600.436 High-Assurance
Systems
Fall 01/Protection Profiles
20
Rationale
¨Link
TSP Model to ST
–ST
Security Functional Requirements define explicit policies that must be
modeled
¨Show
that all policies that can be modeled are completely modeled
¨Show
that SPM is consistent with the policies that can, and have, been
modeled
–Granularity of policy matches granularity of ST Security
Functional Requirements