600.436 High-Assurance
Systems
Fall 01/System Security Realization
15
Semiformal High-level Explanation
¨Same
as semiformal HLD, plus
–The high-level
design shall justify that the identified
means of achieving separation, including
any protection mechanisms, are sufficient
to ensure a clear and effective separation
of TSP-enforcing from non-TSP-enforcing
functions.
–The high-level design shall justify that the TSF mechanisms are sufficient to implement the security functions identified in the high-level design.