Accession Number:

ADA445029

Title:

Initial Documentation Requirements for a High Assurance System: Lessons Learned

Descriptive Note:

Technical rept. Jan 2004-Sep 2005

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE

Report Date:

2006-02-01

Pagination or Media Count:

17.0

Abstract:

The Center for Information Systems Security Studies and Research CISR is working on a project known as the Trusted Computing Exemplar TCX. This project is developing a high assurance computing component that will be evaluated at the Common Criteria CC Evaluation Assurance Level 7 EAL7. The processes, documentation, source code, and other evidence to support the evaluation will be openly shared. Documentation is a substantial part of this evidence. Although the CC does state documentation requirements for each EAL, related requirements are often spread across multiple families, and no summarization of documentation requirements is provided. Therefore it was necessary to study the CC carefully to determine such requirements for EAL7. A long list of required documents was developed. However, the TCX project found that when starting from scratch there are particular documents, described herein, that are precursors to serious design work. In addition, it was learned that interpretations of the CC, and the occasional terminology translation were required.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE