600.436
High-Assurance Systems
Fall 01/Introduction
12
Some System Constraints
¨Because there is minimal, or no,
theoretical foundation for assurance, requirements for specific
processes can’t be justified in security assurance standards
¨As a result, standards (CC/CEM or
SSE-CMM),
focus on specifying documentation and activities that must be present in whatever process
is used by subscribing participants