信息技術(shù)安全評估一般方法學(xué)

Foreword前言

CEMv3.1aimsto:

eliminateredundantevaluationactivities;

reduce/eliminateactivitiesthatcontributelittletothefinalassuranceofaproduct;

clarifyCEMterminologytoreducemisunderstanding;

restructureandrefocustheevaluationactivitiestothoseareaswheresecurity

assuranceisgained;

andaddnewCEMrequirementsifneeded.

CEMv3.1致力于：

排除多余的評估活動；

減少/排除對最后確信一個產(chǎn)品貢獻(xiàn)微小的活動；

闡明CEM術(shù)語來減少誤解；

對于已獲得安全保證的那些區(qū)域，調(diào)整和重新選擇評估活動的重點(diǎn)；

如有需要，新增一些CEM要求。

TableofContents目錄

1介紹INTRODUCTION.....................................................................................13

2導(dǎo)讀SCOPE.......................................................................................................14

3參考的標(biāo)準(zhǔn)NORMATIVEREFERENCES......................................................15

4術(shù)語和定義TERMSANDDEFINITIONS.......................................................16

5符號和縮寫術(shù)語SYMBOLSANDABBREVIATEDTERMS.........................18

6綜述OVERVIEW..............................................................................................19

7文檔慣例DOCUMENTCONVENTIONS.......................................................20

8評估過程和有關(guān)的工作..........................................22

9類APE:保護(hù)輪廓評估PROTECTIONPROFILEEVALUATION..................37

10類ASE:安全目標(biāo)評估SECURITYTARGETEVALUATION.....................70

11類ADV:開發(fā)CLASSADV:DEVELOPMENT............................................109

12類AGD:指導(dǎo)文檔CLASSAGD:GUIDANCEDOCUMENTS...................199

13類ALC:生命周期支持CLASSALC:LIFE-CYCLESUPPORT..................207

14類ATE:測試CLASSATE:TESTS...............................................................276

15類AVA:脆弱性評估VULNERABILITYASSESSMENT............................308

16類ACO:成分CLASSACO:COMPOSITION................................................346

A一般評價指導(dǎo)GENERALEVALUATIONGUIDANCE.............................393

B脆弱性評估VULNERABILITYASSESSMENT(AVA)...............................406

1Introduction

ThetargetaudiencefortheCommonMethodologyforInformationTechnology

SecurityEvaluation(CEM)isprimarilyevaluatorsapplyingtheCCandcertifiers

confirmingevaluatoractions;evaluationsponsors,developers,PP/STauthorsand

otherpartiesinterestedinITsecuritymaybeasecondaryaudience.

TheCEMrecognisesthatnotallquestionsconcerningITsecurityevaluationwillbe

answeredhereinandthatfurtherinterpretationswillbeneeded.Individualschemes

willdeterminehowtohandlesuchinterpretations,althoughthesemaybesubjectto

mutualrecognitionagreements.Alistofmethodology-relatedactivitiesthatmaybe

handledbyindividualschemescanbefoundinAnnexA.

信息技術(shù)安全評估一般方法學(xué)(CEM)的目標(biāo)受眾主要是應(yīng)用CC的評估員和

證實(shí)評估員行動的證明者、評估主辦方、開發(fā)者、PP/ST作者和可能是次要受眾

的對IT安全感興趣的有關(guān)各方。

CEM承認(rèn)并不是所有關(guān)于rr安全評估的問題都會在此中回答，并且需要進(jìn)一

步的解釋。個別的計劃將會決定如何運(yùn)用這些解釋，盡管這些可能會被相互承認(rèn)

協(xié)議支配。一個可能會被個別計劃運(yùn)用的方法學(xué)相關(guān)活動的清單見附錄A。

2Scope

TheCommonMethodologyforInformationTechnologySecurityEvaluation(CEM)

isacompaniondocumenttotheCommonCriteriaforInformationTechnology

SecurityEvaluation(CC).TheCEMdefinestheminimumactionstobeperformedby

anevaluatorinordertoconductaCCevaluation,usingthecriteriaandevaluation

evidencedefinedintheCC.

TheCEMdoesnotdefineevaluatoractionsforcertainhighassuranceCCcomponents,

wherethereisasyetnogenerallyagreedguidance.

