Presentation is loading. Please wait.

Presentation is loading. Please wait.

16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition.

Published bySydney Joyce Modified over 10 years ago

Similar presentations

Presentation on theme: "16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition."— Presentation transcript:

1 16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition

2 16 August 2010© Crown Copyright (2010)2 You Are Here M2.1 Requirements M2.2 Development Representations M2.3 Functional Testing M2.4 Development Environment M2.5 Operational Environment M2.6 Vulnerability Analysis M2.7 Penetration Testing M2.8 Assurance Maintenance/Composition MODULE 2 - ASSURANCE

3 16 August 2010© Crown Copyright (2010)3 Abbreviations and References The Abbreviations and References document, UKSP 00, is available on the Formal Documentation webpage of the CESG website at http://www.cesg.gov.uk Also see Chapter 4 Terms and Definitions & Chapter 5 Symbols and Abbreviated Terms in CC Part 1, Version 3.1

4 16 August 2010© Crown Copyright (2010)4 Glossary Assurance Baseline – The culmination of activities performed by the Evaluator and Developer resulting in a Certified TOE, recorded or submitted as evidence and measurable by any change to that evidence Certified TOE – The TOE that has been successfully evaluated and certified (or re- evaluated and certified)

5 16 August 2010© Crown Copyright (2010)5 Glossary CESG CB – CESG Certification Body which is the UK Evaluation Authority Changed TOE – The patched, updated or otherwise modified TOE that is to be subjected to Assurance Continuity Developer Evidence – The TOE and evaluation documentation deliverables

6 16 August 2010© Crown Copyright (2010)6 Glossary Evaluation Authority – A body that implements the CC for a specific community by means of an Evaluation Scheme Impact Analysis Report (IAR) – The report generated by the Sponsor/Developer that records the analysis of changes to the Certified TOE –The impact of each change should be Minor for Assurance Maintenance –Otherwise a Re-evaluation will be required

7 16 August 2010© Crown Copyright (2010)7 Glossary Maintained TOE – The Changed TOE that has successfully undergone the Assurance Maintenance process and has been awarded a Maintenance Addendum Certificate Maintenance Addendum – The additional text that is appended to the description of the Certified TOE on the CESG website in order to describe the Maintained version(s) of the TOE

8 16 August 2010© Crown Copyright (2010)8 Glossary Maintenance Addendum Certificate – The Certificate of the Maintained TOE, which references the Certificate of the Certified TOE Maintenance Report – The publicly available report that describes all the changes that were made to the Certified TOE and that have been accepted under the Assurance Maintenance process

9 16 August 2010© Crown Copyright (2010)9 Glossary Maintenance – The process applied when the changes to a Certified TOE have not adversely affected assurance in that TOE Original TOE – The TOE prior to being subjected to any evaluation and certification Re-evaluation – The process applied when the changes to a Certified TOE require Evaluation (reusing previous Evaluation or Maintenance results) to establish a new Assurance Baseline

10 16 August 2010© Crown Copyright (2010)10 CCRA and MRA Arrangement on the Recognition of Common Criteria Certificates in the Field of Information Technology Security, May 2000 Mutual Recognition Agreement of Information Technology Security Evaluation Certificates, Management Committee, SOGIS, Version 3.0, January 2010

11 16 August 2010© Crown Copyright (2010)11 CCRA Assurance Continuity Assurance Continuity: CCRA Requirements, Common Criteria Interpretations Management Board, CCIMB-2004-02-009, Version 1.0, February 2004 Reuse of Evaluation Results and Evidence, Common Criteria Recognition Arrangement Management Committee, 2002-08-009-002, Version 1, October 26th, 2002

12 16 August 2010© Crown Copyright (2010)12 UK Scheme Publication No 3 Sponsors Guide – General Introduction, UKSP 03: Part I, Issue 2.2, December 2009 –Assists Sponsors and Developers intending to submit a product for Evaluation & Certification Sponsors Guide – Assurance Continuity, UKSP 03: Part II, Issue 1.0, December 2009 –Describes the UK Scheme requirements for Assurance Continuity

