600.436 High-Assurance
Systems
Fall 01/System Security Realization
53
Informal Correspondence
¨The developer shall provide an
analysis of correspondence
between all adjacent pairs of TSF representations that are provided.
¨For each adjacent pair of
provided TSF representations,
the analysis shall demonstrate that all relevant security functionality of the more abstract TSF representation
is correctly and
completely refined in the less abstract TSF representation.