Common Criteria Guidance Documenation

Operational User Guide

Operational user guidance refers to written material that is intended to be used by all types of users of the Target of Evaluation in its evaluated configuration: end-users, persons responsible for maintaining and administering the Target of Evaluation in a correct manner for maximum security, and by others (e.g. programmers) using the Target of Evaluation's external interfaces. Operational user guidance describes the security functionality provided by the Target of Evaluation Security Function Requirement, provides instructions and guidelines (including warnings), helps to understand the Target of Evaluation Security Function Requirement, and includes the security-critical information, and the security-critical actions required, for its secure use. Misleading and unreasonable guidance should be absent from the guidance documentation, and secure procedures for all modes of operation should be addressed. Insecure states should be easy to detect.

Preparatory Procedures

Preparative procedures are useful for ensuring that the Target of Evaluation has been received and installed in a secure manner as intended by the developer. The requirements for preparation call for a secure transition from the delivered Target of Evaluation to its initial operational environment. This includes investigating whether the Target of Evaluation can be configured or installed in a manner that is insecure but that the user of the Target of Evaluation would reasonably believe to be secure.