Configuration Management Evaluation Guidance for High Robustness Systems
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Pagination or Media Count:
Configuration Management CM plays a vital role in the development of trusted computing systems. The Common Criteria CC provides a framework for performing Information Technology IT security evaluations of these systems and further emphasizes CMs role in the development and evaluation process by specifying a minimum set of CM qualities for any Evaluated Assurance Level EAL. As an evaluation guide, the Common Methodology for Information Technology Security Evaluation, Part 2 Evaluation Methodology CEM, recommends a minimum set of CM guidelines which can be used by evaluators in the performance of a CM evaluation at a given Evaluated Assurance Level EAL. Evaluators and developers will quickly note the CEMs lack of recommended CM guidelines at the bigger assurance levels. Through study of the listed references supports the hypothesis for this work Guidance extension of the CEM for high assurance CM is useful. As an assurance mechanism complete CM guidance helps users of high assurance products obtain a degree of confidence the system security requirements operate as intended and do not contain clandestine code. Complete CM guidance provides evaluators a completed assurance scale and ensures only authorized changes were made to the TOE during development.
- Administration and Management