Requirements and assumptions, What is a cc compliant system – Kanguru Common Criteria Evaluated v1.21 User Manual

8

2. Requirements and Assumptions

2.1 What is a CC compliant system?

A system can be considered to be “CC compliant” if it matches an evaluated and certified configuration.

This implies various requirements concerning hardware and software, as well as requirements concerning

the operating environment, users, and the ongoing operating procedures.

Strictly speaking, an evaluation according to the CC represents the results of investigation of the security

properties of the target system according to defined guidelines. It must not be considered as a guarantee

for fitness for any specific purpose, but will provide help in deciding the suitability of the system

considering how well the intended use fits the described capabilities. It is intended to provide a level of

assurance about the security functions that have been examined by a neutral third party.

The software MUST match the evaluated configuration. In the case of the Defender Family, this also

requires that the installed supporting software (UKLA and KRMC) are the same. The documentation

(including this guide) will specify permitted variations, such as modifying certain configuration files and

settings.

Note: KLA and UKLA are one and the same and are used interchangeably with each other in the

document.

Stated requirements concerning the operating environment MUST be met. They are linked to the

assumptions made in the Security Target.

Typical requirements are restrictions concerning permitted network connections (for the administrative

access) and usage scenarios.

The operation of the system MUST be in agreement with defined organizational security policies, to

ensure that actions by administrators and users do not undermine the system’s security.

Requirements and Assumptions