AMA_SIA.2 Examination of security impact analysis
Dependencies:
AMA_CAT.1 TOE component categorisation report
Developer action elements:
AMA_SIA.2.1D The developer security analyst shall, for the current version of the TOE, provide a security impact analysis that covers all changes affecting the TOE as compared with the certified version.
Content and presentation of evidence elements:
AMA_SIA.2.1C The security impact analysis shall identify the certified TOE from which the current version of the TOE was derived.
AMA_SIA.2.2C The security impact analysis shall identify all new and modified TOE components that are categorised as TSP-enforcing .
AMA_SIA.2.3C The security impact analysis shall, for each change affecting the security target or TSF representations, briefly describe the change and any effects it has on lower representation levels.
AMA_SIA.2.4C The security impact analysis shall, for each change affecting the security target or TSF representations, identify all IT security functions and all TOE components categorised as TSP-enforcing that are affected by the change.
AMA_SIA.2.5C The security impact analysis shall, for each change which results in a modification of the implementation representation of the TSF or the IT environment, identify the test evidence that shows, to the required level of assurance, that the TSF continues to be correctly implemented following the change.
AMA_SIA.2.6C The security impact analysis shall, for each applicable assurance requirement in the configuration management (Class ACM Configuration management), life cycle support (Class ALC Life cycle support), delivery and operation (Class ADO Delivery and operation) and guidance documents (Class AGD Guidance documents) assurance classes, identify any evaluation deliverables that have changed, and provide a brief description of each change and its impact on assurance.
AMA_SIA.2.7C The security impact analysis shall, for each applicable assurance requirement in the vulnerability assessment (Class AVA Vulnerability assessment) assurance class, identify which evaluation deliverables have changed and which have not, and give reasons for the decision taken as to whether or not to update the deliverable.
Evaluator action elements:
AMA_SIA.2.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
AMA_SIA.2.2E The evaluator shall check that the security impact analysis documents all changes to an appropriate level of detail, together with appropriate justifications that assurance has been maintained in the current version of the TOE.