600.436 High-Assurance Systems
Fall 01/Development Process Assurance
43
Sampling of
Security Impact Analysis
¨The developer
security analyst shall, for the current version of the TOE, provide a security impact
analysis that covers all
changes affecting the TOE as compared with the certified version (which shall):
–identify the certified TOE from which the current version of the TOE was derived
–identify all new and
modified TOE components that are categorised
as TSP-enforcing
–for each change affecting the security target or TSF representations
•briefly describe the change and any effects it has on lower representation levels
•identify all IT security functions and all TOE components categorised as TSP-enforcing that are affected by the
change