Lowering Evaluation Costs through Developer Certification


One of the largest sets of activities in an evaluation is the examination of the development environment through the assurance components ACM, ADO and ALC. At EAL3 and above this includes a site visit. For each new product a developer wants evaluated they are required to perform another site visit. This leads to a much greater cost when we are in many instances evaluating the same site with the same procedures. While a thorough examination may be justified if the product was developed at a different site, or major changes have been made to any of these components; this is not always the case.

So why not certify the developer’s site and procedures? If a developer could have their site certified it would mean that we could treat it as if the site itself was an evaluated product and perform re-evaluations of the site when major changes require it. In order to allow this, rules would need to be outlined as to what would constitute a major change. This could be conducted similar to assurance continuity with an Impact Analysis Report (IAR).

This presentation will outline why certifying a site separately will not detract from the assurance provided by the associated components. It will show how these changes could in fact add extra assurance to products evaluated at EAL2 and below where a site visit would not normally be performed. This presentation will also explore changes that would need to be made in the evaluation in order to show what parts of these components would still need to be evaluated each time and which ones would simply require evidence showing that no major changes have occurred.