1 / 12

Evaluating TOE

This document outlines the Common Evaluation Methodology (CEM) for evaluating Targets of Evaluation (TOE) under Common Criteria (CC). It delineates the evaluator's responsibilities, emphasizing principles such as appropriateness, impartiality, objectivity, repeatability, reproducibility, and soundness of results. It describes key parties involved in the evaluation process: the sponsor, developer, evaluator, and overseer. The CEM elaborates the evaluation phases: preparation, conduct, and conclusion, including procedural agreements and the Evaluation Technical Report (ETR) to justify the evaluation verdict.

vallari-karn
Télécharger la présentation

Evaluating TOE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evaluating TOE

  2. Common Evaluation Methodology (CEM) • A method of applying the CC requirements consistently and uniformly during evaluation of TOE • Describes the minimum actions that an evaluator must perform in order to conduct an evaluation of a PP, ST, and TOE

  3. Principles of Evaluation • Appropriateness – Evaluators will perform their duties to meet their responsibilities as consistent with the targeted EAL • Impartiality – Evaluator’s evaluation will be impartial without any conflicts of interest • Objectivity – Evaluator’s will perform their duties with minimum subjectivity or opinion • Repeatability and reproducibility – Evaluators will achieve the same results given the same TOE and supporting evidence • Soundness of results – Results will be complete and accurate

  4. Parties involved in the evaluation process • Sponsor – • User, industry group, government or other entities that want a product evaluated • Responsible for establishing the agreements necessary to perform the evaluation • Support the evaluator (evaluation evidence, training and other support) • Funds the process

  5. Parties involved in the evaluation process • Developer • Actual producer of the TOE • Supports evaluation by producing and maintaining the evaluation evidence

  6. Parties involved in the evaluation process • Evaluator • Laboratory certified by the overseer • Performs duties as specified by the CC • Receives the evaluation evidence • Requests and receives support from the overseer • Documents with supporting evidence the overall verdict and any conditional verdicts.

  7. Parties involved in the evaluation process • Overseer • Validation body. CC organization of the country • Assures through use of an appointed validator • Provides guidance and interpretations of the CC • Approves or disapproves the overall verdict

  8. Evaluation Process – Preparation Phase • Sponsor contacts the evaluator to begin process of evaluation under the CC • Sponsor or developer supplies the evaluators the evaluation deliverables, • Feasibility study is conducted to develop • List of evaluation deliverables • list of evaluation activities, • sampling requirements in CC that the evaluation will address • Sponsors and evaluators sign an agreement to establish the framework for evaluation

  9. Evaluation Process – Conduct Phase • Evaluator develops the evaluation actions based on the deliverables • Evaluator may write observation report (OR) to seek clarification from the overseer • Evaluator may identify a potential weakness and seek additional information from the developer or sponsor

  10. Conclusion phase • Evaluator gives the Evaluation technical report (ETR) to the overseer

  11. Evaluator verdicts • Pass: Requirements for the PP, ST or TOE are met • Fail: Requirements for the PP, ST or TOE have not been met • Inconclusive: Default status until the evaluator either passes or fails the product. • All constituent verdicts must pass to receive an overall pass verdict.

  12. Evaluation Technical Report (ETR) • ETR is used to justify the verdict of the evaluator

More Related