Details for the structure and content of the ETR for Site Certification. Version 1.0

Transcription

1 Details for the structure and content of the ETR for Site Certification Version 1.0

2 Bundesamt für Sicherheit in der Informationstechnik Postfach Bonn Tel.: Internet: Bundesamt für Sicherheit in der Informationstechnik 2010

3 Table of Content Table of Content 1 Background Specific References Application notes and interpretation Site Evaluation Information Deliverables Evaluated configuration ETR-Parts Errors and inconsistencies Further directions and recommendations Re-evaluation and reuse Final verdict of the Security Evaluation Facility Comments Annexes List of Abbreviations and Glossery Sources ETR-Parts and additional evaluators's documentation...13 Bundesamt für Sicherheit in der Informationstechnik 3

4

5 Background 1 1 Background Site visits have been part of all TOE certifications of the Common Criteria (ISO/IEC 14508). Within Version 3.1 the site certification process was established, which allows a TOE external site handling. This document describes in chapter 3, 4 and 5 how to write an ETR as part of the Site Certification process. Bundesamt für Sicherheit in der Informationstechnik 5

6 2 Specific References 2 Specific References 1. CC, Part 3, [1] 2. CEM [2] 3. CCDB [3] 4. AIS 19 [4] 5. AIS 32 [5] 6. CCMC [6] 7. PP 0035 [7] 8. Evaluation Deliverables (see section 5.2.) 9. Evaluation Reports and additional Documentation by the Evaluators (see section 5.2.) 6 Bundesamt für Sicherheit in der Informationstechnik

7 ETR for Site Certification 3 3 ETR for Site Certification The following table includes all relevant data of the document: Name Value Filename Current version Date Classification (Confidential) Site name (long) Site name (short) Sponsor (long) Sponsor (short) Certification ID Certification body (long) Certification body (short) 3.1 Site Evaluation Information Site under evaluation The description of the site under evaluation must include the physical and logical scope. This comprises: Address of the site which is subject to this site evaluation project is. Service provided by the site (e.g. assembly and embedding) as well as the logical scope of the evaluation Persons involved Persons who were involved in the evaluation process: Sponsor: Address of sponsors of this site evaluation. Address of whom the evaluation deliverables are provided. Evaluators/Evaluation Facility: Bundesamt für Sicherheit in der Informationstechnik 7

8 3 ETR for Site Certification By whom the evaluation was performed and their companies address. Certification Body: By whom of the certification body the evaluation was accompanied by: Address and name of Certification Body Timetable of evaluation The time-frame when the evaluation took place Evaluation basis The evaluation basis upon this report is based on shall be listed here (e.g. the CC version, supporting documents, AIS). The certification ID is recorded here. The evaluation deliverables and further documents used during the evaluation are listed in 5.2. Sources. 3.2 Deliverables The current evaluation is a site evaluation and therefore the only deliverables existing is the internal documentation of the site as provided during the evaluation and as referred to in the referred document list. However this chapter shall describe if guidance is provided by the site. The guidance may be needed to comply with specific requirements needed to comply with the evaluated processes or to use specific services that were in the scope of the evaluation. 3.3 Evaluated configuration Description of the site This chapter shall include a short summary of the scope of evaluation considering separate premises of the same site involved in the evaluation if applicable. The description shall include possible options of the services provided by the site and information on the delivery of the output. In addition it shall be address if all transfers of configuration items are considered as internal transport or if the site is involved in the delivery to customers. The site description can be cited from the Site Security Target. Further on describe how the site is involved in the production process of the TOE, how the site is related to the TOE configurations, which life cycle phase is covered, how the TOE is traced during production. Describe, by whom the transport of the TOE is organised and labelled and how it is controlled by the client. 3.4 ETR-Parts The ETR-Parts and additional evaluator s documentation shall be referenced in section Bundesamt für Sicherheit in der Informationstechnik

9 3.4.1 List of ETR-Parts ETR for Site Certification 3 Documentation and additional Evaluation Documentation worked out by the evaluators shall be listed here Results of the ETR-Parts The verdict of each ETR-Part should be presented here as a table Open issues from the ETR-parts. Open issues from the ETR-parts should be stated here Addenda to the ETR-Parts Addendum to the ETR-Part AST The developer had updated the Site Security Target during the generation of the Site Security Target Lite. The impact on the evaluation results provided in ETR-Part AST shall be stated here. During the examination the evaluator compared the Security Target with the Site Security Target Lite. The Site Security Target Lite complies with the requirements of [3]. Therefore the evaluators determine the Site Security Target Lite is a correct sanitised version of the Site Security Target. 3.5 Errors and inconsistencies To collect all errors and inconsistencies the evaluators shall review the respective section of each ETR-Part. Errors or the status of error finding shall be listed here. 3.6 Further directions and recommendations Imposed conditions and directions to the developer. Imposed conditions and directions to the developer shall be listed here. If none was stated, this should also be claimed Recommendations and directions to the user The relevant information or reference for using the evaluated site is given in this section. This is related to the usage of the site in the production flow for a specific product. These recommendations and directions can include a list of assumptions which reflect the expectations of the site. The assumptions of the Site Security Target shall be reproduced in this chapter including further explanatory notes of the evaluator if needed. Note that the assumptions do not cover requirements of the environment of the site under evaluation they cover requirements that must be addressed by the product developer who wants to use the site. Bundesamt für Sicherheit in der Informationstechnik 9

