Functional testing performed by the developer provides assurance that the tests in the test documentation are performed and documented correctly. The correspondence of these tests to the design descriptions of the TSF is achieved through the Coverage (ATE_COV) and Depth (ATE_DPT) families.
Requirement: EAL2 EAL3 EAL4 EAL5
a) The developer shall test the TSF and provide test documentation. The test documentation shall include a test plan which identifies the TOE to be tested and the tests to be performed.
These descriptions shall include the description of any test pre-requisites which are necessary to establish the required initial conditions. The test description shall also contain the test procedure description which specifies how the test is executed, which inputs have to be performed, how the expected results should be verified, and which cleanup processing has to be performed. The test description should be clear and sufficiently detailed to ensure that the test is reproducible. The test plan shall provide information about the test configuration being used: both on the configuration of the TOE and on any test equipment being used. This information should be detailed enough to ensure that the test configuration is reproducible.
Background: Test pre-requisites are necessary to establish the required initial conditions for the test. They may be expressed in terms of parameters that must be set or in terms of test ordering in cases where the completion of one test establishes the necessary pre-requisites for another test.
Related Evaluator Actions: For the tests performed by the developer, the evaluator determines from the documentation provided, whether the tests are repeatable and whether the pre-requisites are complete and appropriate in that they will not bias the observed test results towards the expected test results. Regarding consistence of the test configuration the evaluator will also consider the security objectives for the operational environment described in the ST that may apply to the test environment. There may be some objectives for the operational environment that do not apply to the test environment. For example, an objective about user clearances may not apply; however, an objective about a single point of connection to a network would apply.
Examples:
Establishing initial conditions
- User accounts need to exist before they can be deleted.
- An ordering dependency would be where one test generates a file of data to be used as input for another test.
Requirement: EAL3 EAL4 EAL5
b) The test documentation shall include descriptions of the behaviour of TSF subsystems and of their interactions.
Background: This requirement derives from a requirement of an evaluator action of family ATE_DPT.
Related Evaluator Actions: The evaluator will analyse the test documentation to determine whether it describes the behaviour of TSF subsystems and of their interactions.
Requirement: EAL4
c) The test documentation shall include descriptions of the behaviour of the interfaces of TSF-enforcing modules.
Background: This requirement derives from a requirement of an evaluator action of family ATE_DPT.
Related Evaluator Actions: The evaluator will analyse the test documentation to determine whether it describes the behaviour of the interfaces of TSF-enforcing modules.
Requirement: EAL5
d) The test documentation shall include descriptions of the behaviour of the interfaces of all modules.
Background: This requirement derives from a requirement of an evaluator action of family ATE_DPT.
Related Evaluator Actions: The evaluator will analyse the test documentation to determine whether it describes the behaviour of the interfaces of all modules.
Requirement: EAL2 EAL3 EAL4 EAL5
e) The test documentation shall include the expected test results which show the anticipated outputs from a successful execution of the tests.
Background: The expected test results are needed to determine whether or not a test has been successfully performed. The description of the expected test results are sufficient if they are unambiguous and consistent with the expected behaviour given the testing approach.
Related Evaluator Actions: The evaluator will analyse the test documentation to determine whether it contains sufficient information about the anticipated outputs from a successful execution of the tests. The evaluator will determine whether the test steps and expected results are consistent with the descriptions of the TSFI in the functional specification.
Requirement: EAL2 EAL3 EAL4 EAL5
f) The test documentation shall include the information about actual test results which demonstrates that the actual test results are consistent with the expected test results. If a direct comparison of actual results cannot be made until some data reduction or synthesis has been first performed, the developer's test documentation should describe the process to reduce or synthesise the actual data. Since the TOE might be subject to change in the
course of the development process, the test documentation should also reference the actually tested version of the TOE.
Background: A comparison of the actual and expected test results will reveal any inconsistencies between the results.
Related Evaluator Actions: The evaluator will analyse the test documentation to determine whether the actual test results are consistent with the expected test results.