CEM是CC的配套文檔，CEM規(guī)定了一個評估員為進(jìn)行一個CC評估而執(zhí)行的

最小行動，使用CC中定義的標(biāo)準(zhǔn)和評估證據(jù)。

CEM不規(guī)定某一高保證CC組件的評估員行動，關(guān)于這個也還沒有普遍認(rèn)可

的指導(dǎo)。

4Termsanddefinitions

actionevaluatoractionelementoftheCCPart3

行動CC第3部分的評估員行動要素

Theseactionsareeitherexplicitlystatedasevaluatoractionsorimplicitlyderived

fromdeveloperactions(impliedevaluatoractions)withintheCCPart3assurance

components.

這些行動可以是評估員行動的明確規(guī)定，也可以是從CC第3部分保證組件的開發(fā)

者行動(暗含的評估者行動)推斷出的。

activityapplicationofanassuranceclassoftheCCPart3

活動CC第3部分的一個保證類的應(yīng)用

schemesetofrules,establishedbyanevaluationauthority,definingthe

evaluationenvironment,includingcriteriaandmethodologyrequiredtoconductIT

securityevaluations

計劃規(guī)則的集合，由一個評估權(quán)威建立，規(guī)定了評估環(huán)境，包含進(jìn)行IT

安全評估所需的標(biāo)準(zhǔn)和方法學(xué)。

5Symbolsandabbreviatedterms

CEMCommonMethodologyforInformationTechnologySecurityEvaluation

ETREvaluationTechnicalReport評估技術(shù)報告

ORObservationReport觀測報告

6Overview

Chapter7definestheconventionsusedintheCEM.

Chapter8describesgeneralevaluationtaskswithnoverdictsassociatedwiththemas

theydonotmaptoCCevaluatoractionelements.

Chapter9addressestheworknecessaryforreachinganevaluationresultonaPP.

Chapters10to16definetheevaluationactivities,organisedbyAssuranceClasses.

AnnexAcoversthebasicevaluationtechniquesusedtoprovidetechnicalevidenceof

evaluationresults.

AnnexBprovidesanexplanationoftheVulnerabilityAnalysiscriteriaandexamples

oftheirapplication

第7章定義了CEM中的慣例。

第8章描述了一般評估任務(wù)，不含與評估任務(wù)有關(guān)的裁決，同樣它們也不對應(yīng)

CC評估員行動要素。

第9章提出了在PP上達(dá)到一個評估結(jié)果需要做的工作。

第10章到第16章定義了評估活動，按保證類組織。

附錄A包含了基本的評估技術(shù)，用于提供評估結(jié)果的技術(shù)證據(jù)。

附錄B提供了脆弱性分析標(biāo)準(zhǔn)的解釋和它們的應(yīng)用的例子。

7DocumentConventions

7.1Terminology術(shù)語

UnliketheCC,whereeachelementmaintainsthelastdigitofitsidentifyingsymbol

forallcomponentswithinthefamily,theCEMmayintroducenewworkunitswhena

CCevaluatoractionelementchangesfromsub-activitytosub-activity;asaresult,the

lastdigitoftheworkunit'sidentifyingsymbolmaychangealthoughtheworkunit

remainsunchanged.

Anymethodology-specificevaluationworkrequiredthatisnotderiveddirectlyfrom

CCrequirementsistermedtaskorsub-task.

對于族里面的所有組件,CC中每個要素保持著的它的標(biāo)示符號的最后一個數(shù)

字。與CC不同，當(dāng)一個CC評估員行動要素從一個子活動變到另一個子活動時，

CEM可能會引入新的工作單元。結(jié)果是，工作單元的標(biāo)示符號的最后一個數(shù)字

可能會改變，盡管工作單元并沒有改變。

7.2Verbusage動詞用法

Allworkunitandsub-taskverbsareprecededbytheauxiliaryverbshallandby

presentingboththeverbandtheshallinbolditalictypeface.Theauxiliaryverbshall

isusedonlywhentheprovidedtextismandatoryandthereforeonlywithinthework

unitsandsub-tasks.Theworkunitsandsubtaskscontainmandatoryactivitiesthatthe

evaluatormustperforminordertoassignverdicts.

Theauxiliaryverbshouldisusedwhenthedescribedmethodisstronglypreferred.

Allotherauxiliaryverbs,includingmay,areusedwherethedescribedmethod（s）is

allowedbutisneitherrecommendednorstronglypreferred;itismerelyexplanation.

Theverbscheck,examine,reportandrecordareusedwithaprecisemeaningwithin

thispartoftheCEMandtheChapter4shouldbereferencedfortheirdefinitions.

