Guideline for Developer Documentation Christian Krause 8th ICCC / September 26th, 2007 Federal Office for Information Security.

Slides:

Advertisements

Similar presentations

Creating a Winning E-Business Second Edition

Advertisements

2012 New Project Directors’ Orientation

Interpreting & Applying the Standards October 4, 2006 Dr. Luis J. Pedraja, Vice President Middle States Commission on Higher Education.

Writing the Team Report Chairs and Evaluators Workshop.

Follow-up Reporting Expectations MSCHE Annual Conference 2009 Mary Ellen Petrisko.

Higher History Strategies for facilitating learners six essential learning experiences as detailed in SQA arrangements document. Learning strategy templates.

Get Started in e-Business. Aim This presentation is prepared to support and give a general overview of the ‘How to Get Started in e-Business’ Guide and.

Effective Design of Trusted Information Systems Luděk Novák,

BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security.

What’s New in Government Internal Control Standards?

Guidelines for a Good Presentation Luis M. Correia Instituto Superior Técnico / INOV-INESC University of Lisbon, Portugal.

New Library Catalogue Interface Proposal 3. Introduction This presentation will outline the design decisions for the new interface of the on-line library.

Company LOGO B2C E-commerce Web Site Quality: an Empirical Examination (Cao, et al) Article overview presented by: Karen Bray Emilie Martin Trung (John)

Introduction to the User’s Guide for Evaluating Learning Outcomes from Citizen Science Tina Phillips, Cornell Lab of Ornithology Marion Ferguson, Cornell.

Your High-Level Overview of the Components Provided by ESP Solutions Group Disaster Prevention and Recovery.

7th February PQG Supplier Auditor Certification and Training scheme Introduction to the scheme & implications of the changes David Mogg PQG Chairman.

 Mark & Sons Future Technology Co. (hereafter, MSFT) is a $40 billion public company that provides high-technology products and services.  Currently,

Creating a Winning E-Business Second Edition

Peter Defranceschi ICLEI - Local Governments for Sustainability An Introduction European Commission GPP Training Toolkit.

Perkins Basic & Regional Reserve Grants Annual Report Directions October 30, 2009.

Information Architecture The science of figuring out what you want your Web site to do and then constructing a blueprint before you dive in and put the.

Support for design of statistical surveys at Statistics Sweden

1 User Manual. 2 A user manual is a technical communication document intended to give assistance to people using a particular system A user manual is.

Regional Seminar 2005 EVALUATING POLICY Are your policies working? How do you know? School Development Planning Initiative.

National Commission for Academic Accreditation & Assessment Developmental Reviews at King Saud University and King Faisal University.

Circuit Rider Training Program (CRTP) Circuit Rider Professional Association Annual General Meeting and Conference August 30, 2012.

provide information Best Practice Template Experiences in Austria Wolfgang Bittermann Directorate Spatial Statistics Canberra 2 May.

Security and Privacy Workgroup SMALL PRACTICE IMPLEMENTATION WEDI/SNIP Security and Privacy Workgroup White Paper Version 2.0 – Dated April 2004.

Training EFL Prospective Teachers on Adopting, Enhancing and Making WebQuests to be Used in Teaching Dr Manal Mohammed Khodary Mohammed Lecturer of Curriculum.

CAMPUS IMPROVEMENT PLANS (CIP) Schoolwide Programs.

QAA Review Incorporating the GOsC Recognised Qualification (RQ) Renewal.

ABC Company Introducing Our Expanded Client Services Platform insert contact info.

Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view.

GCSE (9-1)HISTORY For teaching from 2016 For award from 2018.

======!"§==Systems= Technical Guidance for CC Evaluation Wolfgang Killmann T-Systems GEI GmbH.

SEO. SEO Market Store Best Practice “The Rakuten Merchant Package for SEO will aid in improving the visibility of your store in search.” Getting Started.

SDLS Protocol Green Book initiation Ignacio Aguilar Sanchez (ESA) CCSDS Spring Meeting 2010 | Portsmouth, VA.

California Department of Public Health / 1 CALIFORNIA DEPARTMENT OF PUBLIC HEALTH Standards and Guidelines for Healthcare Surge during Emergencies How.

OCR Nationals ICT – Unit 4 Task 2 Task Overview You will be creating a design for your product including all relevant details regarding what it will contain.

NH Department of Education Developing the School Improvement Plan Required by NH RSA 193-H and Federal Public Law for Schools in Need of Improvement.

M253 Students Study Guide Mrs. Fatheya Al Mubarak – AOU Dammam.

September 2009 Dr. Markus Mackenbrock 1 The use of Common Criteria for the German Health System Dr. Markus Mackenbrock Bundesamt für Sicherheit in der.

Cooperative Education Unit PGCHE Class 2016 Sophia Shuungula and Martha Namutuwa Industry Liaison Officers 19 May 2016.

WJEC Eduqas GCSE (9-1) in HISTORY For teaching from 2016

Understanding Standards: An overview of course assessment

Creating Skills-Based Job Postings: An Overview Guide

Legal Skills 411 Presented by: Chantelle H Louw.