13 16 August 2010© Crown Copyright (2010)13 UKSP 03 Part II CCRA Assurance Continuity requirements are extended, if required, in the areas of: –Technical Concepts –Change Characterisation –Impact Analysis –Production of the Impact Analysis Report Assurance Continuity is only allowed for products previously certified by CESG CB

14 16 August 2010© Crown Copyright (2010)14 United Kingdom Accreditation Service To satisfy the UKAS accreditation criteria, established procedures must be used for the conduct of Assurance Continuity activities The responsibilities that are identified in UKSP 03 Part II reflect UKAS requirements Consult the UKAS documentation for the full accreditation requirements

15 16 August 2010© Crown Copyright (2010)15 Scope The Assurance Continuity requirements are applicable to the security evaluations of products against the criteria laid down in the Common Criteria [CC], [CCRA] and [AC] This is subject to the relevant International Interpretations, UK Interpretations and Scheme Information Notices (SINs)

16 16 August 2010© Crown Copyright (2010)16 Assurance Continuity Assurance Continuity is an enhancement to Common Criteria Certification and consists of the following two processes: –Re-evaluation This is covered by the standard Evaluation process described in UKSP 01 and UKSP 02 –Assurance Maintenance This will be covered in the current module

17 16 August 2010© Crown Copyright (2010)17 Assurance Continuity The concept of Assurance Maintenance is introduced in UKSP 01 –Based on an Impact Analysis Report produced by the Sponsor/Developer If all changes to a Certified TOE have a Minor security impact then the Assurance Maintenance process is applicable If a single change to a Certified TOE has a Major security impact then a Re-evaluation is necessary

18 16 August 2010© Crown Copyright (2010)18 Assurance Continuity Assurance Continuity enables the Sponsor/Developer of a Certified TOE to provide ongoing assurance when the TOE is subject to any type of update, modification or change. Assurance Continuity is intended to be a relatively quick, cheap and efficient process to achieve a Certified or Maintained TOE, since unchanged evaluation work that was previously performed does not need to be unnecessarily repeated.

19 16 August 2010© Crown Copyright (2010)19 Assurance Maintenance Assurance Maintenance is based on the production of an Impact Analysis Report, by the Sponsor/Developer, which is submitted to the CESG Certification Body for Review CLEF Evaluators are not involved during Assurance Maintenance, but the CB or Sponsor/Developer may utilise consultants or experts (e.g. CLEF Consultants), if required

20 16 August 2010© Crown Copyright (2010)20 Assurance Maintenance Although there is no formal CC requirement to supply any further Developer Evidence in the assessment process, beyond those items listed in Chapter 2, the CESG CB reserves the right to inspect original and/or updated deliverables, in order to confirm whether specific changes are Major or Minor.

21 16 August 2010© Crown Copyright (2010)21 Assurance Maintenance A satisfactory CESG CB Review will lead to the publication, on the CESG webpage for the corresponding Certified TOE, of the following: –an updated Security Target –a Maintenance Report summarising the changes from the Certified TOE –a Maintenance Addendum A Maintenance Addendum Certificate will be issued to the Sponsor/Developer to supplement the original Certificate

22 16 August 2010© Crown Copyright (2010)22 Re-evaluation Any security relevant change that is deemed to be Major will necessitate a Re-evaluation if assurance in the product is to be maintained The Re-evaluation process is identical to the Evaluation process described in UKSP 01 and UKSP 02 except that the Evaluation may be optionally guided by an IAR and supported by appropriate reuse of any previous Evaluation or Maintenance evidence

23 16 August 2010© Crown Copyright (2010)23 Evaluation & Certification completed. Publish ST & CR. Issue Certificate Assurance Maintenance –Minor Changes(s) in IAR. Publish MA with MR & updated ST. Issue MA Certificate Updated or Modified, by Sponsor or Developer Original Certified Changed Maintained The Maintenance Addendum Certificate is produced as a supplement to the original Certificate. Re-evaluation – Major Change(s). Issue Certificate. Updated or Modified TOE Certification Lifecycle

