Star Methodology

The assurance class ALC “Life-cycle support” is addressing the aspect of establishing appropriate security controls and mechanisms at the developer’s sites for the development, production, delivery and maintenance of the TOE. For some ALC assurance components (in particular for high assurance evaluations) the evaluator activities for this class usually include an on-site evaluation of these security controls and mechanisms. The security controls and mechanisms documented and implemented by the site are often applicable to other TOEs of the same developer and also from other developers, especially where the TOE follows the same life-cycle support processes.

The “Site Technical Audit Report” (STAR) is designed to contain and provide the necessary information to support re-use of ALC-related evaluation evidences and results across (similar) TOEs and between ITSEFs and CBs.

The STAR methodology template provided below is recommended for use.