Part 3 Contents

(Part 1	Introduction and general model)
(Part 2	Security functional requirements)
1	Scope
1.1	Organisation of CC Part 3
1.2	CC assurance paradigm
1.2.1	CC philosophy
1.2.2	Assurance approach
1.2.3	The CC evaluation assurance scale
2	Security assurance requirements
2.1	Structures
2.1.1	Class structure
2.1.2	Assurance family structure
2.1.3	Assurance component structure
2.1.4	Assurance elements
2.1.5	EAL structure
2.1.6	Relationship between assurances and assurance levels
2.2	Component taxonomy
2.3	Protection Profile and Security Target evaluation criteria class structure
2.4	Usage of terms in Part 3
2.5	Assurance categorisation
2.6	Assurance class and family overview
2.6.1	Class ACM: Configuration management
2.6.2	Class ADO: Delivery and operation
2.6.3	Class ADV: Development
2.6.4	Class AGD: Guidance documents
2.6.5	Class ALC: Life cycle support
2.6.6	Class ATE: Tests
2.6.7	Class AVA: Vulnerability assessment
2.7	Maintenance categorisation
2.8	Maintenance of assurance class and family overview
2.8.1	Class AMA: Maintenance of assurance
3	Protection Profile and Security Target evaluation criteria
3.1	Overview
3.2	Protection Profile criteria overview
3.2.1	Protection Profile evaluation
3.2.2	Relation to the Security Target evaluation criteria
3.2.3	Evaluator tasks
3.3	Security Target criteria overview
3.3.1	Security Target evaluation
3.3.2	Relation to the other evaluation criteria in this Part 3
3.3.3	Evaluator tasks
4	Class APE: Protection Profile evaluation
4.1	TOE description (APE_DES)
4.2	Security environment (APE_ENV)
4.3	PP introduction (APE_INT)
4.4	Security objectives (APE_OBJ)
4.5	IT security requirements (APE_REQ)
4.6	Explicitly stated IT security requirements (APE_SRE)
5	Class ASE: Security Target evaluation
5.1	TOE description (ASE_DES)
5.2	Security environment (ASE_ENV)
5.3	ST introduction (ASE_INT)
5.4	Security objectives (ASE_OBJ)
5.5	PP claims (ASE_PPC)
5.6	IT security requirements (ASE_REQ)
5.7	Explicitly stated IT security requirements (ASE_SRE)
5.8	TOE summary specification (ASE_TSS)
6	Evaluation assurance levels
6.1	Evaluation assurance level (EAL) overview
6.2	Evaluation assurance level details
6.2.1	EAL1 - functionally tested
6.2.2	EAL2 - structurally tested
6.2.3	EAL3 - methodically tested and checked
6.2.4	EAL4 - methodically designed, tested, and reviewed
6.2.5	EAL5 - semiformally designed and tested
6.2.6	EAL6 - semiformally verified design and tested
6.2.7	EAL7 - formally verified design and tested
7	Assurance classes, families, and components
8	Class ACM: Configuration management
8.1	CM automation (ACM_AUT)
8.2	CM capabilities (ACM_CAP)
8.3	CM scope (ACM_SCP)
9	Class ADO: Delivery and operation
9.1	Delivery (ADO_DEL)
9.2	Installation, generation and start-up (ADO_IGS)
10	Class ADV: Development
10.1	Functional specification (ADV_FSP)
10.2	High-level design (ADV_HLD)
10.3	Implementation representation (ADV_IMP)
10.4	TSF internals (ADV_INT)
10.5	Low-level design (ADV_LLD)
10.6	Representation correspondence (ADV_RCR)
10.7	Security policy modeling (ADV_SPM)
11	Class AGD: Guidance documents
11.1	Administrator guidance (AGD_ADM)
11.2	User guidance (AGD_USR)
12	Class ALC: Life cycle support
12.1	Development security (ALC_DVS)
12.2	Flaw remediation (ALC_FLR)
12.3	Life cycle definition(ALC_LCD)
12.4	Tools and techniques (ALC_TAT)
13	Class ATE: Tests
13.1	Coverage (ATE_COV)
13.2	Depth (ATE_DPT)
13.3	Functional tests (ATE_FUN)
13.4	Independent testing (ATE_IND)
14	Class AVA: Vulnerability assessment
14.1	Covert channel analysis (AVA_CCA)
14.2	Misuse (AVA_MSU)
14.3	Strength of TOE security functions (AVA_SOF)
14.4	Vulnerability analysis (AVA_VLA)
15	Assurance maintenance paradigm
15.1	Introduction
15.2	Assurance maintenance cycle
15.2.1	TOE acceptance
15.2.2	TOE monitoring
15.2.3	Re-evaluation
15.3	Assurance maintenance class and families
15.3.1	Assurance maintenance plan
15.3.2	TOE component categorisation report
15.3.3	Evidence of assurance maintenance
15.3.4	Security impact analysis
16	Class AMA: Maintenance of assurance
16.1	Assurance maintenance plan (AMA_AMP)
16.2	TOE component categorisation report (AMA_CAT)
16.3	Evidence of assurance maintenance (AMA_EVD)
16.4	Security impact analysis (AMA_SIA)
AnnexA	Cross reference of assurance component dependencies
AnnexB	Cross reference of EALs and assurance components

Foreword Next