Abstract:
The “Bundesamt für Sicherheit in der Informationstechnik”
(BSI) has taken the lead for a CC-project to develop and validate
the procedure in order to perform re-useable evaluations of ALC material.
The motivation of this project is based on an increasing demand coming
from different developers to save unnecessary evaluation efforts.
In this context re-use of certified ALC material would be a significant
benefit to developers who develop multiple products at one or more
sites, particularly under the same procedures. This would lead to
a significant reduction of time and money for evaluations which could
also as a result improve the acceptance and the market of the CC.
To achieve this goal two strategies have been found namely a Development
Site Certification approach and a Reusability approach. The first
approach leads to a TOE independent CC certificate which is issued
to confirm that a specific development environment fulfils the CC
requirements regarding the related ALC class. Probably additional
ISMS definitions have to be taken into account.
The second approach depends on a previous TOE evaluation in order
to re-use already certified ALC related items such as the applied
CM system and/or the development site security.
As a first step a project team consisting of several BSI accredited
ITSEFs and the BSI itself carried out an analysis of development and
production procedures for both software and hardware products. Using
this as a basic the reusability process has been developed and documented.
Finally the reusability process definition will be validated under
several trial evaluations.
The project team was supported by different certification schemes,
several software and hardware developers and a number of communities
and/or boards like the CCMB and the CCDB.