所有的工作單元和子任務(wù)動詞都由助動詞shall在前引導(dǎo)，并且和助動詞shall

一起以黑色斜體字顯示。助動詞shall只用于當(dāng)提供的文本是強(qiáng)制的，因此只在工

作單元和子任務(wù)中。工作單元和子任務(wù)包含了評估員必須執(zhí)行的強(qiáng)制性的活動，

為了賦值裁決。

助動詞should用于當(dāng)所描述的方法有很高的優(yōu)先級時。其他的助動詞，包括

may,用于當(dāng)所描述的方法是允許的，但并不是推薦的或高優(yōu)先級的，僅僅是一

個說明。

動詞check,examine,report和record,與在CEM這部分中有一個精確意義的

（術(shù)語）共同使用，可以參考（術(shù)語）在第4章的定義。

7.4RelationshipbetweenCCandCEMstructures

CommonCriteriaCommonEvaluationMethodology

Figure1-MappingoftheCCandCEMstructures

However,severalCEMworkunitsmayresultfromtherequirementsnotedinCC

developeractionandcontentandpresentationelements.

8Evaluationprocessandrelatedtasks

8.2Evaluationprocessoverview

8.2.1Objectives目的

Thissectionpresentsthegeneralmodelofthemethodologyandidentifies:

a)rolesandresponsibilitiesofthepartiesinvolvedintheevaluationprocess;

b)thegeneralevaluationmodel.

這一節(jié)描述了方法學(xué)和識別的一般模型：

a)評估過程涉及的角色和當(dāng)事人的責(zé)任。

b)一般的評估模型。

8.2.2Responsibilitiesoftheroles各種角色的責(zé)任

Thegeneralmodeldefinesthefollowingroles:sponsor,developer,evaluatorand

evaluationauthority.

Thesponsorisresponsibleforrequestingandsupportinganevaluation.Thismeans

thatthesponsorestablishesthedifferentagreementsfortheevaluation(e.g.

commissioningtheevaluation).Moreover,thesponsorisresponsibleforensuringthat

theevaluatorisprovidedwiththeevaluationevidence.

ThedeveloperproducestheTOEandisresponsibleforprovidingtheevidence

requiredfortheevaluation(e.g.training,designinformation),onbehalfofthe

sponsor.

Theevaluatorperformstheevaluationtasksrequiredinthecontextofanevaluation:

theevaluatorreceivestheevaluationevidencefromthedeveloperonbehalfofthe

sponsorordirectlyfromthesponsor,performstheevaluationsub-activitiesand

providestheresultsoftheevaluationassessmenttotheevaluationauthority.

Theevaluationauthorityestablishesandmaintainsthescheme,monitorsthe

evaluationconductedbytheevaluator,andissuescertification/validationreportsas

wellascertificatesbasedontheevaluationresultsprovidedbytheevaluator.

一般模型定義了以下幾種角色：發(fā)起人、開發(fā)者、評估員和評估權(quán)威。

發(fā)起人負(fù)責(zé)請求和支持一個評估。這意味著發(fā)起人為評估建立了不同的協(xié)議

(如：委托進(jìn)行這一評估)。此外，發(fā)起人負(fù)責(zé)確保評估員提供了評估證明。

開發(fā)者創(chuàng)作了TOE,并且負(fù)責(zé)提供評估需要的證明(如：培訓(xùn)、設(shè)計信息)，

代表發(fā)起人。

評估員執(zhí)行一個評估中需要的評估任務(wù)：評估員從代表發(fā)起人的開發(fā)者那里

接受評估證明，或者直接從發(fā)起人那里，執(zhí)行評估子活動和提供評估評定的結(jié)果

給評估權(quán)威。

評估權(quán)威建立和維持這一計劃，監(jiān)視由評估員管理的評估，并且發(fā)布檢定/

批準(zhǔn)報告，同時基于評估員提供的評估結(jié)果發(fā)布證書證明。

8.2.3Relationshipofroles

Topreventundueinfluencefromimproperlyaffectinganevaluation,someseparation

ofrolesisrequired.Thisimpliesthattherolesdescribedabovearefulfilledby

differententities,exceptthattherolesofdeveloperandsponsormaybesatisfiedbya

singleentity.

Moreover,someevaluations(e.g.EAL1evaluation)maynotrequirethedeveloperto

beinvolvedintheproject.Inthiscase,itisthesponsorwhoprovidestheTOEtothe

evaluatorandwhogeneratestheevaluationevidence.

