X hits on this document

PDF document

National Information Assurance Partnership - page 15 / 16

33 views

0 shares

0 downloads

0 comments

15 / 16

VALIDATION REPORT Primavera® P6™ Enterprise Project Portfolio Management (Version 6.2.1)

The details of the evaluation are recorded in the Evaluation Technical Report (ETR), which is controlled by the SAIC CCTL. The security assurance requirements are listed in the following table:

TOE Security Assurance Requirements

Assurance Component ID ADV_ARC.1 ADV_FSP.4 ADV_IMP.1 ADV_TDS.3 AGD_OPE.1 AGD_PRE.1 ALC_CMC.4 ALC_CMS.4 ALC_DEL.1 ALC_DVS.1 ALC_LCD.1 ALC_TAT.1 ATE_COV.2 ATE_DPT.2 ATE_FUN.1 ATE_IND.2 AVA_VAN.3

Assurance Component Name Security architecture description Complete functional specification Implementation representation of the TSF Basic modular design Operational user guidance Preparative procedures Production support, acceptance procedures and automation Problem tracking CM coverage Delivery procedures Identification of security measures Developer defined life-cycle model Well-defined development tools Analysis of coverage Testing: security enforcing modules Functional testing Independent testing sample Focused vulnerability analysis

10

Validator Comments/Recommendations

Primavera is dependent on the correct operation of the TOE environment, which is not included within the scope of the evaluation. This includes the underlying operating system and database management system. It is important that these components be assessed when determining the overall system security posture.

11

Annexes

Not applicable.

12

Security Target

The ST for this product’s evaluation is Primavera® P6™ Enterprise Project Portfolio Management (Version 6.2.1) Security Target, Version 1.2.5, dated 6 July 2009.

11

Document info
Document views33
Page views33
Page last viewedSat Dec 03 05:20:28 UTC 2016
Pages16
Paragraphs325
Words4531

Comments