Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guideline for Developer Documentation Christian Krause 8th ICCC / September 26th, 2007 Federal Office for Information Security.

Published byPeregrine Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "Guideline for Developer Documentation Christian Krause 8th ICCC / September 26th, 2007 Federal Office for Information Security."— Presentation transcript:

1 Guideline for Developer Documentation Christian Krause 8th ICCC / September 26th, 2007 Federal Office for Information Security

2 Christian KrauseSeptember 26th, 2007 Folie 2  CEM contains detailed requirements regarding the developer evidence  Therefore developers who intend to get involved in a CC evaluation has to consult the CEM What makes the use of the CC/CEM for developer difficult?

3 Christian KrauseSeptember 26th, 2007 Folie 3  Structure and content of the CEM has been optimised to serve as an evaluation directive for evaluators  That makes the use of the CEM for developers in particular with less CC experience difficult What makes the use of the CC/CEM for developer difficult?

4 Christian KrauseSeptember 26th, 2007 Folie 4 A lot of information is only relevant for the evaluation, but not for the preparation of the developer evidence  ADV: Evaluator analyses regarding accuracy  Requirements regarding site visits  ATE_IND  AVA_VAN  Guidance on sampling strategies ... What makes the use of the CC/CEM for developer difficult?

5 Christian KrauseSeptember 26th, 2007 Folie 5 The motivation of the requirements is not obvious in any case  What’s the use of so much paper work? The navigation is circumstantially for developers  e. g. developers has to consult the CC for the assurance component corresponding to the chosen EAL and then search in the CEM for the right requirements What makes the use of the CC/CEM for developer difficult?

6 Christian KrauseSeptember 26th, 2007 Folie 6 To ease the adoption of the CC for developers with less CC experiences, BSI has issued a Guideline for Developer Documentation  Covering all assurance components up to EAL5 (without classes ASE/APE which are considered in a separate ST/PP Guide) Developer Guideline

7 Christian KrauseSeptember 26th, 2007 Folie 7 Assurance Components addressed in the Guideline

8 Christian KrauseSeptember 26th, 2007 Folie 8 The Guideline offers assistance to developers by  extracting the information regarding the developer evidence from the CC/CEM,  structuring the information customised for the developer needs,  explanation of the context and background,  examples and  a sample document structure with explanations for the use as template for the developer documentation Content and Structure of the Developer Guideline

9 Christian KrauseSeptember 26th, 2007 Folie 9  Short Introduction to CC/CEM with overview of assurance classes  Explanation of the differences between the EALs  What does a higher EAL mean for  developer  evaluator  customer  Description of the additional requirements from an EAL to the next higher EAL Introduction to CC and CEM

10 Christian KrauseSeptember 26th, 2007 Folie 10 Introduction to CC and CEM Example:

11 Christian KrauseSeptember 26th, 2007 Folie 11 Extracted Requirements for developer evidence  Requirements for developer evidence  labelled with colours for simple navigation  extract of requirements that have to be fulfilled by the developer  prepared in an order suitable from a developer’s view  explanation of related evaluator actions

12 Christian KrauseSeptember 26th, 2007 Folie 12 Extracted Requirements for developer evidence Example:

13 Christian KrauseSeptember 26th, 2007 Folie 13 Explanation of the context If reasonable additional information is given in a structured form  Background  Elucidation of the background  Note  Hint for developer  Role in the evaluation process  Explanation of the role in the evaluation process (What is the goal of the requirement?)  Examples  Depict how a requirement could be fulfilled

14 Christian KrauseSeptember 26th, 2007 Folie 14 Explanation of the context Example:

15 Christian KrauseSeptember 26th, 2007 Folie 15 Explanation of the context Example:

16 Christian KrauseSeptember 26th, 2007 Folie 16 Sample Document Structure with explanations  Can be used by developers as template for the preparation of developer documentation  Is a possibility to simplify evaluations by providing a standard structure for developer documentation Sample Document Structure

17 Christian KrauseSeptember 26th, 2007 Folie 17 Sample Document Structure Example (1):

18 Christian KrauseSeptember 26th, 2007 Folie 18 Sample Document Structure Example (2):

19 Christian KrauseSeptember 26th, 2007 Folie 19 Guideline for Developer Documentation  www.bsi.bund.de/zertifiz/zert/index_en.htm Download

20 Christian KrauseSeptember 26th, 2007 Folie 20 Contact Bundesamt für Sicherheit in der Informationstechnik (BSI) Christian Krause Godesberger Allee 185-189 53175 Bonn Tel: +49 (0) 3018 - 9582-5116 Fax: +49 (0) 3018 - 109582-5116 Christian.Krause@bsi.bund.de www.bsi.bund.de www.bsi-fuer-buerger.de

Download ppt "Guideline for Developer Documentation Christian Krause 8th ICCC / September 26th, 2007 Federal Office for Information Security."

