Bijzonderheden
- Part of collection
- Datum publicatie
- 31 januari 2024 (Laatste update: 19 december 2025)
- Auteur
- Agentschap van de Europese Unie voor cyberbeveiliging
- Type of Document
- State-of-the-art Documents
- Certification Scheme
- ICT Solution
- Hardware, Software and Components
Beschrijving
The Common Evaluation Methodology (CEM) describes in ALC_DVS family what the evaluator has to examine with regard to developer security but does not define the minimum site security requirements (MSSR). The evaluator is responsible to determine an acceptable set of security measures. The purpose of this state-of-the-art document supporting the EUCC scheme is to define a set of minimum requirements that a developer shall meet and that an evaluator is able to verify during any type of evaluation under the EUCC scheme in order to ensure compliance with ALC_DVS.1 and ALC_DVS.2 in a manner consistent with today’s standard practices for evaluations requiring an attack potential associated with AVA_VAN.5.
The requirements set in this state-of-the-art document are “minimum” in the sense that:
- all developers have to implement the controls and related security measures defined in this document;
- additional requirements could apply to meet the protection needs of the TOE.
It is recommended that developers, in order to prepare the audits, fill the checklist provided below that has been mapped to MSSR v2 (draft).
