![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0059: How Much Testing Is Required At EAL2?
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-08-13 |
| Last Modified | 2006-08-02 |
Issue
Does the CC at EAL2 call for complete testing by the developer? If so, is it done by the developer or the evaluator, or does the evaluator "make up" for testing deficiencies of the developer so that the entire TSFI is tested?
Resolution
The CC does not call for complete testing at EAL2.
Support
CEM 1.0 EAL2: ATE_COV.1 paragraph 787 states that the coverage analysis provided by the developer is required to show the correspondence between the tests provided as evaluation evidence and the functional specification. However, the coverage analysis needs not demonstrate that all security functions have been tested, or that all external interfaces to the TSF have been tested. Such, shortcomings are considered by the evaluator during the independent testing (ATE_IND.2) sub-activity.
In CEM 1.0 EAL2: ATE_COV.1.1E paragraph 793 and associated Figure 6.2, SF-3 does not have tests attributed to it; therefore, coverage with respect to the functional specification is incomplete. Incomplete coverage, however, will not impact the verdict of this sub-activity as the coverage evidence does not have to show complete coverage of the security functions identified in the functional specification.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- ALFWPPv1.c
Related NIs:
- None
Related CCIMB-INTERPs:
- CCIMB-INTERP-0028: Test Sampling
Source OD: 0088