Configuration Management Evaluation Guidance for High Robustness Systems
Abstract
Configuration Management (CM) plays a vital role in the development of trusted computing systems. The Common Criteria (CC) provides a framework for performing Information Technology (IT) security evaluations of these systems and further emphasizes CM's role in the development and evaluation process by specifying a minimum set of CM qualities for any Evaluated Assurance Level (EAL). As an evaluation guide, the Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology (CEM), recommends a minimum set of CM guidelines which can be used by evaluators in the performance of a CM evaluation at a given Evaluated Assurance Level (EAL). Evaluators and developers will quickly note the CEM's lack of recommended CM guidelines at the bigger assurance levels. Through study of the listed references supports the hypothesis for this work: Guidance extension of the CEM for high assurance CM is useful. As an assurance mechanism complete CM guidance helps users of high assurance products obtain a degree of confidence the system security requirements operate as intended and do not contain clandestine code. Complete CM guidance provides evaluators a completed assurance scale" and ensures only authorized changes were made to the TOE during development.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2004
- Accession Number
- ADA422464
Entities
People
- Michael E. Gross
Organizations
- Naval Postgraduate School