Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Crown Copyright (2000) Module 3.2 Evaluation Management.

Published byElla Regan Modified over 10 years ago

Similar presentations

Presentation on theme: "© Crown Copyright (2000) Module 3.2 Evaluation Management."— Presentation transcript:

1 © Crown Copyright (2000) Module 3.2 Evaluation Management

2 You Are Here M3.1 Evaluation Process M3.2 Evaluation Management MODULE 3 - SCHEME RULES AND PROCEDURES

3 Evaluation Management Preparation Phase Conduct Phase Conclusion Phase

4 Evaluation Management Preparation Phase Conduct Phase Conclusion Phase

5 Preparation Phase - Inputs Definition of Target of Evaluation –Scope, boundaries, interfaces, composites, etc. What evaluation level is required ? Technical expertise required ? Evaluation Planning TOE

6 Preparation Phase - Suitability CLEF/CB may review ST for suitability Check Sponsor and Developer have full understanding of: –the evaluation process –the role of the CLEF –their responsibilities throughout evaluation

7 Preparation Phase - TIN May be combined with EWP Task Identification Sponsor and Developer Details Description of TOE Summary of Security Requirements Timescales Staffing Contacts

8 Preparation Phase - EWP May be combined with TIN Evaluation methodology –CEM/ITSEC –Interpretations Evaluation effort for each activity Constraints Limitations

9 Preparation Phase - UKSP06 Entry & CB Questionnaire UKSP06

10 Task Start-up Meeting Objective Attendees Timing Agenda

11 Preparation Phase - Outputs Evaluation Planning EWP TIN UKSP 06 Entry Security Target CB Questionnaire

12 Evaluation Management Preparation Phase Conduct Phase Conclusion Phase

13 Conduct Phase - Inputs Task Conduct TIN / EWP TOE Deliverables Security Target Deliverables Schedule

14 Conduct Phase - Reporting Progress Evaluation Progress Meeting (EPM) ETR Production –Draft annexes (activity reports, glossary, list of deliverables etc.) Observation Report Status Register

15 Evaluation Progress Meetings Objective Attendees Timing Agenda

16 Observation Report Status - 1 AGR - Corrective Action Agreed CAP - Certifier Action Pending CLR - Cleared FIX - Fix to be evaluated by CLEF ISS - Issued to the Certifier

17 Observation Report Status - 2 PRO - Corrective Action Proposed REJ - Corrective Action Rejected REL - Released to the Sponsor / Developer WDN - Problem Report Withdrawn

18 Conduct Phase - Observation Reports Content (Level 1 and Level 2) –Identifier –Severity Level –Evaluation Activity where raised –Observation –Organisation responsible for resolution –Timescale for resolution

19 Conduct Phase - Issues Maintain Independence Comply with UKAS Requirements Comply with Methodology Requirements

20 Conduct Phase - Outputs Task Conduct Work Package Reports Observation Reports Scheme Observation Reports

21 Evaluation Management Preparation Phase Conduct Phase Conclusion Phase

22 Conclusion Phase Evaluation Technical Report (ETR) Certificate and Certification Report Task Closedown

23 Assurance Maintenance (CMS) Additional Evaluation Task See Module 2.8 for more details

24 ITSEC v. CC Main difference is work breakdown ITSEM/UK SP 05 specify mandatory requirements CEM defines Work Units

25 Summary Three Phases to evaluation Management –Preparation Phase –Conduct Phase –Conclusion Phase Covers whole evaluation Terminology difference between ITSEC & CC

26 Further Reading UKSP 01 UKSP 04 Part 1 UKSP 05 Part 1 CEM Part 2, Chapter 2

27 Exercise - Planning Given the ITT on the handouts, please prepare a TIN and EWP for the task

Download ppt "© Crown Copyright (2000) Module 3.2 Evaluation Management."

Similar presentations

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.
© Crown Copyright (2000) Module 2.3 Functional Testing.

© Crown Copyright (2000) Module 2.3 Functional Testing.
16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition.

16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition.
© Crown Copyright (2000) Module 2.4 Development Environment.

© Crown Copyright (2000) Module 2.4 Development Environment.
© Crown Copyright (2000) Module 3.1 Evaluation Process.

© Crown Copyright (2000) Module 3.1 Evaluation Process.
Security Requirements

Security Requirements
© Crown Copyright (2000) Module 2.0 Introduction to Module 2.

© Crown Copyright (2000) Module 2.0 Introduction to Module 2.
© Crown Copyright (2000) Module 2.5 Operational Environment.

© Crown Copyright (2000) Module 2.5 Operational Environment.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
© Crown Copyright (2000) Module 2.7 Penetration Testing.

© Crown Copyright (2000) Module 2.7 Penetration Testing.
© Crown Copyright (2000) Module 2.2 Development Representations.

© Crown Copyright (2000) Module 2.2 Development Representations.
Babcock International Group Plc www.babcock.co.uk SH1200241636 V0.05 Project Status Reviews APM SWWE Event, 31/01/2012 Pete Ricketts FAPM Babcock Marine,

Babcock International Group Plc SH V0.05 Project Status Reviews APM SWWE Event, 31/01/2012 Pete Ricketts FAPM Babcock Marine,
Program Management Office Department of Innovation & Technology City of Boston Kickoff Meeting.

Program Management Office Department of Innovation & Technology City of Boston Kickoff Meeting.
Software Quality Assurance Plan

Software Quality Assurance Plan
1 Information Systems Development (ISD) Systems Development Life Cycle Overview of Analysis Phase Overview of Design Phase CP2236: Information Systems.

1 Information Systems Development (ISD) Systems Development Life Cycle Overview of Analysis Phase Overview of Design Phase CP2236: Information Systems.
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
1 Use and content of the RFP  Request for Proposals (RFP) is similar to bidding documents and include all information of the assignment, selection of.

1 Use and content of the RFP  Request for Proposals (RFP) is similar to bidding documents and include all information of the assignment, selection of.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Similar presentations

Ads by Google