600.436 High-Assurance Systems
Fall 01/Development Process Assurance
13
Advanced Support
¨Developer shall use a CM system
–That shall require that the person responsible for accepting a configuration item into CM is not the person who developed it.
–That shall clearly identify the configuration items comprising TSF.
–That shall support the audit of all modifications to the TOE, including as a minimum the originator, date, and time in the audit trail.
–That shall be able to identify the master copy of all material used to generate the TOE.
¨Developer shall provide CM documentation (that)
–(In addition to configuration list, CM Plan, and acceptance plan) shall include integration procedures describing how the CM system is applied in the TOE manufacturing process
–Shall demonstrate that
•use of the CM system, together with the development security measures, allow only authorised changes to be made to the TOE
•use of the integration procedures ensures that the generation of the TOE is correctly performed in an authorised manner
•CM system is sufficient to ensure that the person responsible for accepting a configuration item into CM is not the person who developed it.
–Shall justify that the acceptance procedures provide for an adequate and appropriate review of changes to all configuration items.