1 / 20

Guideline for Developer Documentation

Guideline for Developer Documentation. Christian Krause. Federal Office for Information Security. 8th ICCC / September 26th, 2007. What makes the use of the CC/CEM for developer difficult ?. CEM contains detailed requirements regarding the developer evidence

hilda-wilkins
Download Presentation

Guideline for Developer Documentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Guideline forDeveloper Documentation Christian Krause Federal Office for Information Security 8th ICCC / September 26th, 2007

  2. What makes the use of the CC/CEM for developer difficult? • CEM contains detailed requirements regarding the developer evidence • Therefore developers who intend to get involved in a CC evaluation has to consult the CEM

  3. What makes the use of the CC/CEM for developer difficult? • Structure and content of the CEM has been optimised to serve as an evaluation directive for evaluators • That makes the use of the CEM for developers in particular with less CC experience difficult

  4. What makes the use of the CC/CEM for developer difficult? A lot of information is only relevant for the evaluation, but not for the preparation of the developer evidence • ADV: Evaluator analyses regarding accuracy • Requirements regarding site visits • ATE_IND • AVA_VAN • Guidance on sampling strategies • ...

  5. What makes the use of the CC/CEM for developer difficult? The motivation of the requirements is not obvious in any case • What’s the use of so much paper work? The navigation is circumstantially for developers • e. g. developers has to consult the CC for the assurance component corresponding to the chosen EAL and then search in the CEM for the right requirements

  6. Developer Guideline To ease the adoption of the CC for developers with less CC experiences, BSI has issued a Guideline for Developer Documentation • Covering all assurance components up to EAL5 (without classes ASE/APE which are considered in a separate ST/PP Guide)

  7. Assurance Components addressed in the Guideline

  8. Content and Structureof the Developer Guideline The Guideline offers assistance to developers by • extracting the information regarding the developer evidence from the CC/CEM, • structuring the information customised for the developer needs, • explanation of the context and background, • examples and • a sample document structure with explanations for the use as template for the developer documentation

  9. Introduction to CC and CEM • Short Introduction to CC/CEM with overview of assurance classes • Explanation of the differences between the EALs • What does a higher EAL mean for • developer • evaluator • customer • Description of the additional requirements from an EAL to the next higher EAL

  10. Introduction to CC and CEM Example:

  11. Extracted Requirementsfor developer evidence • Requirements for developer evidence • labelled with colours for simple navigation • extract of requirements that have to be fulfilled by the developer • prepared in an order suitable from a developer’s view • explanation of related evaluator actions

  12. Extracted Requirementsfor developer evidence Example:

  13. Explanation of the context If reasonable additional information is given in a structured form • Background • Elucidation of the background • Note • Hint for developer • Role in the evaluation process • Explanation of the role in the evaluation process (What is the goal of the requirement?) • Examples • Depict how a requirement could be fulfilled

  14. Explanation of the context Example:

  15. Explanation of the context Example:

  16. Sample Document Structure Sample Document Structure with explanations • Can be used by developers as template for the preparation of developer documentation • Is a possibility to simplify evaluations by providing a standard structure for developer documentation

  17. Sample Document Structure Example (1):

  18. Sample Document Structure Example (2):

  19. Download Guideline for Developer Documentation • www.bsi.bund.de/zertifiz/zert/index_en.htm

  20. Contact Bundesamt für Sicherheit in der Informationstechnik (BSI) Christian Krause Godesberger Allee 185-189 53175 Bonn Tel: +49 (0) 3018 - 9582-5116 Fax: +49 (0) 3018 - 109582-5116 Christian.Krause@bsi.bund.de www.bsi.bund.de www.bsi-fuer-buerger.de

More Related