| (I) A system test, often part of system certification, in which
evaluators attempt to circumvent the security features of the
system. [NCS04]
(C) Penetration testing may be performed under various constraints
and conditions. However, for a TCSEC evaluation, testers are
assumed to have all system design and implementation
documentation, including source code, manuals, and circuit
diagrams, and to work under no greater constraints than those
applied to ordinary users.
|
