Objectives
Even if a TOE security function cannot be bypassed, deactivated, or corrupted, it may still be possible to defeat it because there is a vulnerability in the concept of its underlying security mechanisms. For those functions a qualification of their security behaviour can be made using the results of a quantitative or statistical analysis of the security behaviour of these mechanisms and the effort required to overcome them. The qualification is made in the form of a strength of TOE security function claim.
Component levelling
There is only one component in this family.
Application notes
Security functions are implemented by security mechanisms. For example, a password mechanism can be used in the implementation of the identification and authentication security function.
The strength of TOE security function evaluation is performed at the level of the security mechanism, but its results provide knowledge about the ability of the related security function to counter the identified threats.
The strength of TOE security function analysis should consider at least the contents of all the TOE deliverables, including the ST, for the targeted evaluation assurance level.