Re: SFRs - Requirement Specification or Implementation Description?

["Dirk-Jan Out" <out@itsef.com>]

> If starting/stopping the TOE is equivalent to
> starting/stopping the audit function and an audit
> is generated for those events, then the
> requirement is satisfied.  There is no
> requirement that a separate management operation
> for starting/stopping the audit function be available.
>
> If an explicitly stated variant of FAU_GEN is
> used, another possible issue is introduced - is
> the dependency on FAU_GEN from other SFRs satisfied?

No: the dependency is not satisfied (2.3:ASE_REQ.1-13) because the extended 
requirement is neither FAU_GEN.1 nor hierarchical to it. 

Therefore the ST should contain a justification satisfying 2.3:ASE_REQ.1-14 
This shouldn't be very hard to write. 

DJ
-- 
Dirk-Jan Out
brightsight bv        
Delftechpark 1, 2628 XJ Delft, The Netherlands
T +31 15 269 2525, F +31 15 269 2555, www.brightsight.com

BRIGHTSIGHT is the new name for TNO ITSEF BV

It has been over two years now since our company spun-off from TNO to
form TNO ITSEF BV, a separate company under TNO. Since our parent
company TNO is also involved in security activities, we have jointly
decided to change our company name in order to express more explicitly
that we are a separate company and to avoid confusion.

We are proud to present our new name, "brightsight".

We trust we will be able to continue our valued relationship as
successfully as before. Please check our new website at
www.brightsight.com for details about our services.