600.436 High-Assurance Systems
Fall 01/Development Process Assurance
13
Advanced
Support
¨Developer shall
use a CM system
–That
shall require that the person responsible for accepting a configuration item
into CM is not the person who
developed it.
–That shall clearly
identify the configuration items comprising TSF.
–That shall support the audit of all modifications to the TOE,
including as a minimum the originator,
date, and time in the audit trail.
–That shall be able
to identify the master copy of all material used to generate the TOE.
¨Developer shall
provide CM documentation (that)
–(In addition to configuration list, CM Plan, and acceptance plan)
shall include integration procedures
describing how the CM system is applied in the TOE manufacturing process
–Shall demonstrate
that
•use of the CM system, together with the development security measures,
allow only authorised changes to
be made to the TOE
•use of the integration procedures ensures that the generation of the
TOE is correctly performed in an
authorised manner
•CM system is
sufficient to ensure that the person responsible for accepting a configuration
item into CM is not the person who
developed it.
–Shall
justify that the acceptance procedures provide for an adequate and appropriate
review of changes to all
configuration items.