Similar presentations

Creating a Winning E-Business Second Edition

Creating a Winning E-Business Second Edition
2012 New Project Directors’ Orientation

2012 New Project Directors’ Orientation
Interpreting & Applying the Standards October 4, 2006 Dr. Luis J. Pedraja, Vice President Middle States Commission on Higher Education.

Interpreting & Applying the Standards October 4, 2006 Dr. Luis J. Pedraja, Vice President Middle States Commission on Higher Education.
Writing the Team Report Chairs and Evaluators Workshop.

Writing the Team Report Chairs and Evaluators Workshop.
Follow-up Reporting Expectations MSCHE Annual Conference 2009 Mary Ellen Petrisko.

Follow-up Reporting Expectations MSCHE Annual Conference 2009 Mary Ellen Petrisko.
Higher History Strategies for facilitating learners six essential learning experiences as detailed in SQA arrangements document. Learning strategy templates.

Higher History Strategies for facilitating learners six essential learning experiences as detailed in SQA arrangements document. Learning strategy templates.
Get Started in e-Business. Aim This presentation is prepared to support and give a general overview of the ‘How to Get Started in e-Business’ Guide and.

Get Started in e-Business. Aim This presentation is prepared to support and give a general overview of the ‘How to Get Started in e-Business’ Guide and.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security.

BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security.
What’s New in Government Internal Control Standards?

What’s New in Government Internal Control Standards?
Guidelines for a Good Presentation Luis M. Correia Instituto Superior Técnico / INOV-INESC University of Lisbon, Portugal.

Guidelines for a Good Presentation Luis M. Correia Instituto Superior Técnico / INOV-INESC University of Lisbon, Portugal.
New Library Catalogue Interface Proposal 3. Introduction This presentation will outline the design decisions for the new interface of the on-line library.

New Library Catalogue Interface Proposal 3. Introduction This presentation will outline the design decisions for the new interface of the on-line library.
Company LOGO B2C E-commerce Web Site Quality: an Empirical Examination (Cao, et al) Article overview presented by: Karen Bray Emilie Martin Trung (John)

Company LOGO B2C E-commerce Web Site Quality: an Empirical Examination (Cao, et al) Article overview presented by: Karen Bray Emilie Martin Trung (John)
Introduction to the User’s Guide for Evaluating Learning Outcomes from Citizen Science Tina Phillips, Cornell Lab of Ornithology Marion Ferguson, Cornell.

Introduction to the User’s Guide for Evaluating Learning Outcomes from Citizen Science Tina Phillips, Cornell Lab of Ornithology Marion Ferguson, Cornell.
Your High-Level Overview of the Components Provided by ESP Solutions Group Disaster Prevention and Recovery.

Your High-Level Overview of the Components Provided by ESP Solutions Group Disaster Prevention and Recovery.
7th February 20061 PQG Supplier Auditor Certification and Training scheme Introduction to the scheme & implications of the changes David Mogg PQG Chairman.

7th February PQG Supplier Auditor Certification and Training scheme Introduction to the scheme & implications of the changes David Mogg PQG Chairman.
 Mark & Sons Future Technology Co. (hereafter, MSFT) is a $40 billion public company that provides high-technology products and services.  Currently,

 Mark & Sons Future Technology Co. (hereafter, MSFT) is a $40 billion public company that provides high-technology products and services.  Currently,
Creating a Winning E-Business Second Edition

Creating a Winning E-Business Second Edition
Peter Defranceschi ICLEI - Local Governments for Sustainability An Introduction European Commission GPP Training Toolkit.

Peter Defranceschi ICLEI - Local Governments for Sustainability An Introduction European Commission GPP Training Toolkit.
2008-2009 Perkins Basic & Regional Reserve Grants Annual Report Directions October 30, 2009.

Perkins Basic & Regional Reserve Grants Annual Report Directions October 30, 2009.

Similar presentations

Ads by Google