ADV_LLD.3 Formal low-level design
Dependencies:
ADV_HLD.5 Formal high-level design
ADV_RCR.3 Formal correspondence demonstration
Developer action elements:
ADV_LLD.3.1D The developer shall provide the low-level design of the TSF.
Content and presentation of evidence elements:
ADV_LLD.3.1C The presentation of the low-level design shall be formal.
ADV_LLD.3.2C The low-level design shall be internally consistent.
ADV_LLD.3.3C The low-level design shall describe the TSF in terms of modules.
ADV_LLD.3.4C The low-level design shall describe the purpose of each module.
ADV_LLD.3.5C The low-level design shall define the interrelationships between the modules in terms of provided security functionality and dependencies on other modules.
ADV_LLD.3.6C The low-level design shall describe how each TSP-enforcing function is provided.
ADV_LLD.3.7C The low-level design shall identify all interfaces to the modules of the TSF.
ADV_LLD.3.8C The low-level design shall identify which of the interfaces to the modules of the TSF are externally visible.
ADV_LLD.3.9C The low-level design shall describe the purpose and method of use of all interfaces to the modules of the TSF, providing complete details of all effects, exceptions and error messages.
ADV_LLD.3.10C The low-level design shall describe the separation of the TOE into TSP-enforcing and other modules.
Evaluator action elements:
ADV_LLD.3.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
ADV_LLD.3.2E The evaluator shall determine that the low-level design is an accurate and complete instantiation of the TOE security functional requirements.