Specifications
Security Target Version 1.0 9/29/2014
57
operation following failure or operational error), their consequences and implications for
maintaining secure operation.
AGD_OPE.1.6c
The operational user guidance shall, for each user role, describe the security measures to be
followed in order to fulfill the security objectives for the operational environment as described in
the ST.
AGD_OPE.1.7c
The operational user guidance shall be clear and reasonable.
AGD_OPE.1.1e
The evaluator shall confirm that the information provided meets all requirements for content and
presentation of evidence.
Component Assurance Activity:
During operation, the activities to be described in the guidance fall into two broad categories;
those that are performed by a (non-administrative) user, and those that are performed by an
administrator. It should be noted that most procedures needed for non-administrative users are
referenced in the assurance activities in Section 4.1.
With respect to the administrative functions, while several have also been described in Section 4.1,
additional information is required as follows.
The operational guidance shall at a minimum list the processes running (or that could run) on the
TOE in its evaluated configuration during its operation that are capable of processing data
received on the network interfaces (there are likely more than one of these, and this is not limited
to the process that.
5.3.2.2 Preparative procedures (AGD_PRE.1)
AGD_PRE.1.1d
The developer shall provide the TOE including its preparative procedures.
AGD_PRE.1.1c
The preparative procedures shall describe all the steps necessary for secure acceptance of the
delivered TOE in accordance with the developer's delivery procedures.
AGD_PRE.1.2c
The preparative procedures shall describe all the steps necessary for secure installation of the TOE
and for the secure preparation of the operational environment in accordance with the security
objectives for the operational environment as described in the ST.
AGD_PRE.1.1e
The evaluator shall confirm that the information provided meets all requirements for content and
presentation of evidence.
AGD_PRE.1.2e
The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared
securely for operation.
Component Assurance Activity:
As indicated in the introduction above, there are significant expectations with respect to the
documentation—especially when configuring the operational environment to support TOE
functional requirements. The evaluator shall check to ensure that the guidance provided for the
TOE adequately addresses all platforms and components (that is, combination of hardware and
operating system) claimed for the TOE in the ST.
The evaluator shall check to ensure that the following guidance is provided:
Instructions and information is provided to the administrator detailing how to configure the virtual
management network so that control/configuration network traffic between TOE components is
encrypted and that this is the only allowed configuration for conformant TOEs. If the TOE is a
multiple component TOE, then the appropriate requirements are included in the ST from