ISCI-WG1: Lean CC and High Assurance—The Java Card Pre-Compiled Evidence Project (S31c)
Making the application of CC more lean to meet the current business requirements is an objective of ISCI-WG1. One of projects is the introducing of “Java Card pre-compiled evidence” intended to create standardized evaluation deliverables. This dedicated area was chosen to verify whether redundancy can be removed from the assurance requirements CC part 3 and CEM. The intention is to make it easier for developer, lab and scheme to show complete and correct fulfillment of these requirements in less time with the same quality. The insight is that the input to the evaluation (PP defining the SFRs, FSP and test cases) is always industry standard and fixed, so the output from developers can be standard and fixed too: no TOE-specific aspects are used to verify the accuracy of the mapping of the SFRs to test cases for example. This presentation will explain how a CC evaluation with pre-compiled evidence can work for a well-known well-accepted industry standard. The speakers will demonstrate that the same level of high-assurance is achieved as during a regular CC evaluation. The speakers will show what the efficiency gain will be and what makes this approach work.