F2009VE 10

SECTION 10: DESIGN ASSURANCE

AS.10.01A configuration management system shall be implemented for the

cryptographic module and module components within the cryptographic

boundary, and for associated module documentation.

Assessment:

VE.10.01.01

VE.10.01.01The vendor documentation shall describe the configuration management

(CM) system for the cryptographic module, module components, and

associated module documentation.

Assessment:

AS.10.02Each version of each configuration item (e.g., cryptographic module,

module components, user guidance, security policy, and operating

system) that comprises the module and associated documentation shall

be assigned and labeled with a unique identification number.

Assessment:

VE.10.02.01

VE.10.02.01The vendor CM documentation shall include a configuration list of all

configuration items. The CM documentation shall describe the method

used to uniquely identify the configuration items.

Assessment:

VE.10.02.02

VE.10.02.02The vendor documentation shall describe the method used to uniquely

identify the version of each configuration item being validated.

Assessment:

AS.10.03Documentation shall specify the procedures for secure installation,

initialization, and startup of the cryptographic module.

Assessment:

VE.10.03.01

VE.10.03.01The vendor documentation shall describe the steps necessary for the

secure installation, initialization, and start-up of the cryptographic

module.

Assessment:

AS.10.04 (Level 2) In addition to the requirements of Security Level 1, documentation shall specify the procedures required for maintaining security while distributing and delivering versions of the cryptographic module to authorized operators.

Assessment:

VE.10.04.01

VE.10.04.01 (Level 2) The delivery documentation shall describe the procedures necessary to maintain security when distributing the cryptographic module to authorized operators.

Assessment:

AS.10.05The following requirements shall apply to cryptographic modules for

Security Level 1.

Note: This assertion is tested as part of AS10.06 and AS10.07.

Assessment:

AS.10.06Documentation shall specify the correspondence between the design of

the hardware, software, and firmware components of the cryptographic

module and the cryptographic module security policy.

Assessment:

VE.10.06.01

VE.10.06.01The vendor documentation shall describe how the hardware, software,

and firmware design(s) corresponds to the security policy (rules of

operation) of the cryptographic module.

Assessment:

AS.10.07If the cryptographic module contains software or firmware components,

documentation shall specify the source code for the software and

firmware components, annotated with comments that clearly depict the

correspondence of the components to the design of the module.

Assessment:

VE.10.07.01

VE.10.07.01The vendor shall supply a list of the names of all the software and

firmware components contained in the cryptographic module.

Assessment:

VE.10.07.02

VE.10.07.02The vendor shall supply an annotated source listing of each software

and firmware component contained in the cryptographic module.

Assessment:

AS.10.08If the cryptographic module contains hardware components,

documentation shall specify the schematics and/or Hardware

Description Language (HDL) listings for the hardware components.

Assessment:

VE.10.08.01

VE.10.08.01The vendor shall supply a list of the hardware components contained in

the cryptographic module.

Assessment:

AS.10.10 (Level 2) Documentation shall specify a functional specification that informally describes the cryptographic module, the external ports and interfaces of the module, and the purpose of the interfaces.

VE.10.10.01

VE.10.10.01 (Level 2) The vendor functional specification shall describe the cryptographic module, and each external interface and port.

Assessment:

VE.10.10.02

VE.10.10.02 (Level 2) The vendor functional specification shall describe the purpose of each external interface.

Assessment:

AS.10.21Crypto officer guidance shall specify the administrative functions,

security events, security parameters (and parameter values, as

appropriate), physical ports, and logical interfaces of the cryptographic

module available to the crypto officer.

Note: This assertion is tested as part of AS10.23.

Assessment:

AS.10.22Crypto officer guidance shall specify procedures on how to administer

the cryptographic module in a secure manner.

Note: This assertion is tested as part of AS10.23.

Assessment:

AS.10.23Crypto officer guidance shall specify assumptions regarding user

behavior that is relevant to the secure operation of the cryptographic

module.

Assessment:

VE.10.23.01

VE.10.23.01The vendor documentation shall include the information listed in

AS10.21, AS10.22 and AS10.23.

Assessment:

VE.10.23.02

VE.10.23.02The crypto officer nonproprietary guidance shall be available to the

crypto officer.

Assessment:

AS.10.24User guidance shall specify the Approved security functions, physical

ports, and logical interfaces available to the users of the cryptographic

module

Note: This assertion is tested as part of AS10.25.

Assessment:

AS.10.25User guidance shall specify all user responsibilities necessary for the

secure operation of the cryptographic module.

Assessment:

VE.10.25.01

VE.10.25.01The vendor documentation shall include the information listed in

AS10.24 and AS10.25.

Assessment:

VE.10.25.02

VE.10.25.02The user nonproprietary guidance shall be available to the user.