NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0083:  Vulnerability Survey Assurance Component (AVA_VAN.1) in PSS PP v3.0

Publication Date
2016.02.29

Protection Profiles
PP_PSS_V3.0

Other References

Issue Description

The Protection Profile for Peripheral Sharing Switch Version 3.0 omitted the AVA_VAN.1 “Vulnerability Survey” assurance component. However, this component is needed and being added with this technical decision.

Resolution

AVA_VAN.1 “Vulnerability Survey” assurance component is included in the PSS PP v3.0.

 

In the TOE Security Assurance Requirements, adding:

Assurance Class Assurance Components Assurance Components Description
Vulnerability Assessment AVA_VAN.1 Vulnerability analysis

 

Adding Section 4.2.25 AVA_VAN.1,

Vulnerability Survey Developer action elements:

AVA_VAN.1.1D

The developer shall provide the TOE for testing.

Content and presentation elements:

AVA_VAN.1.1C

The TOE shall be suitable for testing.

Evaluator action elements:

AVA_VAN.1.1E

The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.

AVA_VAN.1.2E

The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the TOE.

AVA_VAN.1.3E

The evaluator shall conduct penetration testing, based on the identified potential vulnerabilities, to determine that the TOE is resistant to attacks performed by an attacker possessing Basic attack potential.

Justification

AVA_VAN.1 is being included for compliance with the CEM. See CC v3.1 Release 4, Part 3: Security Assurance Requirements.

 
 
Site Map              Contact Us              Home