600.436 High-Assurance Systems
Fall 01/Development Process Assurance
43
Sampling of Security Impact Analysis
¨The developer security analyst shall, for the current version of the TOE, provide a security impact analysis that covers all changes affecting the TOE as compared with the certified version (which shall):
–identify the certified TOE from which the current version of the TOE was derived
–identify all new and modified TOE components that are categorised as TSP-enforcing
–for each change affecting the security target or TSF representations
•briefly describe the change and any effects it has on lower representation levels
•identify all IT security functions and all TOE components categorised as TSP-enforcing that are affected by the change