Evaluation Reporting Examination of documentation –show how & where requirements satisfied Site visit ? –staff interviewed –evidence inspected
Summary Operational Guidance Delivery Installation, Generation and Start-up
Further Reading ITSEC Evaluation UKSP 05 Part III, Chapters 9 - 10 CC Evaluation CC Part 3, Sections 2.6.2, 2.6.4, 9 and 11 CEM Part 2, Chapters 5-8 (ADO and AGD sections)
Exercise 1 - Guidance Function 1: The TOE shall uniquely identify and authenticate users. Function 2: The TOE shall allow a subject with an access right the ability to extend that access right to another subject. Function 3: The TOE shall not echo passwords to the screen. Function 4: The TOE shall provide tools to examine the accounting logs for the purpose of audit.
Exercise 1 - Guidance (Continued) Function 5: The TOE shall clear a screen of data when the user logs out and when the workstation is locked due to a period of inactivity. Function 6: The TOE shall permit a configurable number of consecutive log-on attempts. Function 7: The TOE shall ensure that passwords are changed at least every 6 months. Function 8: The TOE can completely deny users or groups of users access to an object.