24 16 August 2010© Crown Copyright (2010)24 Certification Lifecycle Re-evaluation is basically the same as the standard CC Evaluation process; including the issue of a Certification Report and Certificate Assurance Maintenance requires all changes in the Impact Analysis Report to be assessed & verified to have a Minor security impact on the TOE

25 16 August 2010© Crown Copyright (2010)25 Certification Lifecycle In contrast to Section 2.2 of the CCRA Assurance Continuity document, which states that there is no implied issuance of an updated certificate, a MA Certificate will be produced as an Addendum to either the original Certificate or the most recent Re-evaluation Certificate

26 16 August 2010© Crown Copyright (2010)26 Certification Lifecycle Section 2.4 of CCRA Assurance Continuity states that new vulnerabilities and attack methods are not assessed during the Assurance Maintenance process However, even a few weeks is a long time period in terms of security vulnerability development/deployment and analysis

27 16 August 2010© Crown Copyright (2010)27 Certification Lifecycle CESG CB may wish to increase confidence in the Assurance Maintenance process by ensuring that: –either no new vulnerabilities or attack methods have been found –or if found they are not in scope of the defined TOE boundary or at least they are not relevant to the evaluated configuration of the TOE CESG CB is responsible for determining the extent of any additional vulnerability analysis that is required beyond that produced by the Developer

28 16 August 2010© Crown Copyright (2010)28 Deliverables Required for Assurance Maintenance For the Certified TOE: –Common Criteria Certificate including any Maintenance Addendum –Certification Report including any Maintenance Report –Evaluation Technical Report including any Evaluation Work Packages –Security Target, including the Security Target for any Maintained TOE

29 16 August 2010© Crown Copyright (2010)29 Deliverables Required for Assurance Maintenance For the Changed TOE: –Impact Analysis Report –Security Target (updated) –Product and supporting documentation –Developer Evidence (updated) The above deliverables for the Certified and Change TOE are suitable for input into the CESG CB Assurance Maintenance process

30 16 August 2010© Crown Copyright (2010)30 Assurance Maintenance CESG CB may require the following additional inputs to resolve any decisions regarding the characterisation or categorisation of changes: –Security Architecture and Design –Vulnerability Analysis –Test Scripts and Results –Configuration List –Operational Guidance

31 16 August 2010© Crown Copyright (2010)31 Assurance Maintenance Although there is no defined time limit between the TOE Certification date and the start of the Assurance Maintenance process, the Certifier should ensure that the time gap is consistent and reasonable in relation to other aspects of the proposed Assurance Maintenance process

32 16 August 2010© Crown Copyright (2010)32 Assurance Maintenance The CESG Certification Body will perform a Review of the Impact Analysis Report, using a standard CESG CB Review form, to ensure that all changes have a Minor security impact on the assurance of the TOE

33 16 August 2010© Crown Copyright (2010)33 Assurance Maintenance If all changes are Minor then a Maintenance Report and Maintenance Addendum will be produced and published on the CESG website, as an update to the information about the Certified TOE Note that the IAR is normally shared only between the Sponsor/Developer and the CESG Certification Body

34 16 August 2010© Crown Copyright (2010)34 Assurance Maintenance The Maintenance Addendum is just a few paragraphs, referencing the Maintenance Report and the updated Security Target, which are appended to the entry about the Certified TOE on the CESG website This satisfies the Maintenance Addendum requirements in Section 2.4.1.2 of [AC]

35 16 August 2010© Crown Copyright (2010)35 Re-evaluation Apart from the potential use of a formal Impact Analysis Report in a Re-evaluation, everything else in Section 2.4.2 of [AC] regarding the Re-evaluation process is already covered by UKSP 02

36 16 August 2010© Crown Copyright (2010)36 Certification Work Programme The CESG CB Certification activities for the Assurance Maintenance process and Re- evaluation process are outlined in the Standard Certification Work Programme, see [CWP-AM] and [CWP] Depending on the scope and quantity of changes, the CB may seek the support of a consultant to perform the analysis of the changes in the IAR and to draft the Maintenance Report.

