【免费】ISO_IEC_15408-1资源-CSDN文库

ISO_IEC_15408-1

4星 · 超过85%的资源需积分: 0 11 浏览量 2011-03-25 11:02:57 上传评论收藏 727KB PDF 举报

资源推荐

资源详情

资源评论

Reference number

ISO/IEC 15408-1:2005(E)

ISO/IEC 2005

INTERNATIONAL

STANDARD

ISO/IEC

15408-1

Second edition

2005-10-01

Information technology — Security

techniques — Evaluation criteria for IT

security —

Part 1:

Introduction and general model

Technologies de l'information — Techniques de sécurité — Critères

d'évaluation pour la sécurité TI —

Partie 1: Introduction et modèle général

Contents Page

Foreword .............................................................................................................................................................v

Introduction.......................................................................................................................................................vii

1 Scope......................................................................................................................................................1

2 Terms and definitions .......................................................................................................................... 2

3 Symbols and abbreviated terms..........................................................................................................7

4 Overview.................................................................................................................................................8

4.1 Introduction............................................................................................................................................8

4.1.1 Target audience of ISO/IEC 15408 .......................................................................................................8

4.2 Evaluation context.................................................................................................................................9

4.3 Organisation of ISO/IEC 15408...........................................................................................................10

5 General model......................................................................................................................................11

5.1 Security context...................................................................................................................................11

5.1.1 General security context.....................................................................................................................11

5.1.2 Information technology security context..........................................................................................13

5.2 ISO/IEC 15408 approach .....................................................................................................................13

5.2.1 Development........................................................................................................................................13

5.2.2 TOE evaluation ....................................................................................................................................15

5.2.3 Operation..............................................................................................................................................15

5.3 Security concepts................................................................................................................................16

5.3.1 Security environment..........................................................................................................................17

5.3.2 Security objectives..............................................................................................................................18

5.3.3 IT security requirements.....................................................................................................................18

5.3.4 TOE summary specification...............................................................................................................19

5.3.5 TOE implementation............................................................................................................................19

5.4 ISO/IEC 15408 descriptive material ...................................................................................................19

5.4.1 Expression of security requirements................................................................................................19

5.4.2 Types of evaluation.............................................................................................................................24

6 ISO/IEC 15408 requirements and evaluation results.......................................................................25

6.1 Introduction..........................................................................................................................................25

6.2 Requirements in PPs and STs ...........................................................................................................25

6.2.1 PP evaluation results ..........................................................................................................................26

6.3 Requirements in TOE..........................................................................................................................26

6.3.1 TOE evaluation results........................................................................................................................26

6.4 Conformance results...........................................................................................................................26

6.5 Use of TOE evaluation results ...........................................................................................................27

Annex A (normative) Specification of Protection Profiles............................................................................29

A.1 Overview...............................................................................................................................................29

A.2 Content of Protection Profile .............................................................................................................29

A.2.1 Content and presentation...................................................................................................................29

A.2.2 PP introduction....................................................................................................................................30

A.2.3 TOE description...................................................................................................................................30

A.2.4 TOE security environment..................................................................................................................31

A.2.5 Security objectives..............................................................................................................................31

A.2.6 IT security requirements.....................................................................................................................32

A.2.7 Application notes ................................................................................................................................33

A.2.8 Rationale ..............................................................................................................................................33

Annex B (normative) Specification of Security Targets ...............................................................................34

B.1 Overview...............................................................................................................................................34

ISO/IEC 15408-1:2005(E)

Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information

technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International

Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as

an International Standard requires approval by at least 75 % of the national bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 15408-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 27, IT security techniques. The identical text of ISO/IEC 15408 is published by the Common

Criteria Project Sponsoring Organisations as Common Criteria for Information Technology Security Evaluation.

This second edition cancels and replaces the first edition (ISO/IEC 15408-1:1999), which has been technically

revised.

ISO/IEC 15408 consists of the following parts, under the general title Information technology — Security

techniques — Evaluation criteria for IT security:

 Part 1: Introduction and general model

 Part 2: Security functional requirements

 Part 3: Security assurance requirements

Legal notice

The governmental organizations listed below contributed to the development of this version of the Common

Criteria for Information Technology Security Evaluations. As the joint holders of the copyright in the Common

Criteria for Information Technology Security Evaluations, version 2.3 Parts 1 through 3 (called CC 2.3), they

hereby grant non-exclusive license to ISO/IEC to use CC 2.3 in the continued development/maintenance of

the ISO/IEC 15408 international standard. However, these governmental organizations retain the right to use,

copy, distribute, translate or modify CC 2.3 as they see fit.

Australia/New Zealand: The Defence Signals Directorate and the Government Communications

Security Bureau respectively;

Canada: Communications Security Establishment;

France: Direction Centrale de la Sécurité des Systèmes d'Information;

ISO/IEC 15408-1:2005(E)

剩余49页未读，继续阅读

评论收藏

内容反馈

tanghongbin2012

2013-12-11

标准是必备的，要是能把几部分都打包在一处下载就更好了
rroookie

2013-01-10

原版文档，可用！楼主辛苦啦。要是能把几部分都打包在一处下载就更好了
feitianfly

2012-09-17

材料其实有用，希望多发类似的材料
dingzhe0301

2013-04-22

挺全的，可用，谢谢分享

wy616

粉丝: 23
资源: 13

ISO_IEC_15408-1

ISO-IEC-15408

ISO15408中文版本

ISO_IEC_15408-1_2009_c050341.pdf

ISO_IEC_15408-2.pdf

ISO IEC 15408-1

ISO 15408-1

ISO IEC +15408-1(GB18336)

ISO IEC+15408-2(GB18336)

ISO-15408-2

ISO-IEC 7816-3-2006_ISO-IEC7816-3-2006_IEC_

ISO_IEC_IEEE 24748-3 系统和软件工程 - 生命周期管理 - 第3部分：ISO_IEC_IEEE 12207（软件生命周期流程）应用指南 - 完整英文电子版（75页）.pdf

ISO_IEC_14496-12_2012

BS ISO_IEC 23008-2-2015Information technology. High efficiency coding and media

ISO/IEC 15408-2

ISO IEC 15408-2

ISO/IEC 15408-3

ISO IEC 15408-3：

ISO IEC 30130

C++2011标准_ISO_IEC-14882-2011_ISOIEC_ISOIEC148822011_ISO_IEC14882

ISO_IEC_14496-15-2004.rar_IEC_ISO/IEC 14496-15_ISO_IEC_14496_ISO

ISO_IEC27034-2-2015

ISO_IEC_29110-5-1-2_2011.pdf

c039593_ISO_IEC_14496-5_2001_Amd_6_2005(E)_Reference_Software

ISO IEC 29161

ISO IEC 29147

ISO IEC 24091

ISO IEC 15026-

ISO IEC 20000-2

最新资源