為了防止對一個評估的錯誤影響，將一些角色分開是必須的。這意味著以上

描述的角色都要不同的實(shí)體來扮演，除過開發(fā)者和發(fā)起者由同一個實(shí)體扮演。

此外，許多評估（如：EAL1評估）可能不需要在計劃中包含開發(fā)者。這種

情況下，由發(fā)起人提供TOE給評估者，并且生成評估證明。

8.2.4Generalevaluationmodel

Theevaluationprocessconsistsoftheevaluatorperformingtheevaluationinputtask,

theevaluationoutputtaskandtheevaluationsub-activities.Figure2providesan

overviewoftherelationshipbetweenthesetasksandsub-activities.

評估過程由評估員執(zhí)行評估輸入任務(wù)、評估輸出任務(wù)和評估子活動組成。這

些任務(wù)和子活動之間的關(guān)系如圖2所示。

Figure2-Genericevaluationmodel

Theevaluationprocessmaybeprecededbyapreparationphasewhereinitialcontact

ismadebetweenthesponsorandtheevaluator.Theworkthatisperformedandthe

involvementofthedifferentrolesduringthisphasemayvary.Itistypicallyduring

thisstepthattheevaluatorperformsafeasibilityanalysistoassessthelikelihoodofa

successfulevaluation.

評估過程可能以一個準(zhǔn)備階段為先導(dǎo)，發(fā)起人和評估者建立初步的聯(lián)系。這

個工作被執(zhí)行，這一階段不同角色之間的牽連可能變化。值得注意的是，在這一

階段評估者執(zhí)行一個可行性分析來評定這是一個成功的評估的可能性。

8.2.5Evaluatorverdicts評估員裁決

TheevaluatorassignsverdictstotherequirementsoftheCCandnottothoseofthe

CEM.ThemostgranularCCstructuretowhichaverdictisassignedistheevaluator

actionelement(explicitorimplied).AverdictisassignedtoanapplicableCC

evaluatoractionelementasaresultofperformingthecorrespondingCEMactionand

itsconstituentworkunits.Finally,anevaluationresultisassigned,asdescribedinCC

Part1,Chapter10,Evaluationresults.

評估員賦值裁決是根據(jù)CC的要求，而不是根據(jù)CEM的要求。裁決被賦值的

最細(xì)分的結(jié)構(gòu)是評估員行動要素。一個裁決被賦值給一個合適的CC評估員行動

要素，是由于履行了相應(yīng)的CEM行動和它的成分工作單元。最后，一個評估結(jié)

果被賦值，就如CC第1部分第10章評估結(jié)果所述。

TheCEMrecognisesthreemutuallyexclusiveverdictstates:

a)ConditionsforapassverdictaredefinedasanevaluatorcompletionoftheCC

evaluatoractionelementanddeterminationthattherequirementsforthePP,STor

TOEunderevaluationaremet.Theconditionsforpassingtheelementaredefinedas:

1)theconstituentworkunitsoftherelatedCEMaction,and;

2)allevaluationevidencerequiredforperformingtheseworkunitsis

coherent,thatisitcanbefullyandcompletelyunderstoodbytheevaluator,and

3)allevaluationevidencerequiredforperformingtheseworkunitsdoesnot

haveanyobviousinternalinconsistenciesorinconsistencieswithotherevaluation

evidence.Notethatobviousmeansherethattheevaluatordiscoversthis

inconsistencywhileperformingtheworkunits:theevaluatorshouldnot

undertakeafullconsistencyanalysisacrosstheentireevaluationevidenceevery

timeaworkunitisperformed.

b)ConditionsforafailverdictaredefinedasanevaluatorcompletionoftheCC

evaluatoractionelementanddeterminationthattherequirementsforthePP,ST,or

TOEunderevaluationarenotmet,orthattheevidenceisincoherent,oranobvious

inconsistencyintheevaluationevidencehasbeenfound;

c)Allverdictsareinitiallyinconclusiveandremainsountileitherapassorfail

verdictisassigned.

Theoverallverdictispassifandonlyifalltheconstituentverdictsarealsopass.In

theexampleillustratedinFigure3,iftheverdictforoneevaluatoractionelementis

failthentheverdictsforthecorrespondingassurancecomponent,assuranceclass,and

overallverdictarealsofail.