37 16 August 2010© Crown Copyright (2010)37 Characterisation of TOE Changes No additional information is required in addition to Chapter 3 of [AC], which just contains some examples of changes that have Minor or Major security impact In general, it is very difficult to determine whether the impact on assurance of any specific change to a TOE should be classified as Minor or Major

38 16 August 2010© Crown Copyright (2010)38 Characterisation of TOE Changes There is no guarantee that the security of an updated product can be determined by checking the updates only and ignoring the unchanged aspects, in the context of the whole product In practice, the categorisation is agreed between the Sponsor, Developer and the CB, together with any assigned CB consultant, but the decision of the CB will be final

39 16 August 2010© Crown Copyright (2010)39 Performing an Impact Analysis No additional information is required in addition to Chapter 4 of [AC], which states that any changes that impact on any aspect of the original Evaluation and Certification (eg Objectives, Threats, SFRs, SARs, Documentation, etc) should be addressed by the Sponsor/Developer, who will produce updated Documentation and the Impact Analysis Report

40 16 August 2010© Crown Copyright (2010)40 Performing an Impact Analysis Steps 1 to 5 in Section 4.3 of [AC] may be used as a checklist by the Sponsor/Developer or the CESG Certification Body to ensure that the IAR covers all the stated requirements A stricter requirement for evaluation deliverables or a stronger level of assurance than the Original TOE Evaluation and Certification is unnecessary and is not required

41 16 August 2010© Crown Copyright (2010)41 Impact Analysis Report The required minimum contents of the IAR are as follows and could be used by the Sponsor/Developer as a basis for an IAR template: Introduction: –the IAR configuration control identifiers (e.g. name, date and version); –current TOE configuration control identifiers (the current version of the TOE) –configuration control identifiers for the ETR, CR, and Certified TOE (Assurance Baseline) –configuration control identifiers for the version of the ST related to the Certified TOE –identity of the Developer –information in relation to legal or statutory aspects –information related to any previous Assurance Maintenance activity (e.g. MR)

42 16 August 2010© Crown Copyright (2010)42 Impact Analysis Report (IAR) Description of changes: –changes to the product –changes to the development environment Affected Developer Evidence: –for each change, the Developer shall list the affected items of the original Developer Evidence (i.e. the affected Evaluation Deliverables) Modifications to Developer Evidence: –the developer shall describe the required modifications to the affected items of the original Developer Evidence

43 16 August 2010© Crown Copyright (2010)43 Impact Analysis Report (IAR) Conclusions: –for each change the Developer shall report if the impact on assurance is considered Minor or Major –for each change the Developer should provide a supporting rationale for the reported impact –the Developer shall report if the overall impact is considered Minor or Major –the Developer should include a supporting rationale, taking all the changes into consideration Annex: Updated Developer Evidence: –the Developer shall report the title and the unique reference (e.g. issue date and version number) of each updated item of Developer Evidence

44 16 August 2010© Crown Copyright (2010)44 Templates for Assurance Continuity Assurance Maintenance Plan template is provided on the CESG website in CTAS Methodology Impact Analysis Report template, for the Sponsor / Developer, is provided in Chapter V of UKSP03 Part II IAR Review template, for the CESG Certification Body is provided by a standard CESG CB Review Form Maintenance Report template, for the CESG Certification Body, is available from the CESG CB Maintenance Addendum template, for the CESG Certification Body, is not specifically provided

45 16 August 2010© Crown Copyright (2010)45 Main Principles for Assurance Continuity Maintain Impartiality and Objectivity, as with all Common Criteria evaluation and certification tasks There should not be any time, money or resource pressures that would affect the impartiality or objectivity of the Assurance Continuity process

46 16 August 2010© Crown Copyright (2010)46 Main Principles for Assurance Continuity Reuse evaluation results wherever possible For parts of the Changed TOE where there has been no change, there is no point in repeating work that has already been performed during the evaluation of the Certified TOE

