 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ |
The
developer security analyst shall, for the current
|
|
|
|
version
of the TOE, provide a security impact analysis
|
|
|
|
that
covers all changes affecting the TOE as compared
|
|
|
with
the certified version (which shall):
|
|
|
|
– |
identify
the certified TOE from which the current version of
|
|
|
|
the
TOE was derived
|
|
|
|
– |
identify
all new and modified TOE components that are
|
|
|
categorised
as TSP-enforcing
|
|
|
|
– |
for
each change affecting the security target or TSF
|
|
|
|
representations
|
|
|
|
• |
briefly
describe the change and any effects it has on lower
|
|
|
|
representation
levels
|
|
|
|
• |
identify
all IT security functions and all TOE components
|
|
|
|
categorised
as TSP-enforcing that are affected by the change
|
|