Table 14.

Enhanced generics representing assumptions.

Prefix, mnemonic	Description
Assumptions related to the TOE operational environment
APR.IntendedUse	The TOE will be used to perform a task or function for which it was designed by [Sparam].
APR.TrustAdmin	One or more authorized administrators [Sparm] are assigned who are competent to manage the TOE and the security of the information it contains, and who can be trusted not to deliberately abuse their privileges so as to undermine security.
Assumptions related to the site processes (considered optionally)
APR.Development	Sensor developers [Sparam] must ensure that the assignment of responsibilities during the development is done in a manner which maintains IT security.
APR.Manufacturing	Sensor manufacturers [Sparam] must ensure that the assignment of responsibilities during manufacturing is done in a manner which maintains IT security, and that during the manufacturing process the sensor is protected against physical attacks which might compromise IT security. All testing facilities for the manufacturing phase (test points, commands) should be removed or disabled before delivery.
APR.Delivery	Sensor manufacturers, fitters, workshops [Sparam] must ensure that handling of the sensor is done in a manner which maintains IT security.
APR.SecDataGenAlgor	Security data generation algorithms must be accessible to authorized and trusted persons only [Sparam].
APR.SecDataInsert	Security data [Dparam] must be generated, transported, and inserted into the sensor, in such a way to preserve its appropriate confidentiality and integrity by the authorized [Sparam].
APR.ApprovedWorkshops	Installation, calibration and repair of the sensor and its monitoring unit must be carried out by trusted and approved fitters or workshops by the authorized [Sparam].
APR.SoftwareUpgAnal	Software revisions must be granted security certification before they can be implemented in the sensor. There is no way to analyze or debug software in the field.