没有合适的资源?快使用搜索试试~ 我知道了~
ISO_IEC_15408-1
4星 · 超过85%的资源 需积分: 0 47 下载量 11 浏览量
2011-03-25
11:02:57
上传
评论
收藏 727KB PDF 举报
温馨提示
试读
50页
ISO_IEC_15408-1 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
资源推荐
资源详情
资源评论
Reference number
ISO/IEC 15408-1:2005(E)
©
ISO/IEC 2005
INTERNATIONAL
STANDARD
ISO/IEC
15408-1
Second edition
2005-10-01
Information technology — Security
techniques — Evaluation criteria for IT
security —
Part 1:
Introduction and general model
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 1: Introduction et modèle général
ISO/IEC 15408-1:2005(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
© ISO/IEC 2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii
© ISO/IEC 2005 – All rights reserved
© ISO/IEC 2005 – All rights reserved iii
Contents Page
Foreword .............................................................................................................................................................v
Introduction.......................................................................................................................................................vii
1 Scope......................................................................................................................................................1
2 Terms and definitions .......................................................................................................................... 2
3 Symbols and abbreviated terms..........................................................................................................7
4 Overview.................................................................................................................................................8
4.1 Introduction............................................................................................................................................8
4.1.1 Target audience of ISO/IEC 15408 .......................................................................................................8
4.2 Evaluation context.................................................................................................................................9
4.3 Organisation of ISO/IEC 15408...........................................................................................................10
5 General model......................................................................................................................................11
5.1 Security context...................................................................................................................................11
5.1.1 General security context.....................................................................................................................11
5.1.2 Information technology security context..........................................................................................13
5.2 ISO/IEC 15408 approach .....................................................................................................................13
5.2.1 Development........................................................................................................................................13
5.2.2 TOE evaluation ....................................................................................................................................15
5.2.3 Operation..............................................................................................................................................15
5.3 Security concepts................................................................................................................................16
5.3.1 Security environment..........................................................................................................................17
5.3.2 Security objectives..............................................................................................................................18
5.3.3 IT security requirements.....................................................................................................................18
5.3.4 TOE summary specification...............................................................................................................19
5.3.5 TOE implementation............................................................................................................................19
5.4 ISO/IEC 15408 descriptive material ...................................................................................................19
5.4.1 Expression of security requirements................................................................................................19
5.4.2 Types of evaluation.............................................................................................................................24
6 ISO/IEC 15408 requirements and evaluation results.......................................................................25
6.1 Introduction..........................................................................................................................................25
6.2 Requirements in PPs and STs ...........................................................................................................25
6.2.1 PP evaluation results ..........................................................................................................................26
6.3 Requirements in TOE..........................................................................................................................26
6.3.1 TOE evaluation results........................................................................................................................26
6.4 Conformance results...........................................................................................................................26
6.5 Use of TOE evaluation results ...........................................................................................................27
Annex A (normative) Specification of Protection Profiles............................................................................29
A.1 Overview...............................................................................................................................................29
A.2 Content of Protection Profile .............................................................................................................29
A.2.1 Content and presentation...................................................................................................................29
A.2.2 PP introduction....................................................................................................................................30
A.2.3 TOE description...................................................................................................................................30
A.2.4 TOE security environment..................................................................................................................31
A.2.5 Security objectives..............................................................................................................................31
A.2.6 IT security requirements.....................................................................................................................32
A.2.7 Application notes ................................................................................................................................33
A.2.8 Rationale ..............................................................................................................................................33
Annex B (normative) Specification of Security Targets ...............................................................................34
B.1 Overview...............................................................................................................................................34
ISO/IEC 15408-1:2005(E)
iv © ISO/IEC 2005 – All rights reserved
B.2 Content of Security Target................................................................................................................. 34
B.2.1 Content and presentation .................................................................................................................. 34
B.2.2 ST introduction ................................................................................................................................... 35
B.2.3 TOE description .................................................................................................................................. 36
B.2.4 TOE security environment................................................................................................................. 36
B.2.5 Security objectives ............................................................................................................................. 36
B.2.6 IT security requirements.................................................................................................................... 37
B.2.7 TOE summary specification .............................................................................................................. 38
B.2.8 PP claims............................................................................................................................................. 38
B.2.9 Application Notes ............................................................................................................................... 39
B.2.10 Rationale.............................................................................................................................................. 40
Bibliography ..................................................................................................................................................... 41
ISO/IEC 15408-1:2005(E)
© ISO/IEC 2005 – All rights reserved v
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 15408-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, IT security techniques. The identical text of ISO/IEC 15408 is published by the Common
Criteria Project Sponsoring Organisations as Common Criteria for Information Technology Security Evaluation.
This second edition cancels and replaces the first edition (ISO/IEC 15408-1:1999), which has been technically
revised.
ISO/IEC 15408 consists of the following parts, under the general title Information technology — Security
techniques — Evaluation criteria for IT security:
Part 1: Introduction and general model
Part 2: Security functional requirements
Part 3: Security assurance requirements
Legal notice
The governmental organizations listed below contributed to the development of this version of the Common
Criteria for Information Technology Security Evaluations. As the joint holders of the copyright in the Common
Criteria for Information Technology Security Evaluations, version 2.3 Parts 1 through 3 (called CC 2.3), they
hereby grant non-exclusive license to ISO/IEC to use CC 2.3 in the continued development/maintenance of
the ISO/IEC 15408 international standard. However, these governmental organizations retain the right to use,
copy, distribute, translate or modify CC 2.3 as they see fit.
Australia/New Zealand: The Defence Signals Directorate and the Government Communications
Security Bureau respectively;
Canada: Communications Security Establishment;
France: Direction Centrale de la Sécurité des Systèmes d'Information;
ISO/IEC 15408-1:2005(E)
剩余49页未读,继续阅读
资源评论
- tanghongbin20122013-12-11标准是必备的,要是能把几部分都打包在一处下载就更好了
- rroookie2013-01-10原版文档,可用!楼主辛苦啦。要是能把几部分都打包在一处下载就更好了
- feitianfly2012-09-17材料其实有用,希望多发类似的材料
- dingzhe03012013-04-22挺全的,可用,谢谢分享
wy616
- 粉丝: 23
- 资源: 13
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功