Specifications
87
Table 22 TOE Security Functional Requirement to TOE Security Objectives Rationale
Security Objective
(TOE)
Security Functional Requirement Rationale
O.ADMIN_GUIDANCE
ALC_DEL.1 ensures that the administrator has the ability to begin their TOE installation
with a clean (e.g., malicious code has not been inserted once it has left the developer’s
control) version of the TOE, which is necessary for secure management of the TOE
The AGD_PRE.1 requirement ensures the administrator has the information necessary
to install the TOE in the evaluated configuration. Often times a vendor’s product
contains software that is not part of the TOE and has not been evaluated. The
Installation, Generation and Startup (IGS) documentation ensures that once the
administrator has followed the installation and configuration guidance the result is a
TOE in a secure configuration.
The AGD_OPE.1 requirement mandates the developer provide the administrator with
guidance on how to operate the TOE in a secure manner. This includes describing the
interfaces the administrator uses in managing the TOE and any security parameters that
are configurable by the administrator. The documentation also provides a description of
how to set up and use the auditing features of the TOE.
The AGD_OPE is also intended for non-administrative users. If the TOE provides
facilities/interfaces for this type of user, this guidance will describe how to use those
interfaces securely. This could include guidance on the setup of wireless clients for use
with the TOE. If it is the case that the wireless clients may be configured by
administrators that are not administrators of this TOE, then that guidance may be user
guidance from the perspective of this TOE.
AGD_OPE.1 AND AGD_PRE.1 analysis during evaluation will ensure that the
guidance documentation can be followed unambiguously to ensure the TOE is not
misconfigured in an insecure state due to confusing guidance.