Development evidence (ACO_DEV)

Objectives

482 This family sets out requirements for a specification of the base component in increasing levels of detail. Such information is required to gain confidence that the appropriate security functionality is provided to support the requirements of the dependent component (as identified in the reliance information).

Component levelling

483 The components are levelled on the basis of increasing amounts of detail about the interfaces provided, and how they are implemented.

Application notes

484 The TSF of the base component is often defined without knowledge of the dependencies of the possible applications with which it may by composed.

The TSF of this base component is defined to include all parts of the base component that have to be relied upon for enforcement of the base component SFRs. This will include all parts of the base component required to implement the base component SFRs.

485 The functional specification of the base component will describe the TSFI in terms of the interfaces the base component provides to allow an external entity to invoke operations of the TSF. This includes interfaces to the human user to permit interaction with the operation of the TSF invoking SFRs and also interfaces allowing an external IT entity to make calls into the TSF.

486 The functional specification only provides a description of what the TSF provides at its interface and the means by which that TSF functionality are invoked. Therefore, the functional specification does not necessarily provide a complete interface specification of all possible interfaces available between an external entity and the base component. It does not include what the TSF expects/requires from the operational environment. The description of what a dependent component TSF relies upon of a base component is considered in Reliance of dependent component (ACO_REL) and the development information evidence provides a response to the interfaces specified.

487 The development information evidence includes a specification of the base component. This may be the evidence used during evaluation of the base component to satisfy the ADV requirements, or may be another form of evidence produced by either the base component developer or the composed TOE developer. This specification of the base component is used during Development evidence (ACO_DEV) to gain confidence that the appropriate security functionality is provided to support the requirements of the dependent component. The level of detail required of this evidence increases to reflect the level of required assurance in the composed TOE. This is expected to broadly reflect the increasing confidence gained from the application of the assurance packages to the components. The evaluator

Class ACO: Composition

September 2012 Version 3.1 Page 181 of 233

determines that this description of the base component is consistent with the reliance information provided for the dependent component.

ACO_DEV.1 Functional Description

Dependencies: ACO_REL.1 Basic reliance information Objectives

488 A description of the interfaces in the base component, on which the dependent component relies, is required. This is examined to determine whether or not it is consistent with the description of interfaces on which the dependent component relies, as provided in the reliance information.

Developer action elements:

ACO_DEV.1.1D The developer shall provide development information for the base component.

Content and presentation elements:

ACO_DEV.1.1C The development information shall describe the purpose of each interface of the base component used in the composed TOE.

ACO_DEV.1.2C The development information shall show correspondence between the interfaces, used in the composed TOE, of the base component and the dependent component to support the TSF of the dependent component.

Evaluator action elements:

ACO_DEV.1.1E The evaluator shall confirm that the information meets all requirements for content and presentation of evidence.

ACO_DEV.1.2E The evaluator shall determine that the interface description provided is consistent with the reliance information provided for the dependent component.

ACO_DEV.2 Basic evidence of design

Dependencies: ACO_REL.1 Basic reliance information Objectives

489 A description of the interfaces in the base component, on which the dependent component relies, is required. This is examined to determine whether or not it is consistent with the description of interfaces on which the dependent component relies, as provided in the reliance information.

490 In addition, the security behaviour of the base component that supports the dependent component TSF is described.

Class ACO: Composition

Page 182 of 233 Version 3.1 September 2012

Developer action elements:

ACO_DEV.2.1D The developer shall provide development information for the base component.

Content and presentation elements:

ACO_DEV.2.1C The development information shall describe the purpose and method of use of each interface of the base component used in the composed TOE.

ACO_DEV.2.2C The development information shall provide a high-level description of the behaviour of the base component, which supports the enforcement of the dependent component SFRs.

ACO_DEV.2.3C The development information shall show correspondence between the interfaces, used in the composed TOE, of the base component and the dependent component to support the TSF of the dependent component.

Evaluator action elements:

ACO_DEV.2.1E The evaluator shall confirm that the information meets all requirements for content and presentation of evidence.

ACO_DEV.2.2E The evaluator shall determine that the interface description provided is consistent with the reliance information provided for the dependent component.

ACO_DEV.3 Detailed evidence of design

Dependencies: ACO_REL.2 Reliance information Objectives

491 A description of the interfaces in the base component, on which the dependent component relies, is required. This is examined to determine whether or not it is consistent with the description of interfaces on which the dependent component relies, as provided in the reliance information.

492 The interface description of the architecture of the base component is provided to enable the evaluator to determine whether or not that interface formed part of the TSF of the base component.

Developer action elements:

ACO_DEV.3.1D The developer shall provide development information for the base component.

Content and presentation elements:

ACO_DEV.3.1C The development information shall describe the purpose and method of use of each interface of the base component used in the composed TOE.

Class ACO: Composition

September 2012 Version 3.1 Page 183 of 233

ACO_DEV.3.2C The development information shall identify the subsystems of the base component that provide interfaces of the base component used in the composed TOE.

ACO_DEV.3.3C The development information shall provide a high-level description of the behaviour of the base component subsystems, which support the enforcement of the dependent component SFRs.

ACO_DEV.3.4C The development information shall provide a mapping from the interfaces to the subsystems of the base component.

ACO_DEV.3.5C The development information shall show correspondence between the interfaces, used in the composed TOE, of the base component and the dependent component to support the TSF of the dependent component.

Evaluator action elements:

ACO_DEV.3.1E The evaluator shall confirm that the information meets all requirements for content and presentation of evidence.

ACO_DEV.3.2E The evaluator shall determine that the interface description provided is consistent with the reliance information provided for the dependent component.

Class ACO: Composition

Page 184 of 233 Version 3.1 September 2012