In the context of the revision of the Common Criteria from version 2.1 to 3.0
the “Bundesamt für Sicherheit in der Informationstechnik” (BSI) has
taken the lead to rewrite the CC classes ACM, ADO, AGD and ALC.
The objective of the revision was to reduce the work load for developers,
evaluators and certification bodies. This is achieved on the one hand
by eliminating redundancies, which reduces the number of requirements
and work units, and on the other hand by clarifying structure, requirements
and used terms, which reduces the time needed to find out what is to
do, and the time lost due to different understandings of criteria by
the different parties.
Following main changes have been worked out by the BSI supported by “SRC Security
Research & Consulting GmbH” and the CCIMB:
||The ACM families SCP and CAP are transferred into the new ALC class. Since
they are reorganised (strict separation of capability and scope),
they get the new denotations CMS resp. CMC. The ACM family AUT is
integrated into CMC.
||The families DVS, FLR, LCD, and TAT of the present ALC class are taken over
in the new ALC class retaining their denotations. Several additional
methodology have been defined and some clarification of specific
terms were given for these families.
|| The ADO class is dissolved in the new structure. ADO_DEL has been moved to
ALC due to its life cycle relationship. ADO_IGS concerns mainly
the user. IGS activities are categorised into user related activities
(now part of AGD_PRE) and developer activities (covered by ALC_CMC).
|| The present AGD class deals with the operational phase of the TOE. The two
families USR and ADM have many similar requirements and belong to
the same life-cycle phase. They are combined to a single new family
denoted by AGD_OPE (“Operational user guidance”). User types are
distinguished by introducing a role concept.
||The family AVA_MSU overlaps strongly with AGD and is dissolved in the new structure.
The non-redundant MSU requirements are moved to AGD and to AVA_VLA