Common Criteria Test Documentation

Analysis of Coverage

This family establishes that the Target of Evaluation Security Function has been tested against its functional specification. This is achieved through an examination of developer evidence of correspondence.

In this component, the developer shows how tests in the test documentation correspond to Target of Evaluation Security Function Requirement Interfaces in the functional specification. This can be achieved by a statement of correspondence, perhaps using a table.

Depth of Coverage

The components in this family deal with the level of detail to which the Target of Evaluation Security Function Requirement is tested by the developer. Testing of the Target of Evaluation Security Function Requirement is based upon increasing depth of information derived from additional design representations and descriptions (Target of Evaluation design, implementation representation, and security architecture description).

The objective is to counter the risk of missing an error in the development of the Target of Evaluation. Testing that exercises specific internal interfaces can provide assurance not only that the Target of Evaluation Security Function Requirement exhibits the desired external security behavior, but also that this behavior stems from correctly operating internal functionality.