47 16 August 2010© Crown Copyright (2010)47 Main Principles for Assurance Continuity No more detail is required than that provided during the evaluation of the Certified TOE Only the changes that actually affect the deliverables of the Certified TOE are required to be reported –For example, if a document was not provided as a deliverable for the Certified TOE then any updates to that document do not need to be provided for the Maintained TOE

48 16 August 2010© Crown Copyright (2010)48 Main Principles for Assurance Continuity Details of changes should be sufficient to support Repeatability and Reproducibility across CBs A non-security related change is usually completely irrelevant to the TOE and IAR –it can be eliminated quickly –it does not need to be discussed in detail The impact of non-security related changes can be categorised as None (rather than Minor) Changes categorised as None would not have been discussed in the Original TOE evaluation

49 16 August 2010© Crown Copyright (2010)49 Main Principles for Assurance Continuity Correcting an implementation fault (even to security functionality) is just strengthening the claimed behaviour of the TOE and hence cannot be considered a Major change for the Impact Analysis Report Generic wording that may be used for this situation is as follows: The relating to the is a correction to the TOE functionality and hence does not affect the expression of the SFRs in the assurance evidence

50 16 August 2010© Crown Copyright (2010)50 Procedures The CESG CB procedures for the Initial Stage of Assurance Maintenance are: –Prepare for the IAR Review (i.e. familiarise with the previous ST, ETR, CR, IAR, MR as appropriate) –Confirm whether the ST is essentially unchanged (except for trivial changes such as software versions) –Review the draft IAR and check its change categorisations –Audit any updated deliverables regarding specific changes (such as the bug list and test results) –Perform a search for any obvious vulnerabilities

51 16 August 2010© Crown Copyright (2010)51 Procedures The CESG CB procedures for the Final Stage of Assurance Maintenance are: –Review and approve the final IAR –Address any issues raised by CESG CB or the Sponsor/Developer –Produce and agree the Maintenance Report –Record the decision rationale –Produce and agree the MA and MA Certificate –Update the entries on the CESG and CC portal websites using ST, MR, and MA –Submit the MA Certificate to the Sponsor/Developer

52 16 August 2010© Crown Copyright (2010)52 {End of New Presentation…} {…and start of Old Presentation}

53 16 August 2010© Crown Copyright (2010)53 Introduction Assurance maintenance –assessment of changes to TOE –assurance maintained after certification Composition –TOE comprises component products –certified components included Some TOEs may involve both

54 16 August 2010© Crown Copyright (2010)54 Assurance Maintenance Options Ad-hoc re-evaluation –initiated when desired Certificate Maintenance Scheme (CMS) –requires ongoing developer support

55 16 August 2010© Crown Copyright (2010)55 Assurance Maintenance Fundamentals Previous evaluation results Security impact analysis Categorisation report Evaluation activity

56 16 August 2010© Crown Copyright (2010)56 Ad-hoc Re-evaluation - Process and Reporting Updated deliverables –may include impact analysis Standard evaluation process –re-use of previous results Observation reports and ETR

57 16 August 2010© Crown Copyright (2010)57 CMS - Process Certificate Maintenance Plan (CMP) –planned maintenance cycle for TOE Developer Security Analyst (DSA) –responsible developer representative CMS rules

58 16 August 2010© Crown Copyright (2010)58 CMS - Maintenance Cycle TOE Certified CMP Approved TOE Maintained Under CMS TOE Re-certified CMP Updated

59 16 August 2010© Crown Copyright (2010)59 CMS - Certificate Maintenance Plan Covers one maintenance cycle Identifies changes –components affected –assurance required Release plans Audit schedule/Re-evaluation schedule DSA Maintenance and Vulnerability Tracking Procedures

60 16 August 2010© Crown Copyright (2010)60 CMS - Developer Security Analyst Qualifications –familiar with TOE –criteria and methodology knowledge –impartiality Responsibilities: –deliverables –testing –vulnerabilities

61 16 August 2010© Crown Copyright (2010)61 CMS - Security Impact Analysis Responsibility of DSA –production and maintenance of SIA Contents –changes –test evidence Purpose