10 3 ETR for Site Certification 3.7 Re-evaluation and reuse The results of this site evaluation and the resulting site certificate are to be re-used in TOE evaluations. The main information for the integration of the site evaluation into a product evaluation is provided in the Site Security Target. Note that especially the assumptions given in section 6.2 of the SST shall be followed when re-using the results of this site evaluation. 3.8 Final verdict of the Security Evaluation Facility All changes impacting already completed ETR-Parts shall be discussed in chapter 3.4. of this document. Therefore the evaluators shall confirm that all results given in chapters 3.4. are still valid. The errors and inconsistencies that may be listed in chapter 3.5., the further directions and recommendations of chapter 3.6., and the information on re-evaluation and reuse as given in chapter 3.7. shall be a complete summary as gained from the ETR-Parts. Based on the results of the ETR-Parts the evaluators may come to the following final verdict: - The life cycle part of the site described in the SST should fulfil the requirements as stated in the documentation. - All security objectives contained in the SST should be achieved. - The life cycle security assurance requirements as stated in the SST for the site shall be listed here.: - The life cycle part as evaluated for the site and its integration into product evaluations is quoted against the claim of attack potential. The chapter shall include the conclusion of the site evaluation regarding the statements on evaluation assurance level and the chosen security assurance requirements. Not e that a site evaluation cannot comply to a complied evaluation assurance level because the site certification can only include security assurance requirements of the class ALC. It shall be explicitly stated if security assurance requirements are not completely addressed by the site, e.g. for ALC_DEL or ALC_TAT. Signatures have to be given from the: Author/s, Evaluator/s, Evaluation manager, Person responsible for the quality assurance of the ETR 10 Bundesamt für Sicherheit in der Informationstechnik

11 Comments 4 4 Comments Comments shall be stated here. Bundesamt für Sicherheit in der Informationstechnik 11

12 5 Annexes 5 Annexes 5.1 List of Abbreviations and Glossery ALC AST CC CM CMC CMS CCDB DEL DVS ETR LCD PP SAR SSS SST TAT UID CC Assurance Class for Life Cycle Support CC Assurance Class for Site Security Target Evaluation Common Criteria Configuation Management CC Assurance Family ALC_CMC for CM Capabilities CC Assurance Family ALC_CMS for CM Scope Common Criteria Development Board CC Assurance Family ALC_DEL for Delivery Procedures CC Assurance Family ALC_DVS for Development Security Evaluation Technical Report CC AssuranceFamily ALC_LCD for Life Cycle Definition Protection Profile Security Assurance Requirement Site Summary Specification (Section of the SST) Site Security Target CC Assurance Family ALC_TAT for Tools and Techniques Unique Identification number, stored in the product Table 1: List of abbreviations The list of abbreviations shall be expanded on demand. 5.2 Sources Evaluation basis: Criteria and Methodology [1] Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Requirements; Version 3.1, Revision 3, July Bundesamt für Sicherheit in der Informationstechnik

13 [2] Common Methodology for Information Technology Security Evaluation, Evaluation methodology, Version 3.1 Revision 3, July 2009 Annexes 5 [3] Supporting Document Guidance: Site Certification, CCDB , Bundesamt für Sicherheit in der Informationstechnik, Version 1.0, Revision 1, October 2007 [4] Anwendungshinweise und Interpretationen zum Schema, AIS19, Version 3, , Bundesamt für Sicherheit in der Informationstechnik [5] Anwendungshinweise und Interpretationen zum Schema, AIS25, Version 5, , Bundesamt für Sicherheit in der Informationstechnik [6] Policies and Procedures: ST sanitising for publication, Document Number: , Version 1.0, April, 2006, Common Criteria Management Committee [7] Security IC Platform Protection Profile, Version 1.0, , registered and certified by Bundesamt für Sicherheit in der Informationstechnik (BSI) under the reference BSI-CC-PP Evaluation Deliverables The Site Security Target Lite, the Site Security Target and all other developer documents shall be listed here. Evaluation Reports and additional Documentation by the Evaluators The ETR Part AST, the ETR part ALC and the site visit report shall be listed here. 5.3 ETR-Parts and additional evaluators's documentation These documents are not part of this Word-file but delivered as distinguished files resp. appended in Paper form. Bundesamt für Sicherheit in der Informationstechnik 13