總體裁決通過當(dāng)且僅當(dāng)所有的成分裁決都通過。例如圖3,如果有一個評估

員行動要素的裁決失敗了，相應(yīng)的保證組件、保證類和總體的裁決也失敗。

Figure3-Exampleoftheverdictassignmentrule

8.3Evaluationinputtask評估輸入任務(wù)

8.3.1Objectives

Theobjectiveofthistaskistoensurethattheevaluatorhasavailablethecorrect

versionoftheevaluationevidencenecessaryfortheevaluationandthatitis

adequatelyprotected.Otherwise,thetechnicalaccuracyoftheevaluationcannotbe

assured,norcanitbeassuredthattheevaluationisbeingconductedinawayto

providerepeatableandreproducibleresults.

這一任務(wù)的目的是確保評估員有評估所必須的評估證明的正確版本，并且是

受到充分保護(hù)的。否則，評估的技術(shù)精確度不能被保證，也不能保證評估以一個

提供可重復(fù)和可再生的結(jié)果的方式被管理。

8.4Evaluationsub-activities

Theevaluationsub-activitiesvarydependingwhetheritisaPPoraTOEevaluation.

Moreover,inthecaseofaTOEevaluation,thesub-activitiesdependuponthe

selectedassurancerequirements.

評估子活動根據(jù)是否是一個PP或TOE評估而不同。而且，在TOE評估的情況

下，子活動依賴于選擇的保證要求。

8.5Evaluationoutputtask

8.5.1Objectives

TheobjectiveofthisSectionistodescribetheObservationReport(OR)andthe

EvaluationTechnicalReport(ETR).Schemesmayrequireadditionalevaluator

reportssuchasreportsonindividualunitsofwork,ormayrequireadditional

informationtobecontainedintheORandtheETR.TheCEMdoesnotprecludethe

additionofinformationintothesereportsastheCEMspecifiesonlytheminimum

informationcontent.

Consistentreportingofevaluationresultsfacilitatestheachievementoftheuniversal

principleofrepeatabilityandreproducibilityofresults.Theconsistencycoversthe

typeandtheamountofinformationreportedintheETRandOR.ETRandOR

consistencyamongdifferentevaluationsistheresponsibilityoftheevaluation

authority.

Theevaluatorperformsthetwofollowingsub-tasksinordertoachievetheCEM

requirementsfortheinformationcontentofreports:

a)writeORsub-task(ifneededinthecontextoftheevaluation);

b)writeETRsub-task.

本節(jié)的目的是描述觀測報告(OR)和評估技術(shù)報告(ETR)。計劃可能需要附加

的評估員報告，像個別工作單元的報告，或者可能需要附加的信息，包含進(jìn)OR

和ETR。CEM不排除向這些報告添加信息，同時CEM指定最小的信息內(nèi)容。

評估結(jié)果的一致性報告幫助完成結(jié)果的重復(fù)性和可再生性的普遍原則。一致

性包含類型和ETR和OR中報告的信息總和。ETR和OR在不同評估中的一致性，

是評估權(quán)威的責(zé)任。

評估員執(zhí)行以下兩個子任務(wù)來獲得CEM要求的報告的信息內(nèi)容：

a)寫OR子任務(wù)(如果在評估內(nèi)容中需要)；

b)寫ETR子任務(wù)。

9ClassAPE:ProtectionProfileevaluation

9.1Introduction

ThisChapterdescribestheevaluationofaPP.Therequirementsandmethodologyfor

PPevaluationareidenticalforeachPPevaluation,regardlessoftheEAL(orotherset

ofassurancerequirements)thatisclaimedinthePP.Theevaluationmethodologyin

thisChapterisbasedontherequirementsonthePPasspecifiedinCCPart3class

APE.

這一章描述了對PP的評估。PP評估的要求和方法學(xué)對每個PP評估都是一樣的，

不受PP中聲稱的EAL(或其他保證要求集合)影響。本章的評估方法學(xué)是建立在PP

的要求上的，正如CC第3部分類APE規(guī)定的那樣。

閱讀本章可以結(jié)合CC第1部分附錄A,B和C。

9.2Applicationnotes

9.2.1Re-usingtheevaluationresultsofcertifiedPPs

WhileevaluatingaPPthatisbasedononeormorecertifiedPPs,itmaybepossibleto

re-usethefactthatthesePPswerecertified.Thepotentialforreuseoftheresultofa

certifiedPPisgreaterifthePPunderevaluationdoesnotaddthreats,OSPs,security

objectivesand/orsecurityrequirementstothoseofthePPthatconformanceisbeing

claimedto.IfthiPPunderevaluationcontainsmuchmorethanthecertifiedPP,

re-usemaynotbeusefulatall.