Final Year Project Guidelines

Carleton Content Management System (CCMS)

Actuaries Climate Index™

Coastal Carolina University

CAPE Internal Assessment

SDLS Protocol Green Book initiation

Goal Chart 1 Complete a Generic Grant Application Select the grant

5 Tips For Better And Quicker Web Research Services - Damco Solutions

Actuaries Climate Index™

Crowd Simulation (INFOMCRWS) - Course Introduction

CSEC Physics Workshop- SBA

Introduction to Policies and Procedures Toolkit

Essentials of Oral Defense (English/Chinese Translation)

EER Assurance December 2018

Note: Text displayed in blue italics is included to provide guidance to the author and should be deleted or hidden before publishing the document.

Writing reports Wrea Mohammed

GPP Training Toolkit An Introduction European Commission

Understanding Standards Religious, Moral and Philosophical Studies

What is a WebQuest? Guided search for information

Changing How We Communicate Quality and Methods to Our Users

Language B syllabus outline

Now Buy Best External Door Hardware from Doorhardware

MANUFACTURING DISASTER RECOVERY PLAN

Presentation transcript:

Guideline for Developer Documentation Christian Krause 8th ICCC / September 26th, 2007 Federal Office for Information Security

Christian KrauseSeptember 26th, 2007 Folie 2  CEM contains detailed requirements regarding the developer evidence  Therefore developers who intend to get involved in a CC evaluation has to consult the CEM What makes the use of the CC/CEM for developer difficult?

Christian KrauseSeptember 26th, 2007 Folie 3  Structure and content of the CEM has been optimised to serve as an evaluation directive for evaluators  That makes the use of the CEM for developers in particular with less CC experience difficult What makes the use of the CC/CEM for developer difficult?

Christian KrauseSeptember 26th, 2007 Folie 4 A lot of information is only relevant for the evaluation, but not for the preparation of the developer evidence  ADV: Evaluator analyses regarding accuracy  Requirements regarding site visits  ATE_IND  AVA_VAN  Guidance on sampling strategies ... What makes the use of the CC/CEM for developer difficult?

Christian KrauseSeptember 26th, 2007 Folie 5 The motivation of the requirements is not obvious in any case  What’s the use of so much paper work? The navigation is circumstantially for developers  e. g. developers has to consult the CC for the assurance component corresponding to the chosen EAL and then search in the CEM for the right requirements What makes the use of the CC/CEM for developer difficult?

Christian KrauseSeptember 26th, 2007 Folie 6 To ease the adoption of the CC for developers with less CC experiences, BSI has issued a Guideline for Developer Documentation  Covering all assurance components up to EAL5 (without classes ASE/APE which are considered in a separate ST/PP Guide) Developer Guideline

Christian KrauseSeptember 26th, 2007 Folie 7 Assurance Components addressed in the Guideline

Christian KrauseSeptember 26th, 2007 Folie 8 The Guideline offers assistance to developers by  extracting the information regarding the developer evidence from the CC/CEM,  structuring the information customised for the developer needs,  explanation of the context and background,  examples and  a sample document structure with explanations for the use as template for the developer documentation Content and Structure of the Developer Guideline

Christian KrauseSeptember 26th, 2007 Folie 9  Short Introduction to CC/CEM with overview of assurance classes  Explanation of the differences between the EALs  What does a higher EAL mean for  developer  evaluator  customer  Description of the additional requirements from an EAL to the next higher EAL Introduction to CC and CEM

Christian KrauseSeptember 26th, 2007 Folie 10 Introduction to CC and CEM Example:

Christian KrauseSeptember 26th, 2007 Folie 11 Extracted Requirements for developer evidence  Requirements for developer evidence  labelled with colours for simple navigation  extract of requirements that have to be fulfilled by the developer  prepared in an order suitable from a developer’s view  explanation of related evaluator actions

Christian KrauseSeptember 26th, 2007 Folie 12 Extracted Requirements for developer evidence Example:

Christian KrauseSeptember 26th, 2007 Folie 13 Explanation of the context If reasonable additional information is given in a structured form  Background  Elucidation of the background  Note  Hint for developer  Role in the evaluation process  Explanation of the role in the evaluation process (What is the goal of the requirement?)  Examples  Depict how a requirement could be fulfilled

Christian KrauseSeptember 26th, 2007 Folie 14 Explanation of the context Example:

Christian KrauseSeptember 26th, 2007 Folie 15 Explanation of the context Example:

Christian KrauseSeptember 26th, 2007 Folie 16 Sample Document Structure with explanations  Can be used by developers as template for the preparation of developer documentation  Is a possibility to simplify evaluations by providing a standard structure for developer documentation Sample Document Structure

Christian KrauseSeptember 26th, 2007 Folie 17 Sample Document Structure Example (1):

Christian KrauseSeptember 26th, 2007 Folie 18 Sample Document Structure Example (2):

Christian KrauseSeptember 26th, 2007 Folie 19 Guideline for Developer Documentation  Download

Christian KrauseSeptember 26th, 2007 Folie 20 Contact Bundesamt für Sicherheit in der Informationstechnik (BSI) Christian Krause Godesberger Allee Bonn Tel: +49 (0) Fax: +49 (0)