Раздел: Документация
0 1 2 3 ... 117 INTERNATIONAL STANDARD ISO/IEC 15408-2 First edition 1999-12-01 Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements Technologies de /information - Techniques de securite - Criteres devaluation pour la securite TI - Partie 2: Exigences fonctionnelles de securite Reference number ISO/IEC 15408-2:1999(E) © ISO/IEC 1999 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the publisher. ISO/IEC Copyright Office • Case postale 56 • CH-1211 Geneve 20 • Switzerland Printed in Switzerland Contents 1Scope ........................................................1 1.1Extending and maintaining functional requirements .................1 1.2Organisation of ISO/IEC 15408-2 ...............................2 1.3Functional requirements paradigm ...............................2 2Security functional components ..................................9 2.1Overview...................................................9 2.1.1Class structure ............................................9 2.1.2Family structure ..........................................10 2.1.3Component structure .......................................11 2.1.4Permitted functional component operations .....................13 2.2Component catalogue .........................................14 2.2.1 Component changes highlighting .............................15 3Class FAU: Security audit .......................................17 3.1Security audit automatic response (FAU ARP) .....................18 3.2Security audit data generation (FAU GEN) ........................19 3.3Security audit analysis (FAU SAA)..............................21 3.4Security audit review (FAU SAR) ...............................24 3.5Security audit event selection (FAUSEL) ........................26 3.6Security audit event storage (FAU STG) ..........................27 4Class FCO: Communication .....................................31 4.1Non-repudiation of origin (FCO NRO) ...........................32 4.2Non-repudiation of receipt (FCO NRR) ..........................34 5Class FCS: Cryptographic support................................37 5.1Cryptographic key management (FCS CKM) ......................38 5.2Cryptographic operation (FCS COP) .............................41 6Class FDP: User data protection ..................................43 6.1Access control policy (FDP ACC)...............................46 6.2Access control functions (FDP ACF) ............................48 6.3Data authentication (FDP DAU) ................................50 6.4Export to outside TSF control (FDP ETC) ........................52 6.5Information flow control policy (FDP IFC) .......................54 6.6Information flow control functions (FDP IFF) .....................56 6.7Import from outside TSF control (FDP ITC) .......................61 6.8Internal TOE transfer (FDP ITT) ................................63 6.9Residual information protection (FDP RIP) .......................66 6.10Rollback (FDP ROL) .........................................68 6.11Stored data integrity (FDP SDI) ................................70 0 1 2 3 ... 117
|