Archived
TD0230: ALC Assurance Activities for Server Virtualization and Base Virtualization PPs
Publication Date
2017.09.06
Protection Profiles
PP_BASE_VIRTUALIZATION_V1.0, PP_SV_V1.1
Other References
ALC_CMC.1, ALC_CMS.1
Issue Description
Incorrect assurance activities for ALC_CMC.1.1E and ALC_CMS.1.1E in both PP_BASE_VIRTUALIZATION_V1.0 and PP_SV_V1.1. Resolution
For both PP_BASE_VIRTUALIZATION_V1.0 and PP_SV_V1.1, make the following change to the assurance activites of ALC_CMC.1.1E and ALC_CMS.1.1E: 1. Replace Assurance Activity for ALC_CMC.1.1E Current: The evaluator shall verify that the TOE has been provided with its unique reference labeled. The evaluator shall verify that the CM documentation has been provided and that it describes the method used to uniquely identify each configuration item. The evaluator shall verify that the developer has used a CM system and that this system uniquely identifies each configuration New: The evaluator shall check the ST to ensure that it contains an identifier(such as a product name/version number) that specifically identifies the version that meets the requirements of the ST. Further, the evaluator shallcheck the AGD guidance and TOE samples received for testing to ensure that the version number is consistent with that in the ST. If the vendor maintains a web site advertising the TOE, the evaluator shall examine theinformation on the web site to ensure that the information in the ST is sufficient to distinguish the product. 2. Replace Assurance Activity for ALC_CMS.1.1E Current: The evaluator shall verify that the developer has provided a configuration list for the TOE that contains each item highlighted above. The evaluator shall verify that each item in the configuration list is uniquely identified and its developer is indicated. New: The evaluator shall ensure that the developer has identified (in public-facing development guidance for their platform) one or more development environments appropriate for use in developing applications for the developer’s platform. For each of these development environments, the developer shall provide information on how to configure the environment to ensure that buffer overflow protection mechanisms in the environment(s) are invoked (e.g., compiler and linker flags). The evaluator shall ensure that this documentation also includes an indication of whether such protections are on by default, or have to be specifically enabled. Justification
Incorrect assurance activities for ALC_CMC.1 and ALC_CMS.1. |