62 16 August 2010© Crown Copyright (2010)62 CMS - Categorisation Report Security Enforcing Security Relevant Security Irrelevant TSP-enforcing: Security Critical TSP-enforcing: Security Supporting Non-TSP-enforcing

63 16 August 2010© Crown Copyright (2010)63 CMS - Reporting Observation Reports Audit Reports ETR (following re-evaluation)

64 16 August 2010© Crown Copyright (2010)64 ITSEC vs. CC Certificate Maintenance Plan Certificate Maintenance Status Report Certificate Maintenance Audit Report Security Impact Analysis Categorisation Report Assurance Maintenance Plan TOE Component Categorisation Report Evidence of Assurance Maintenance Assurance Maintenance Audit Report Security Impact Analysis

65 16 August 2010© Crown Copyright (2010)65 Composite TOEs Certified Products and Bespoke Applications –re-use component product results –assess interaction between components Operating System Hardware Certified RDBMS Bespoke

66 16 August 2010© Crown Copyright (2010)66 Summary Assurance maintenance involves –Reuse of previous results –SIA Options for ad-hoc re-evaluation or CMS CMS also involves –CMP –DSA Composition –Re-use of component product results

67 16 August 2010© Crown Copyright (2010)67 Further Reading ITSEC Evaluation UKSP 05 Part III, Chapter 11 UKSP 16 CC evaluation CC Part 3, Sections 2.8, 15 and 16

68 16 August 2010© Crown Copyright (2010)68 Exercise - Maintenance Month 1Month 4Month 8Month 12 TOE Completes evaluation Minor bug fixes are carried out relating to the display of fields Administrator manuals are updated to clarify certain actions The maximum number of audit records is extended

69 16 August 2010© Crown Copyright (2010)69 Exercise - Maintenance (Cont) Month 15Month 18Month 21Month 24 The authentication mechanism is changed An additional service is added to the firewall Testing documentation is updated to reflect new vulnerabilities Security Relevant Functionality is added to the TOE

Download ppt "16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition."

Similar presentations

Jack Jedwab Association for Canadian Studies September 27 th, 2008 Canadian Post Olympic Survey.

Jack Jedwab Association for Canadian Studies September 27 th, 2008 Canadian Post Olympic Survey.
1 A B C 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52.

1 A B C
Simplifications of Context-Free Grammars

Simplifications of Context-Free Grammars
Variations of the Turing Machine

Variations of the Turing Machine
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
Sequential Logic Design

Sequential Logic Design
STATISTICS INTERVAL ESTIMATION Professor Ke-Sheng Cheng Department of Bioenvironmental Systems Engineering National Taiwan University.

STATISTICS INTERVAL ESTIMATION Professor Ke-Sheng Cheng Department of Bioenvironmental Systems Engineering National Taiwan University.
1 Welcome Safety Regulatory Function Handbook April 2006.

1 Welcome Safety Regulatory Function Handbook April 2006.
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
Harmonized implementation of CDM Accreditation 2003-03-28 CDM-Accreditation Panel.

Harmonized implementation of CDM Accreditation CDM-Accreditation Panel.
Prepared by: Workforce Enterprise Services For: The Illinois Department of Commerce and Economic Opportunity Bureau of Workforce Development ENTRY OF EMPLOYER.

Prepared by: Workforce Enterprise Services For: The Illinois Department of Commerce and Economic Opportunity Bureau of Workforce Development ENTRY OF EMPLOYER.
Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.

Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.
Create an Application Title 1Y - Youth Chapter 5.

Create an Application Title 1Y - Youth Chapter 5.
Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.

Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.

Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
Add Governors Discretionary (1G) Grants Chapter 6.

Add Governors Discretionary (1G) Grants Chapter 6.
CALENDAR.

CALENDAR.
© Crown Copyright (2000) Module 3.1 Evaluation Process.

© Crown Copyright (2000) Module 3.1 Evaluation Process.
© Crown Copyright (2000) Module 2.5 Operational Environment.

© Crown Copyright (2000) Module 2.5 Operational Environment.

Similar presentations

Ads by Google