OSPOrganisationalSecurityPolicy組織安全策略

如果評估的一個PP是基于一個或幾個證明過的PPs,那就有可能重用這些PP

證明的事實(shí)。重用一個證明過的PP的結(jié)果的潛能可能會更大，如果正在評估的

PP不增加威脅、OSPs、安全目標(biāo)和/或安全要求，PP正是向它們主張一致性。

Theevaluatorisallowedtore-usethePPevaluationresultsbydoingcertainanalyses

onlypartiallyornotatalliftheseanalysesorpartsthereofwerealreadydoneaspart

ofthePPevaluation.Whiledoingthis,theevaluatorshouldassumethattheanalyses

inthePPwereperformedcorrectly.

評估者被允許通過做某些分析來重用PP評估結(jié)果，只有部分的或全都不能

(重用)，如果這些分析或它的部分已經(jīng)作為PP評估的一部分被完成。當(dāng)這么

做時，評估者應(yīng)該假定PP中的分析是正確執(zhí)行的。

AnexamplewouldbewherethePPthatconformanceisbeingclaimedtocontainsa

setofsecurityrequirements,andtheseweredeterminedtobeinternallyconsistent

duringitsevaluation.IfthaPPunderevaluationusestheexactsamerequirements,the

consistencyanalysisdoesnothavetoberepeatedduringthePPevaluation.IfthePP

underevaluationaddsoneormorerequirements,orperformsoperationsonthese

requirements,theanalysiswillhavetoberepeated.However,itmaybepossibleto

saveworkinthisconsistencyanalysisbyusingthefactthattheoriginalrequirements

areinternallyconsistent.Iftheoriginalrequirementsareinternallyconsistent,the

evaluatoronlyhastodeterminethat:

a)thesetofallnewand/orchangedrequirementsisinternallyconsistent,and

b)thesetofallnewand/orchangedrequirementsisconsistentwiththeoriginal

requirements.

TheevaluatornotesintheETReachcasewhereanalysesarenotdoneoronly

partiallydoneforthisreason.

9.3PPintroduction(APEJNT)

9.3.1Evaluationofsub-activity(APEJNT.1)

Objectives目的

Theobjectiveofthissub-activityistodeterminewhetherthePPiscorrectlyidentified,

andwhetherthePPreferenceandTOEoverviewareconsistentwitheachother.

這一子活動的目標(biāo)是判決PP是否被正確地鑒別，也判決PP參考和TOE概述是

否相互一致。

Input

Theevaluationevidenceforthissub-activityis:

a)thePP.

ActionAPEJNT.1.1E行動

APEjNT.i.icThePPintroductionshallcontainaPPreferenceandaTOEoverview.

APE_INT.I-ITheevaluatorshallcheckthatthePPintroductioncontainsaPPreference

andaTOEoverview.

APE_INT.I.2CThePPreferenceshalluniquelyidentifythePP.

APE_INT.I-2TheevaluatorshallexaminethePPreferencetodeterminethatituniquely

identifiesthePP.

.a.ccPP介紹必須包含一個PP參考和TOE概述。

APE_INT,1-1評估員必須檢查PP介紹包含一個PP參考和TOE概述。

APE_INT,1.2CPP參考必須獨(dú)特地確定PP。

TheevaluatordeterminesthatthePPreferenceidentifiesthePPitself,sothatitmay

beeasilydistinguishedfromotherPPs,andthatitalsouniquelyidentifieseach

versionofthePP,e.g.byincludingaversionnumberand/oradateofpublication.

ThePPshouldhavesomereferencingsystemthatiscapableofsupportingunique

references(e.g.useofnumbers,lettersordates).

評估員判決PP參考確定PP自身，以便于它可以容易地從其他PPs中區(qū)別出來，

并且它也獨(dú)特地確定PP的每個版本，例如通過包含一個版本號和/或一個出版日

期。PP應(yīng)該有一些足夠支持獨(dú)特地參考文獻(xiàn)的參考系統(tǒng)(如使用數(shù)字、字母或

日期)。

APE_INT.I.3CTheTOEoverviewshallsummarisetheusageandmajorsecurity

featuresoftheTOE.

APEJNT.I-3TheevaluatorshallexaminetheTOEoverviewtodeterminethatit

describestheusageandmajorsecurityfeaturesoftheTOE.

APE.INT.1.3CTOE概述必須概括TOE的用法和主要安全特征。

TheTOEoverviewshouldbriefly(i.e.severalparagraphs)describetheusageand

majorsecurityfeaturesexpectedoftheTOE.TheTOEoverviewshouldenable

consumersandpotentialTOEdeveloperstoquicklydeterminewhetherthePPisof

interesttothem.

