Common Criteria Development Documentation
Go Back to Services PageFunctional Specification
This family levies requirements upon the functional specification, which describes the Target of Evaluation Security Function Requirement interfaces. The Target of Evaluation Security Function Requirement consist of all means for users to invoke a service from the Target of Evaluation Security Function Requirement (by supplying data that is processed by the Target of Evaluation Security Function Requirement) and the corresponding responses to those service invocations. It does not describe how the Target of Evaluation Security Function Requirement processes those service requests, nor does it describe the communication when the Target of Evaluation Security Function Requirement invokes services from its operational environment; this information is addressed by the Target of Evaluation design (ADV_TDS) and Reliance of dependent component (ACO_REL) families, respectively.
Security Architecture Description
The objective of this family is for the developer to provide a description of the security architecture of the Target of Evaluation Security Function Requirement. This will allow analysis of the information that, when coupled with the other evidence presented for the Target of Evaluation Security Function Requirement, will confirm the Target of Evaluation Security Function Requirement achieves the desired properties. The security architecture descriptions supports the implicit claim that security analysis of the Target of Evaluation can be achieved by examining the Target of Evaluation Security Function Requirement; without a sound architecture, the entire Target of Evaluation functionality would have to be examined.
Security Architecture Design
The design description of a Target of Evaluation provides both context for a description of the Target of Evaluation Security Function Requirement, and a thorough description of the Target of Evaluation Security Function Requirement. As assurance needs increase, the level of detail provided in the description also increases. As the size and complexity of the Target of Evaluation Security Function Requirement increase, multiple levels of decomposition are appropriate. The design requirements are intended to provide information (commensurate with the given assurance level) so that a determination can be made that the security functional requirements are realized.
