Details
- Part of collection
- Publication date
- 31 January 2024
- Author
- European Union Agency for Cybersecurity
- Type of Documents
- State-of-the-art Documents
- Certification Schemes
- ICT Solutions
- Hardware, Software and Components
Description
The Common Evaluation Methodology (CEM) describes in ALC_DVS family what the evaluator has to examine with regard to developer security but does not define the minimum site security requirements (MSSR). The evaluator is responsible to determine an acceptable set of security measures. The purpose of this state-of-the-art document supporting the EUCC scheme is to define a set of minimum requirements that a developer shall meet and that an evaluator is able to verify during any type of evaluation under the EUCC scheme in order to ensure compliance with ALC_DVS.1 and ALC_DVS.2 in a manner consistent with today’s standard practices for evaluations requiring an attack potential associated with AVA_VAN.5.
The requirements set in this state-of-the-art document are “minimum” in the sense that:
- all developers have to implement the controls and related security measures defined in this document;
- additional requirements could apply to meet the protection needs of the TOE.