Раздел: Документация

0 1 2 3 4 5 6 ... 117

---

INTERNATIONAL STANDARD © ISO/IEC

ISO/IEC 15408-2:1999(E)

Information technology - Security techniques - Evaluation criteria for IT security -

Part 2:

Security functional requirements

1 Scope

Security functional components, as defined in this partof ISO/IEC 15408, are the basis for the TOE IT security functional requirements expressed in a Protection Profile (PP) or a Security Target (ST). These requirements describe the desired security behaviour expected of a Target of Evaluation (TOE) and are intended to meet the security objectives as stated in a PP or an ST. These requirements describe security properties that users can detect by direct interaction with the TOE (i.e. inputs, outputs) or by the TOEs response to stimulus.

Security functional components express security requirements intended to counter threats in the assumed operating environment of the TOE and/or cover any identified organisational security policies and assumptions.

The audience for this part of ISO/IEC 15408 includes consumers, developers, and evaluators of secure IT systems and products. ISO/IEC 15408-1 clause 3 provides additional information on the target audience of ISO/IEC 15408, and on the use of the standard by the groups that comprise the target audience. These groups may use this part of ISO/IEC 15408 as follows:

-Consumers who use ISO/IEC 15408-2 when selecting components to express functional requirements to satisfy the security objectives expressed in a PP or ST. ISO/ IEC 15408-1 subclause 4.3 provides more detailed information on the relationship between security objectives and security requirements.

-Developers, who respond to actual or perceived consumer security requirements in constructing a TOE, may find a standardised method to understand those requirements in this part of ISO/IEC 15408. They can also use the contents of this part of ISO/IEC 15408 as a basis for further defining the TOE security functions and mechanisms that comply with those requirements.

-Evaluators, who use the functional requirements defined in this part of ISO/IEC 15408 in verifying that the TOE functional requirements expressed in the PP or ST satisfy the IT security objectives and that all dependencies are accounted for and shown to be satisfied. Evaluators also should use this part of ISO/IEC 15408 to assist in determining whether a given TOE satisfies stated requirements.

1.1 Extending and maintaining functional requirements

ISO/IEC 15408 and the associated security functional requirements described herein are not meant to be a definitive answer to all the problems of IT security. Rather, the standard offers a set of well understood security functional requirements that can be used to create trusted products or systems

---

reflecting the needs of the market. These security functional requirements are presented as the current state of the art in requirements specification and evaluation.

This part of ISO/IEC 15408 does not presume to include all possible security functional requirements but rather contains those that are known and agreed to be of value by the ISO/IEC 15408-2 authors at the time of release.

Since the understanding and needs of consumers may change, the functional requirements in this part of ISO/IEC 15408 will need to be maintained. It is envisioned that some PP/ST authors may have security needs not (yet) covered by the functional requirement components in ISO/IEC 15408-2. In those cases the PP/ST author may choose to consider using functional requirements not taken from the standard (referred to as extensibility), as explained in Annexes B and C of ISO/

IEC 15408-1.

1.2Organisation of ISO/IEC 15408-2

Clause 1 is the introductory material for ISO/IEC 15408-2.

Clause 2 introduces the catalogue of ISO/IEC 15408-2 functional components while clauses 3 through 13 describe the functional classes.

Annex A provides additional information of interest to potential users of the functional components including a complete cross reference table of the functional component dependencies.

Annexes B through M provide the application notes for the functional classes. They are a repository for informative supporting material for the users of this part of ISO/IEC 15408, which may help them to apply relevant operations and select appropriate audit or documentation information.

Those who author PPs or STs should refer to Clause 2 of ISO/IEC 15408-1 for relevant structures, rules, and guidance:

-ISO/IEC 15408-1, clause 2 defines the terms used in ISO/IEC 15408.

-ISO/IEC 15408-1, Annex B defines the structure for PPs.

-ISO/IEC 15408-1, Annex C defines the structure for STs.

1.3Functional requirements paradigm

This subclause describes the paradigm used in the security functional requirements of this part of ISO/IEC 15408. Figures 1.1 and 1.2 depict some of the key concepts of the paradigm. This subclause provides descriptive text for those figures and for other key concepts not depicted. Key concepts discussed are highlighted in bold/italics. This subclause is not intended to replace or supersede any of the terms found in the ISO/IEC 15408 glossary in ISO/IEC 15408-1, clause 2.

0 1 2 3 4 5 6 ... 117