Test Tool Specification

Subject: Test Tool Specification
From: "Krall Ed-P27726" <Ed.Krall@gdds.com>
Date: Fri, 13 Feb 2004 10:38:10 -0700
content-class: urn:content-classes:message
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="iso-8859-1"
Thread-Index: AcPyQck0AhiorDfhS6GRC6HUJKFWpAAFZ7Ig
Thread-Topic: Do we need explicitly stated IT security requirement for FPT_ STM?


I am reviewing a draft protection profile for a system that demands high assurance.  To that end there are a lot of explicit assurance requirements, including the following:

ATE_FUN_EXP.2.4D The developer shall provide the implementation representation (e.g., source code) for any tools that execute within the TSF boundary.

My first reaction was that this requirement belongs in ADV_IMP, but now I am not so sure.  The intent --I presume -- is to allow the evaluator to look at source code of *test* tools, so where does this requirement belong?

(I don't want to address the usefulness of that intent, just where to allocate the requirement.)


Ed

 ______________________________________________________________
| Edward J. Krall, Ph. D.,   | General Dynamics C4 Systems     |
|                CISSP, IAM  | ISSPD                           |
| (480)441-0026              | Mail Stop R1106                 |
| (480)441-0291 - Fax        | 8220 East Roosevelt Road        |
| ed.krall@gdds.com          | Scottsdale, AZ 85252-1417       |
|____________________________|_________________________________|

Follow-Ups:
- Re: Test Tool Specification
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: Re: Do we need explicitly stated IT security requirement for FPT_ STM?
Next by Date: RE: Do we need explicitly stated IT security requirement for FPT_ STM?
Prev by thread: Re: Clarification of Term in Assurance Continuity Requirements Document
Next by thread: Re: Test Tool Specification

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov