Nortel Networks 7.05 Guidance Documentation, Life Cycle Support Documents, Tests, Page 64 of

Corresponding CC Assurance Components:

Functional Specification with Complete Summary

Security-Enforcing High-Level Design

Descriptive Low-Level Design

Implementation of the TSF

Informal TOE Security Policy Model

Informal Representation Correspondence

8.6.2.4Guidance Documentation

The Nortel Guidance documentation provides administrator and user guidance on how to securely operate the TOE. The Administrator Guidance provides descriptions of the security functions provided by the TOE. Additionally, it provides detailed accurate information on how to administer the TOE in a secure manner and how to effectively use the TSF privileges and protective functions. The User Guidance provided directs users on how to operate the TOE in a secure manner. Additionally, User Guidance explains the user-visible security functions and how they are to be used and explains the user’s role in maintaining the TOE’s Security. Nortel provides single versions of documents which address the administrator Guidance and User Guidance; there are no separate guidance documents specifically for non-administrator users of the TOE.

Corresponding CC Assurance Components:

Administrator Guidance

User Guidance

8.6.2.5Life Cycle Support Documents

The Life Cycle Support documentation describes all the physical, procedural, personnel, and other security measures that are necessary to protect the confidentiality and integrity of the TOE design and implementation in its development environment. It provides evidence that these security measures are followed during the development and maintenance of the TOE. It provides evidence that these security measures are followed during the development and maintenance of the TOE. The flaw remediation procedures addressed to the TOE developers are provided and so are the established procedures for accepting and acting upon all reports of security flaws and requests for corrections of those flaws. The flaw remediation guidance addressed to TOE users is provided. The description also contains the procedures used by Nortel to track all reported security flaws in each release of the TOE. The established life-cycle model to be used in the development and maintenance of the TOE is documented and explanation on why the model is used is also documented. The selected implementation-dependent options of the development tools are described.

Corresponding CC Assurance Components:

Identification of Development Security Measures

Flaw Reporting Procedures

Developer Defined Life Cycle Model

Well-defined Development Tools

8.6.2.6Tests

There are a number of components that make up the Test documentation. The Coverage Analysis demonstrates the testing performed against the functional specification. The Coverage Analysis demonstrates the correspondence between the tests identified in the test documentation and the TSF as described in the functional specification. The depth analysis demonstrates that the tests identified in the test documentation are sufficient to demonstrate that the TSF operates in accordance with its high-level design and low-level design. Nortel Test Plans and Test Procedures, which detail the overall efforts of the testing effort and break down the specific steps taken by a tester, are also provided. The Independent Testing documentation provides an equivalent set of resources to those that were used in the developer’s functional testing.