Multi Assurance/Assurance Profiles Evaluation Paradigm: Modularity and Composition Models in CC: 2022 (L20a)
CC:2022 Release 1 includes substantial changes compared to the former versions. One of the most important is the inclusion of the new modularity and composition models.
Modularity and composition could be applicable either to the evaluation process resulting in different targets of evaluation (TOEs) or directly to the security requirements within a single TOE.
Modularity of the evaluation process consists of dividing a product into different parts or targets of evaluation (TOEs) and evaluate the complete product using a composition mechanism (the ACO assurance class or the _COMP assurance components).
Modularity of security requirements within a single TOE would be addressed by using mechanisms such as functional/assurance packages, Base-PP and PP-modules in PP-configurations, the new multi-assurance evaluation paradigm and structuring of functional and assurance requirements in dedicated subsections dependent on their purpose.
This talk will dive into the Multi-assurance/Assurance profiles approaches in CC comparing them with other methodologies. Guidelines for composition activities are addressed as a supporting method for the reuse of results between security evaluations of different scope.