A TOE includes another developer’s product that provides security functionality. What evaluation evidence is required in order for the product to be included in the evaluated TOE? At issue is the developer’s capability to provide sufficient configuration management (ACM), development (ADV) and vulnerability analysis (AVA) evidence for those products where the developer does not have access to proprietary information.

The assurance requirements apply to the entire TOE (including those products that are not under the direct control of the developer) and the relevant information must be available to the evaluator to perform the required analysis and testing.

Specific Changes

The following text is appended to the end of paragraph 34 of CEM Part 2:

Since the assurance requirements apply to the entire TOE, evaluation evidence pertaining to all products that are part of the TOE is made available to the evaluator. The scope and required content of such evaluation evidence is independent of the level of control that the developer has over each of the products that are part of the TOE. For example, if a high-level design is required, then the ADV_HLD requirements will apply to all subsystems that are part of the TSF. In addition, assurance requirements that call for procedures to be in place (for example, ACM_CAP and ADO_DEL) will also apply to the entire TOE (including any product from another developer).

null