scope:

Use/Relationship: The purpose of the Security Evaluation Document (SED) is to provide information about the architectural design of an Information Assurance (IA) product and its intended detailed implementation throughout the development/design of the product. Sufficient detail is provided to determine adequacy of the design and ensure that appropriate system security requirements are met, while performing failsafe analysis of unauthorized events upon a system as well as analysis of covert channels and anti-tamper design. The SED is used to support security evaluations, and is a combination of previously used evaluation documentation that included Covert Channel Analysis Report (CCA), Theory of Design and Operation (TDO), Theory of Compliance (TOC), and Fail-Safe Design and Analysis (FSDA).

This Data Item Description (DID) is applicable to IA systems and is related to the system security requirements supplied with the contract that references US Information Security (INFOSEC) Systems C Technical Report 02-00, and the Unified INFOSEC Criteria or the Information Assurance Security Requirements Directive (IASRD).

This DID contains the format and content preparation instructions for the data product generated by the specific and discrete task requirements as delineated in the contract.

This DID consolidates and supersedes the following documents:

• DI-MISC-81345A, Covert Channel Analysis Report

• DI-MISC-81608, Theory of Design and Operation (TDO)

• DI-MISC-81609, Theory of Compliance (TOC)

• DI-MISC-81692, Fail-Safe Design and Analysis (FSDA)