On Tue, 19 Dec 2006 09:14:03 CST, Klaus Weidner said: > In addition to what Steve said, keep in mind that "EAL4" refers to the > assurance level which covers a lot of things other than the software > implementation itself, for example testing, high- and low-level design > documents, configuration management, delivery & operation, flaw > remediation, vulnerability analysis and more, so it would be > inappropriate to say that "SELinux" meets the requirements. You need to > consider the developer (Red Hat) and the sponsor (who usually provides > additional testing and documents) also.
And then there's after-certification maintenance to deal with. And since I'm an idiot, can anybody hand me a pointer to the CC/EAL equivalent of the old NCSC 'Rating Maintenance Phase' document (NCSC-TG-013 - the horribly pink part of the old Rainbow Series)?
pgp9YQuUe3Bdr.pgp
Description: PGP signature
-- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
