600.436 High-Assurance Systems
Fall 01/Introduction
12
Some System Constraints
¨Because there is minimal, or no, theoretical foundation for assurance, requirements for specific processes can’t be justified in security assurance standards
¨As a result, standards (CC/CEM or SSE-CMM), focus on specifying documentation and activities that must be present in whatever process is used by subscribing participants