600.436 High-Assurance Systems
Fall 01/System Security Realization
53
Informal Correspondence
¨The developer shall provide an analysis of correspondence between all adjacent pairs of TSF representations that are provided. ¨For each adjacent pair of provided TSF representations, the analysis shall demonstrate that all relevant security functionality of the more abstract TSF representation is correctly and completely refined in the less abstract TSF representation.