Abstract
ISO15408 is an international standard for security evaluation which defines how to design and evaluate the security functions of an information system or a system component. To obtain ISO15408 certification, the system maker has to present an independent evaluation facility with all security-related materials produced in the system development. As the materials should be well organized to be evaluated by the third party, this additional procedure inevitably increase the development cost. To deal with this problem, we set some rules in the development process and developed a document management system. When a developer writes a design document, the developer marks the security-related part in the document with some information to denote how this part is related in the whole security function. The document management system analyze the marks and organizes the materials automatically. In this paper we show how this management system works.
