ACM_SCP.3 Development tools CM coverage
Objectives
A CM system can control changes only to those items that have been placed under CM. Placing the TOE implementation representation, design, tests, user and administrator documentation, and CM documentation under CM provides assurance that they have been modified in a controlled manner with proper authorisations.
The ability to track security flaws under CM ensures that security flaw reports are not lost or forgotten, and allows a developer to track security flaws to their resolution.
Development tools play an important role in ensuring the production of a quality version of the TOE. Therefore, it is important to control modifications to these tools.
Dependencies:
ACM_CAP.3 Authorisation controls
Developer action elements:
ACM_SCP.3.1D The developer shall provide CM documentation.
Content and presentation of evidence elements:
ACM_SCP.3.1C The CM documentation shall show that the CM system, as a minimum, tracks the following: the TOE implementation representation, design documentation, test documentation, user documentation, administrator documentation, CM documentation, security flaws, and development tools and related information.
ACM_SCP.3.2C The CM documentation shall describe how configuration items are tracked by the CM system.
Evaluator action elements:
ACM_SCP.3.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.