want to address the usefulness of that intent, just where to allocate the requirement.)
| Edward J. Krall, Ph. D., | General Dynamics C4 Systems |
| CISSP, IAM | ISSPD |
| (480)441-0026 | Mail Stop R1106 |
| (480)441-0291 - Fax | 8220 East Roosevelt Road |
| firstname.lastname@example.org | Scottsdale, AZ 85252-1417 |
Date Index |
Thread Index |
Problems or questions? Contact email@example.com