common evaluation methodology for information technology security cem 97 017 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Common Evaluation Methodology for Information Technology Security (CEM-97/017) PowerPoint Presentation
Download Presentation
Common Evaluation Methodology for Information Technology Security (CEM-97/017)

Loading in 2 Seconds...

play fullscreen
1 / 37

Common Evaluation Methodology for Information Technology Security (CEM-97/017) - PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on

Common Evaluation Methodology for Information Technology Security (CEM-97/017). Part 2 chapter 1 – 4 TM8104, André Årnes 29. november 2004. Chapter 1: Introduction. Scope. Companion document to Common Criteria Describes minimum actions to be performed by an evaluator

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Common Evaluation Methodology for Information Technology Security (CEM-97/017)' - huong


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
common evaluation methodology for information technology security cem 97 017

Common Evaluation Methodology for Information Technology Security (CEM-97/017)

Part 2 chapter 1 – 4

TM8104, André Årnes29. november 2004

scope
Scope
  • Companion document to Common Criteria
  • Describes minimum actions to be performed by an evaluator
  • Limited to evaluations of Protection Profiles and TOEs for EAL1 through EAL4
  • Target audience:
    • evaluators that are applying CC
    • Certifiers that are confirming evaluators actions
  • CEM Part 2 takes precedence over CEM Part 1 (v 0.6)
terminology
Terminology
  • Activity: the application of an assurance class of the CC part 3
  • Sub-activity: the application of an assurance component of the CC part 3
  • Action: related to an evaluator action element of the CC part 3
  • Work-unit: most granular level of evaluation work
  • e.g. “4:ALC_TAT.1-2”, i.e. EAL4, CC component “ALC_TAT.1”, 2nd work unit in the sub-activity
evaluator verdicts
Evaluator Verdicts
  • The evaluator assigns verdicts to the requirements of the CC and not to those of the CEM.
  • The most granular CC structure to which a verdict is assigned is the evaluator action element (explicit or implied).
  • As a result of performing the corresponding CEM action and its constituent work units.
  • Three mutually exclusive verdict states:
    • Pass: requirements for PP, ST, TOE under avaluation are met.
    • Inconclusive: Inconclusion of one or more work units.
    • Fail: requirements for PP, ST, TOE are not met.
  • All verdicts are initially inconclusive.
general evaluation tasks
General Evaluation tasks
  • Two evaluator tasks in common for all evaluations (PP or TOE, including ST)
    • The input task
    • The output task
  • These two tasks are related to:
    • Management of evaluation evidence
    • Report generation
  • Each task has associated sub-tasks.
  • The tasks are performed to comply with the CEM – there are no verdicts
  • The CC does not mandate specific requirements on the input and output tasks.
  • The CEM does so in order to ensure conformance to the universal principles (part 1).
evaluation input task
Evaluation input task
  • Objective
    • Ensure that correct versions of all evaluation evidence necessary for the evaluation is available to the evaluator
    • Ensure that evaluation evidence is adequately protected
    • This facilitates:
      • technical accuracy of the evaluation
      • that the evaluation is being conducted in a way to allow repeatable and reproducible results
  • Management of evaluation evidence sub-task:
    • Configuration Control
    • Disposal (return, archive, or destroy)
    • Confidentiality
evaluation output task
Evaluation output task
  • Objectives:
    • Describe the Observation Report (OR)
    • Describe the Evaluation Technical Report (ETR)
  • Consistency of reporting results facilitates the achievement of the universal principles or repeatability and reproducibility of results
  • Write OR sub-task:
    • OR provide the evaluator with a mechanism to request a clarification or to identify a problem with an aspect of the evaluation.
    • A fail verdict shall be accompanied with an OR to reflect evaluation result
  • Write ETR sub-task:
    • Evaluator provides an ETR to present technical justification of verdicts.
    • CEM defines ETRs minimum content
write or
Write OR

For each OR the evaluator shall report the following:

  • Identifier of the PP or TOE evaluated
  • Evaluation task/sub-activity during which the observation was generated
  • The observation
  • Assessment of its severity e.g., implies failed verdict, holds up evaluation, requires resolution before evaluation can be completed
  • Identification of the organisation responsible for resolving the issue
  • Recommended timetable for resolution
  • Assessment of impact on the evaluation of failure to resolve the observation
pp evaluation
PP Evaluation
  • The PP is the description of a product or system type. As such it is expected to identify the IT security requirements that enforce the defined organisational security policies and counter the defined threats under the defined assumptions.
  • Introduction:
    • Requirements and methodology identical for each evaluation, regardless of EAL
    • Based on requirements of PP (CC Part 1 Annex B, and CC Part 3 class APE)
  • Objectives : determine that the PP is:
    • Complete
    • Sufficient
    • Sound
pp evaluation relationships
PP evaluation relationships

Evaluation Input Task

PP Evaluation Activity

pp evaluation activity
PP Evaluation Activity

Evaluation of TOE description

Evaluation of security environment

Evaluation of PP introduction

Evaluation of security objectives

Evaluation of ITsecurity requirements

Evaluation of explicitly stated IT security requirements

st evaluation
ST Evaluation
  • The ST is the description of a product or system. As such, it is expected to identify the security functions, and possibly the security mechanisms that enforce the defined organisational security policies and counter the defined threats under the defined assumptions. It is also expected to define the measures that provide the assurance that the product or system correctly counters the threats and enforces the organisational security policies.
  • Introduction:
    • Started prior to any TOE evaluation activities
    • Final verdict on ST not possible until TOE evaluation complete
    • Requirements and methodology identical for each ST and all EALs
    • CC part 1 annex C and CC part 3 class ASE
  • Objectives : determine that the ST is :
    • Complete
    • Sufficient
    • Sound
    • Accuratly identified
st evaluation relationships
ST evaluation relationships

Evaluation Input Task

ST Evaluation Activity

st evaluation activity
ST Evaluation Activity

Evaluation of TOE description

Evaluation of security environment

Evaluation of ST introduction

Evaluation of security objectives

Evaluation ofPP claims

Evaluation of ITsecurity requirements

Evaluation of explicitly stated IT security requirements

Evaluation of TOE summary specification