Compositional security certification methodology

The compositional security certification methodology as presented in this document is the certification approach to be used in the scope of MILS security evaluations and certifications. The approach also provides means to integrate/compose compliant and certified components. It briefly presents the different options for certification regarding the structure of the composition, including specific information covering Common Criteria and IEC 62443. Concrete requirements for developers and methodology for evaluators is given so that the evaluation and certification process is supported through the use of this document, in addition to the requirements and methodology existent for both Common Criteria and IEC 62443. An assurance continuity approach is followed in order to allow the certificate maintenance remain while analyzing the patch management carried out by developers to their composite products.