VALIDATION REPORT Primavera® P6™ Enterprise Project Portfolio Management (Version 6.2.1)
The details of the evaluation are recorded in the Evaluation Technical Report (ETR), which is controlled by the SAIC CCTL. The security assurance requirements are listed in the following table:
TOE Security Assurance Requirements
Assurance Component ID ADV_ARC.1 ADV_FSP.4 ADV_IMP.1 ADV_TDS.3 AGD_OPE.1 AGD_PRE.1 ALC_CMC.4 ALC_CMS.4 ALC_DEL.1 ALC_DVS.1 ALC_LCD.1 ALC_TAT.1 ATE_COV.2 ATE_DPT.2 ATE_FUN.1 ATE_IND.2 AVA_VAN.3
Assurance Component Name Security architecture description Complete functional specification Implementation representation of the TSF Basic modular design Operational user guidance Preparative procedures Production support, acceptance procedures and automation Problem tracking CM coverage Delivery procedures Identification of security measures Developer defined life-cycle model Well-defined development tools Analysis of coverage Testing: security enforcing modules Functional testing Independent testing – sample Focused vulnerability analysis
Primavera is dependent on the correct operation of the TOE environment, which is not included within the scope of the evaluation. This includes the underlying operating system and database management system. It is important that these components be assessed when determining the overall system security posture.
The ST for this product’s evaluation is Primavera® P6™ Enterprise Project Portfolio Management (Version 6.2.1) Security Target, Version 1.2.5, dated 6 July 2009.