Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Crown Copyright (2000) Module 2.5 Operational Environment.

Published byJuan Willis Modified over 10 years ago

Similar presentations

Presentation on theme: "© Crown Copyright (2000) Module 2.5 Operational Environment."— Presentation transcript:

1 © Crown Copyright (2000) Module 2.5 Operational Environment

2 You Are Here M2.1 Requirements M2.2 Development Representations M2.3 Functional Testing M2.4 Development Environment M2.5 Operational Environment M2.6 Vulnerability Analysis M2.7 Penetration Testing M2.8 Assurance Maintenance/Composition MODULE 2 - ASSURANCE

3 Introduction Analysis of how the TOE should be operated in practice –Operational Guidance –Delivery –Installation, Generation and Start-up Operational Environment Visit

4 Operational Guidance User documentation –how do I change my password ? –how do I shutdown ? Administration documentation –adding a user –changing minimum password lengths

5 Delivery Customer receives the TOE –has it been tampered with? –is it the right one? –how is this checked?

6 Installation, Generation and Start-up Install and generate the TOE –is it configured securely ? Start the TOE –has it started up securely ?

7 ITSEC Requirements

8 CC requirements

9 Evaluation Reporting Examination of documentation –show how & where requirements satisfied Site visit ? –staff interviewed –evidence inspected

10 Summary Operational Guidance Delivery Installation, Generation and Start-up

11 Further Reading ITSEC Evaluation UKSP 05 Part III, Chapters 9 - 10 CC Evaluation CC Part 3, Sections 2.6.2, 2.6.4, 9 and 11 CEM Part 2, Chapters 5-8 (ADO and AGD sections)

12 Exercise 1 - Guidance Function 1: The TOE shall uniquely identify and authenticate users. Function 2: The TOE shall allow a subject with an access right the ability to extend that access right to another subject. Function 3: The TOE shall not echo passwords to the screen. Function 4: The TOE shall provide tools to examine the accounting logs for the purpose of audit.

13 Exercise 1 - Guidance (Continued) Function 5: The TOE shall clear a screen of data when the user logs out and when the workstation is locked due to a period of inactivity. Function 6: The TOE shall permit a configurable number of consecutive log-on attempts. Function 7: The TOE shall ensure that passwords are changed at least every 6 months. Function 8: The TOE can completely deny users or groups of users access to an object.

Download ppt "© Crown Copyright (2000) Module 2.5 Operational Environment."

Similar presentations

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.
Module N° 3 – ICAO SARPs related to safety management

Module N° 3 – ICAO SARPs related to safety management
HND Global Trade and Business Graded Units 1 and 2

HND Global Trade and Business Graded Units 1 and 2
© Crown Copyright (2000) Module 2.3 Functional Testing.

© Crown Copyright (2000) Module 2.3 Functional Testing.
16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition.

16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition.
© Crown Copyright (2000) Module 2.4 Development Environment.

© Crown Copyright (2000) Module 2.4 Development Environment.
© Crown Copyright (2000) Module 3.1 Evaluation Process.

© Crown Copyright (2000) Module 3.1 Evaluation Process.
Security Requirements

Security Requirements
© Crown Copyright (2000) Module 2.0 Introduction to Module 2.

© Crown Copyright (2000) Module 2.0 Introduction to Module 2.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
© Crown Copyright (2000) Module 3.2 Evaluation Management.

© Crown Copyright (2000) Module 3.2 Evaluation Management.
© Crown Copyright (2000) Module 2.7 Penetration Testing.

© Crown Copyright (2000) Module 2.7 Penetration Testing.
© Crown Copyright (2000) Module 2.2 Development Representations.

© Crown Copyright (2000) Module 2.2 Development Representations.
Steigers Corporation Compliance Management System.

Steigers Corporation Compliance Management System.
Service Access Management Tool Tour: Contract Number

Service Access Management Tool Tour: Contract Number
Extended DISC Online System User Instruction: How to Generate Reports

Extended DISC Online System User Instruction: How to Generate Reports
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.

Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
A Brief Description on School Student Helpline (Sampark Online)

A Brief Description on School Student Helpline (Sampark Online)
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

Similar presentations

Ads by Google