© crown copyright (2000) module 3.2 evaluation management
TRANSCRIPT
![Page 1: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/1.jpg)
© Crown Copyright (2000)
Module 3.2
Evaluation Management
![Page 2: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/2.jpg)
“You Are Here”
M3.1 Evaluation Process
M3.2 Evaluation Management
MODULE 3 - SCHEME RULES AND PROCEDURES
![Page 3: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/3.jpg)
Evaluation Management
PreparationPhase
Conduct Phase
ConclusionPhase
![Page 4: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/4.jpg)
Evaluation Management
PreparationPhase
Conduct Phase
ConclusionPhase
![Page 5: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/5.jpg)
Preparation Phase - Inputs
• Definition of Target of Evaluation– Scope, boundaries, interfaces, composites, etc.
• What evaluation level is required ?
• Technical expertise required ?
Evaluation
PlanningTOE
![Page 6: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/6.jpg)
Preparation Phase - Suitability
• CLEF/CB may review ST for suitability
• Check Sponsor and Developer have full understanding of:– the evaluation process– the role of the CLEF– their responsibilities throughout evaluation
![Page 7: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/7.jpg)
Preparation Phase - TIN
• May be combined with EWP• Task Identification• Sponsor and Developer Details• Description of TOE• Summary of Security Requirements• Timescales• Staffing• Contacts
![Page 8: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/8.jpg)
Preparation Phase - EWP
• May be combined with TIN
• Evaluation methodology– CEM/ITSEC– Interpretations
• Evaluation effort for each activity
• Constraints
• Limitations
![Page 9: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/9.jpg)
Preparation Phase - UKSP06 Entry & CB Questionnaire
UKSP06
![Page 10: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/10.jpg)
Task Start-up Meeting
• Objective
• Attendees
• Timing
• Agenda
![Page 11: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/11.jpg)
Preparation Phase - Outputs
Evaluation
Planning
EWP
TIN
UKSP 06 Entry
Security Target
CB Questionnaire
![Page 12: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/12.jpg)
Evaluation Management
PreparationPhase
Conduct Phase
ConclusionPhase
![Page 13: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/13.jpg)
Conduct Phase - Inputs
Task Conduct
TIN / EWP
TOE Deliverables
Security Target
Deliverables Schedule
![Page 14: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/14.jpg)
Conduct Phase - Reporting Progress
• Evaluation Progress Meeting (EPM)
• ETR Production– Draft annexes (activity reports, glossary, list of
deliverables etc.)
• Observation Report Status Register
![Page 15: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/15.jpg)
Evaluation Progress Meetings
• Objective
• Attendees
• Timing
• Agenda
![Page 16: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/16.jpg)
Observation Report Status - 1
• AGR - Corrective Action Agreed
• CAP - Certifier Action Pending
• CLR - Cleared
• FIX - Fix to be evaluated by CLEF
• ISS - Issued to the Certifier
![Page 17: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/17.jpg)
Observation Report Status - 2
• PRO - Corrective Action Proposed
• REJ - Corrective Action Rejected
• REL - Released to the Sponsor / Developer
• WDN - Problem Report Withdrawn
![Page 18: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/18.jpg)
Conduct Phase - Observation Reports
• Content (Level 1 and Level 2)– Identifier– Severity Level– Evaluation Activity where raised– Observation– Organisation responsible for resolution– Timescale for resolution
![Page 19: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/19.jpg)
Conduct Phase - Issues
• Maintain Independence
• Comply with UKAS Requirements
• Comply with Methodology Requirements
![Page 20: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/20.jpg)
Conduct Phase - Outputs
Task Conduct
Work Package Reports
Observation Reports
Scheme ObservationReports
![Page 21: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/21.jpg)
Evaluation Management
PreparationPhase
Conduct Phase
ConclusionPhase
![Page 22: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/22.jpg)
Conclusion Phase
• Evaluation Technical Report (ETR)
• Certificate and Certification Report
• Task Closedown
![Page 23: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/23.jpg)
Assurance Maintenance (CMS)
• Additional Evaluation Task
• See Module 2.8 for more details
![Page 24: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/24.jpg)
ITSEC v. CC
• Main difference is work breakdown
• ITSEM/UK SP 05 specify mandatory requirements
• CEM defines Work Units
![Page 25: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/25.jpg)
Summary
• Three Phases to evaluation Management– Preparation Phase– Conduct Phase– Conclusion Phase
• Covers whole evaluation
• Terminology difference between ITSEC & CC
![Page 26: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/26.jpg)
Further Reading
• UKSP 01
• UKSP 04 Part 1
• UKSP 05 Part 1
• CEM Part 2, Chapter 2
![Page 27: © Crown Copyright (2000) Module 3.2 Evaluation Management](https://reader035.vdocuments.site/reader035/viewer/2022062619/5515f218550346d46f8b547b/html5/thumbnails/27.jpg)
Exercise - Planning
• Given the ITT on the handouts, please prepare a TIN and EWP for the task