ADV_HLD.3 Semiformal high-level design
Dependencies:
ADV_FSP.3 Semiformal functional specification
ADV_RCR.2 Semiformal correspondence demonstration
Developer action elements:
ADV_HLD.3.1D The developer shall provide the high-level design of the TSF.
Content and presentation of evidence elements:
ADV_HLD.3.1C The presentation of the high-level design shall be semiformal.
ADV_HLD.3.2C The high-level design shall be internally consistent.
ADV_HLD.3.3C The high-level design shall describe the structure of the TSF in terms of subsystems.
ADV_HLD.3.4C The high-level design shall describe the security functionality provided by each subsystem of the TSF.
ADV_HLD.3.5C The high-level design shall identify any underlying hardware, firmware, and/or software required by the TSF with a presentation of the functions provided by the supporting protection mechanisms implemented in that hardware, firmware, or software.
ADV_HLD.3.6C The high-level design shall identify all interfaces to the subsystems of the TSF.
ADV_HLD.3.7C The high-level design shall identify which of the interfaces to the subsystems of the TSF are externally visible.
ADV_HLD.3.8C The high-level design shall describe the purpose and method of use of all interfaces to the subsystems of the TSF, providing complete details of all effects, exceptions and error messages.
ADV_HLD.3.9C The high-level design shall describe the separation of the TOE into TSP-enforcing and other subsystems.
Evaluator action elements:
ADV_HLD.3.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
ADV_HLD.3.2E The evaluator shall determine that the high-level design is an accurate and complete instantiation of the TOE security functional requirements.