TheevaluatordeterminesthatthnoverviewisclearenoughforTOEdevelopersand

consumers,andsufficienttogivethem。generalunderstandingoftheintendedusage

andmajorsecurityfeaturesoftheTOE.

APEJNT.I.4cTheTOEoverviewshallidentifytheTOEtype.

APE_INT.I-4TheevaluatorshallcheckthattheTOEoverviewidentifiestheTOEtype.

APE_INT.I.5CTheTOEoverviewshallidentifyanynon-TOEhardware/software/

firmwareavailabletotheTOE.

APE_INT.I-5TheevaluatorshallexaminetheTOEoverviewtodeterminethatit

identifiesanynon-TOEhardware/software/firmwareavailabletotheTOE.

APE_INT,1.4CTOE概述必須確定TOE類型。

TOE概述必須確定所有的可用于TOE的非TOE硬件/軟件/固件。

WhilesomeTOEsmayrunstand-alone,otherTOEs(notablysoftwareTOEs)need

additionalhardware,softwareorfirmwaretooperate.InthissectionofthePP,thePP

authorlistsallhardware,software,and/orfirmwarethatwillbeavailablefortheTOE

torunon.

ThisidentiEcationshouldbedetailedenoughforpotentialconsumersandTOE

developerstodeterminewhethertheirTOEmayoperatewiththelistedhardware,

softwareandfirmware.

9.4Conformanceclaims(APE_CCL)

9.4.1Evaluationofsub-activity(APE_CCL.1)

Input

Theevaluationevidenceforthissub-activityis:

a)thePP;

b)thePP(s)thatthePPclaimsconformanceto;

c)thepackage(s)thatthePPclaimsconformanceto.

APE_CCL.I.ICTheconformanceclaimshallcontainaCCconformanceclaimthat

identifiestheversionoftheCCtowhichthePPclaimsconformance.

APE.CCL.1.1C一致性要求必須包含一個CC一致性要求,它確定了PP主張一致性的

CC的版本。

APE_CCL.I-ITheevaluatorshallcheckthattheconformanceclaimcontainsaCC

conformanceclaimthatidentifiestheversionoftheCCtowhichthePPclaims

conformance.

APE_CCL.I.2CTheCCconformanceclaimshalldescribetheconformanceofthePPto

CCPart2aseitherCCPart2conformantorCCPart2extended.

NPEfdccCC一致性要求必須描述PP對CC第2部分的一致性,是CC第2部分一致

或是第2部分?jǐn)U展。

APE_CCL.I-2TheevaluatorshallcheckthattheCCconformanceclaimstatesaclaimof

eitherCCPart2conformantorCCPart2extendedforthePP.

APE_CCL.I.3CTheCCconformanceclaimshalldescribetheconformanceofthePPto

CCPart3aseitherCCPart3conformantorCCPart3extended.

睡￡CL.\3cCC一致性要求必須描述PP對CC第3部分的一致性,是CC第3部分一致

或是第3部分?jǐn)U展。

APE_CCL.I-3TheevaluatorshallcheckthattheCCconformanceclaimstatesaclaimof

eitherCCPart3conformantorCCPart3extendedforthePP.

APE_CCL.I.4CTheCCconformanceclaimshallbeconsistentwiththeextended

componentsdefinition.

APE_CCL.1.4CCC一致性要求必須與擴(kuò)展組件定義一致。

APE_CCL.I-4TheevaluatorshallexaminetheCCconformanceclaimforCCPart2to

determinethatitisconsistentwiththeextendedcomponentsdefinition.

APE_CCL.I-5TheevaluatorshallexaminetheCCconformanceclaimforCCPart3to

determinethatitisconsistentwiththeextendedcomponentsdefinition.

APE_CCL.I.5CTheconformanceclaimshallidentifyallPPsandsecurityrequirement

packagestowhichthePPclaimsconformance.

APE_CCL.1.5C一致性要求必須定義所有的PP和PP主張一致性的安全要求包。

APE_CCL.I-6TheevaluatorshallcheckthattheconformanceclaimcontainsaPPclaim

thatidentifiesallPPsforwhichthePPclaimsconformance.

APE_CCL.I-7Theevaluatorshallcheckthattheconformanceclaimcontainsapackage

claimthatidentifiesallpackagestowhichthePPclaimsconformance.

