600.436 High-Assurance Systems
Fall 01/Protection Profiles
20
Rationale
¨Link TSP Model to ST
–ST Security Functional Requirements define explicit policies that must be modeled
¨Show that all policies that can be modeled are completely modeled
¨Show that SPM is consistent with the policies that can, and have, been modeled
–Granularity of policy matches granularity of ST Security Functional Requirements