Guide for the Production of Evaluation Evidence


As the Guide for the production of Security Targets and Protection Profiles (ISO 15446) was successfully standardized, which is good practice for developer perspective; there are needs for guide for other crucial assurance component in the CC for cost-effective evaluation.
Because most guidance materials concerning security evaluation are focused on evaluators rather than developers, developers trying the first evaluation get to be in trouble for little references, and are apt to depend on evaluator or consultant advices.
Therefore it is the time that good referential materials is provided, so developers easily approach to CC evaluation in a conceptual way.
We intend to show our work and experience for this matter. The point is that if the guidance is adjusted too specific for a product, it might be useless for general purpose, and it is written too generally, it cannot show difference compared to the CEM.