APE_CCL.I.6CTheconformanceclaimshalldescribeanyconformanceofthePPtoa

packageaseitherpackage-conformantorpackage-augmented.

APE_CCL.1.6C一致性要求必須描述PP對一個包的所有一致性,像包一致性或包增廣。

APE_CCL.I-8Theevaluatorshallcheckthat,foreachidentifiedpackage,the

conformanceclaimstatesaclaimofeitherpackage-nameconformantor

package-nameaugmented.

APE_CCL.I.7CTheconformanceclaimrationaleshalldemonstratethattheTOEtypeis

consistentwiththeTOEtypeinthePPsforwhichconformanceisbeingclaimed.

APE_CCL.1.7C一致性要求基本原理必須證明TOE類型,與它主張一致性的PP中的

TOE類型一致。

APE_CCL.I-9Theevaluatorshallexaminetheconformanceclaimrationaletodetermine

thattheTOEtypeoftheTOEisconsistentwithallTOEtypesofthePPs.

APE_CCL.I.8CTheconformanceclaimrationaleshalldemonstratethatthestatementof

thesecurityproblemdefinitionisconsistentwiththestatementofthesecurity

problemdefinitioninthePPsforwhichconformanceisbeingclaimed.

APE_CCL.1.8C一致性要求基本原理必須證明定義安全問題的聲明,與它主張一致性

的PP中的定義安全問題的聲明一致。

APE_CCL.I-IOTheevaluatorshallexaminetheconformanceclaimrationaletodetermine

thatitdemonstratesthatthestatementofsecurityproblemdefinitionisconsistent,as

definedbytheconformancestatementofthePP,withthestatementsofsecurity

problemdefinitionstatedinthePPstowhichconformanceisbeingclaimed.

APE_CCL.I.9CTheconformanceclaimrationaleshalldemonstratethatthestatementof

securityobjectivesisconsistentwiththestatementofsecurityobjectivesinthePPs

forwhichconformanceisbeingclaimed.

APE_CCL.1.9C一致性要求基本原理必須證明安全目標(biāo)的聲明,與它主張一致性的PP

中的安全目標(biāo)的聲明一致。

APE_CCL.I-IITheevaluatorshallexaminetheconformanceclaimrationaletodetermine

thatthestatementofsecurityobjectivesisconsistent,asdefinedbytheconformance

statementofthePPs,withthestatementofsecurityobjectivesinthePPs.

APE_CCL.I.IOCTheconformanceclaimrationaleshalldemonstratethatthestatement

ofsecurityrequirementsisconsistentwiththestatementofsecurityrequirementsin

thePPsforwhichconformanceisbeingclaimed.

APE_CCL.1.10C一致性要求基本原理必須證明安全要求的聲明,與它主張一致性的PP

中的安全要求的聲明一致。

APE_CCL.I-I2TheevaluatorshallexaminethePPtodeterminethatitisconsistent,as

definedbytheconformancestatementofthePP,withallsecurityrequirementsinthe

PPsforwhichconformanceisbeingclaimed.

APE_CCL.I.HCTheconformancestatementshalldescribetheconformancerequiredof

anyPPs/STstothePPasstrict-PPordemonstrable-PPconformance.

APE.CCL.1.11C一致性要求必須描述所有PPS/STS對PP的一致性要求是嚴(yán)格PP一致

還是可論證的PP一致。

APE_CCL.I-I3TheevaluatorshallcheckthatthePPconformancestatementstatesa

claimofstrict-PPordemonstrable-PPconformance.

9.5Securityproblemdefinition(APE_SPD)

Theobjectiveofthissub-activityistodeterminethatthesecurityproblemintendedto

beaddressedbytheTOEanditsoperationalenvironmentisclearlydefined.

這一子活動的目標(biāo)是確定TOE準(zhǔn)備處理的安全問題，和確定清晰的定義了操

作環(huán)境。

Input

Theevaluationevidenceforthissub-activityis:

a)thePP.

APE_SPD.I.ICThesecurityproblemdefinitionshalldescribethethreats.

APE_SPD.1.1C安全問題定義必須描述威脅。

APE_SPD.I-ITheevaluatorshallcheckthatthesecurityproblemdefinitiondescribesthe

threats.

APE_SPD.I.2CAZZthreatsshallbedescribedintermsofathreatagent,anasset,andan

adverseaction.

NPE穿D.\2C所有威脅必須以一個威脅代理、一個資產(chǎn)和一個不利行動的形式描述。

APE_SPD,I-2Theevaluatorshallexaminet