Initial Documentation Requirements for a High Assurance System: Lessons Learned

Abstract

The Center for Information Systems Security Studies and Research (CISR) is working on a project known as the Trusted Computing Exemplar (TCX). This project is developing a high assurance computing component that will be evaluated at the Common Criteria (CC) Evaluation Assurance Level 7 (EAL7). The processes, documentation, source code, and other evidence to support the evaluation will be openly shared. Documentation is a substantial part of this evidence. Although the CC does state documentation requirements for each EAL, related requirements are often spread across multiple families, and no summarization of documentation requirements is provided. Therefore it was necessary to study the CC carefully to determine such requirements for EAL7. A long list of required documents was developed. However, the TCX project found that when starting from scratch there are particular documents, described herein, that are precursors to serious design work. In addition, it was learned that interpretations of the CC, and the occasional terminology translation were required.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2006
Accession Number
ADA445029

Entities

People

  • Cynthisa E. Irvine
  • David J. Shifflett
  • Donna Miller
  • Paul C. Clark
  • Thuy D. Nguyen
  • Timothy E. Levin

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Computer Programs
  • Computer Science
  • Computers
  • Configuration Management
  • Information Systems
  • Language
  • Lessons Learned
  • Life Cycle Management
  • Life Cycles
  • Management Personnel
  • Military Research
  • Organizational Structure
  • Physical Security
  • Ratings
  • Security
  • Software Development
  • Standards

Fields of Study

  • Computer science

Readers

  • Business Analytics
  • Software Engineering.