Accession Number:

ADA422464

Title:

Configuration Management Evaluation Guidance for High Robustness Systems

Descriptive Note:

Master's thesis

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Personal Author(s):

Report Date:

2004-03-01

Pagination or Media Count:

86.0

Abstract:

Configuration Management CM plays a vital role in the development of trusted computing systems. The Common Criteria CC provides a framework for performing Information Technology IT security evaluations of these systems and further emphasizes CMs role in the development and evaluation process by specifying a minimum set of CM qualities for any Evaluated Assurance Level EAL. As an evaluation guide, the Common Methodology for Information Technology Security Evaluation, Part 2 Evaluation Methodology CEM, recommends a minimum set of CM guidelines which can be used by evaluators in the performance of a CM evaluation at a given Evaluated Assurance Level EAL. Evaluators and developers will quickly note the CEMs lack of recommended CM guidelines at the bigger assurance levels. Through study of the listed references supports the hypothesis for this work Guidance extension of the CEM for high assurance CM is useful. As an assurance mechanism complete CM guidance helps users of high assurance products obtain a degree of confidence the system security requirements operate as intended and do not contain clandestine code. Complete CM guidance provides evaluators a completed assurance scale and ensures only authorized changes were made to the TOE during development.

Subject Categories:

  • Administration and Management

Distribution Statement:

APPROVED FOR PUBLIC RELEASE