VE 10

From MozillaWiki
Revision as of 02:49, 25 November 2006 by Mwzphx (talk | contribs)
Jump to navigation Jump to search

==SECTION 10: DESIGN ASSURANCE==

AS.10.01Aconfiguration management system shall be implemented for the

cryptographicmodule and module components within the cryptographic

boundary,and for associated module documentation.


Assessment:

==VE.10.01.01==

VE.10.01.01Thevendor documentation shall describe the configuration management

(CM)system for the cryptographic module, module components, and

associatedmodule documentation.


Assessment:

AS.10.02Eachversion of each configuration item (e.g., cryptographic module,

modulecomponents, user guidance, security policy, and operating

system)that comprises the module and associated documentation shall

beassigned and labeled with a unique identification number.

Assessment:

==VE.10.02.01==

VE.10.02.01Thevendor CM documentation shall include a configuration list of all

configurationitems. The CM documentation shall describe the method

usedto uniquely identify the configuration items.


Assessment:

==VE.10.02.02==

VE.10.02.02Thevendor documentation shall describe the method used to uniquely

identifythe version of each configuration item being validated.


Assessment:

AS.10.03Documentationshall specify the procedures for secure installation,

initialization,and startup of the cryptographic module.


Assessment:

==VE.10.03.01==

VE.10.03.01Thevendor documentation shall describe the steps necessary for the

secureinstallation, initialization, and start-up of the cryptographic

module.


Assessment:

AS.10.04 (Level 2) In addition to the requirements of Security Level 1, documentation shall specify the procedures required for maintaining security while distributing and delivering versions of the cryptographic module to authorized operators.


Assessment:

==VE.10.04.01==

VE.10.04.01 (Level 2) The delivery documentation shall describe the procedures necessary to maintain security when distributing the cryptographic module to authorized operators.


Assessment:

AS.10.05Thefollowing requirements shall apply to cryptographic modules for

SecurityLevel 1.

Note:This assertion is tested as part of AS10.06 and AS10.07.


Assessment:

AS.10.06Documentationshall specify the correspondence between the design of

thehardware, software, and firmware components of the cryptographic

moduleand the cryptographic module security policy.


Assessment:

==VE.10.06.01==

VE.10.06.01Thevendor documentation shall describe how the hardware, software,

andfirmware design(s) corresponds to the security policy (rules of

operation)of the cryptographic module.


Assessment:

AS.10.07Ifthe cryptographic module contains software or firmware components,

documentationshall specify the source code for the software and

firmwarecomponents, annotated with comments that clearly depict the

correspondenceof the components to the design of the module.

Assessment:

==VE.10.07.01==

VE.10.07.01Thevendor shall supply a list of the names of all the software and

firmwarecomponents contained in the cryptographic module.


Assessment:

==VE.10.07.02==

VE.10.07.02Thevendor shall supply an annotated source listing of each software

andfirmware component contained in the cryptographic module.


Assessment:

AS.10.08Ifthe cryptographic module contains hardware components,

documentationshall specify the schematics and/or Hardware

DescriptionLanguage (HDL) listings for the hardware components.


Assessment:

==VE.10.08.01==

VE.10.08.01Thevendor shall supply a list of the hardware components contained in

thecryptographic module.

Assessment:

AS.10.10 (Level 2) Documentation shall specify a functional specification that informally describes the cryptographic module, the external ports and interfaces of the module, and the purpose of the interfaces.

==VE.10.10.01==

VE.10.10.01 (Level 2) The vendor functional specification shall describe the cryptographic module, and each external interface and port.

Assessment:

==VE.10.10.02==

VE.10.10.02 (Level 2) The vendor functional specification shall describe the purpose of each external interface.

Assessment:

AS.10.21Cryptoofficer guidance shall specify the administrative functions,

securityevents, security parameters (and parameter values, as

appropriate),physical ports, and logical interfaces of the cryptographic

moduleavailable to the crypto officer.

Note:This assertion is tested as part of AS10.23.

Assessment:

AS.10.22Cryptoofficer guidance shall specify procedures on how to administer

thecryptographic module in a secure manner.

Note:This assertion is tested as part of AS10.23.


Assessment:

AS.10.23Cryptoofficer guidance shall specify assumptions regarding user

behaviorthat is relevant to the secure operation of the cryptographic

module.


Assessment:

==VE.10.23.01==

VE.10.23.01Thevendor documentation shall include the information listed in

AS10.21,AS10.22 and AS10.23.


Assessment:

==VE.10.23.02==

VE.10.23.02Thecrypto officer nonproprietary guidance shall be available to the

cryptoofficer.


Assessment:

AS.10.24Userguidance shall specify the Approved security functions, physical

ports,and logical interfaces available to the users of the cryptographic

module

Note:This assertion is tested as part of AS10.25.

Assessment:

AS.10.25Userguidance shall specify all user responsibilities necessary for the

secureoperation of the cryptographic module.


Assessment:

==VE.10.25.01==

VE.10.25.01Thevendor documentation shall include the information listed in

AS10.24and AS10.25.


Assessment:

==VE.10.25.02==

VE.10.25.02Theuser nonproprietary guidance shall be available to the user.



Retrieved from "https://wiki.mozilla.org/index.php?title=VE_10&oldid=43036"