Раздел: Документация
0 1 2 3 4 5 ... 73 List of Tables Table 2.1 -Assurance family breakdown and mapping ................... Table 2.2 -Maintenance of assurance class decomposition ................ Table 3.1 -Protection Profile families - only ISO/IEC 15408 requirements . . . Table 3.2 -Protection Profile families - ISO/IEC 15408 extended requirements Table 3.3 -Security Target families - only ISO/IEC 15408 requirements ..... Table 3.4 -Security Target families - ISO/IEC 15408 extended requirements . Table 6.1 -Evaluation assurance level summary ........................ Table 6.2-EAL1 ................................................. Table 6.3 -EAL2 ................................................. Table 6.4-EAL3 ................................................. Table 6.5 -EAL4 ................................................. Table 6.6-EAL5 ................................................. Table 6.7-EAL6 ................................................. Table 6.8 -EAL7 ................................................. Table 15.1 -Maintenance of assurance family breakdown and mapping ....... Table A.1 -Assurance component dependencies ........................ Table A.2 -AMA Internal Dependencies .............................. Table B.1 -Evaluation assurance level summary ........................ 16 . 21 24 24 25 25 54 55 57 59 61 63 65 67 192 209 211 213 Foreword ISO the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 15408-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, in collaboration with Common Criteria Project Sponsoring Organisations. The identical text of ISO/IEC 15408-3 is published by the Common Criteria Project Sponsoring Organisations as Common Criteria for Information Technology Security Evaluation. Additional information on the Common Criteria Project and contact information on its Sponsoring Organisations is provided in Annex A of ISO-IEC 15408-1. ISO/IEC 15408 consists of the following parts, under the general title Information technology - Security techniques - Evaluation criteria for IT security: -Part 1: Introduction and general model -Part 2: Security functional requirements -Part 3: Security assurance requirements Annexes A and B of this part of ISO/IEC 15408 are for information only. This LEGAL NOTICE has been placed in all Parts of ISO/IEC 15408 by request: The seven governmental organisations (collectively called "the Common Criteria Project Sponsoring Organisations") identified in ISO/IEC 15408-1 Annex A, as the joint holders of the copyright in the Common Criteria for Information Technology Security Evaluation, Parts 1 through 3 (called the "CC"), hereby grant non-exclusive license to ISO/IEC to use the CC in the development of the ISO/IEC 15408 international standard.However, the Common Criteria Project Sponsoring Organisations retain the right to use, copy, distribute, or modify the CC as they see fit. INTERNATIONAL STANDARD © ISO/IEC ISO/IEC FDIS 15408-3:1999(E) Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements 1 Scope This part of ISO/IEC 15408 defines the assurance requirements of the standard. It includes the evaluation assurance levels (EALs) that define a scale for measuring assurance, the individual assurance components from which the assurance levels are composed, and the criteria for evaluation of PPs and STs. 1.1Organisation of ISO/IEC 15408-3 Clause 1 is the introduction and paradigm for this part of ISO/IEC 15408. Clause 2 describes the presentation structure of the assurance classes, families, components, and evaluation assurance levels along with their relationships. It also characterises the assurance classes and families found in clauses 8 through 14. Clauses 3, 4 and 5 provide a brief introduction to the evaluation criteria for PPs and STs, followed by detailed explanations of the families and components that are used for those evaluations. Clause 6 provides detailed definitions of the EALs. Clause 7 provides a brief introduction to the assurance classes and is followed by clauses 8 through 14 that provide detailed definitions of those classes. Clauses 15 and 16 provide a brief introduction to the evaluation criteria for maintenance of assurance, followed by detailed definitions of those families and components. Annex A provides a summary of the dependencies between the assurance components. Annex B provides a cross reference between the EALs and the assurance components. 1.2ISO/IEC 15408 assurance paradigm The purpose of this subclause is to document the philosophy that underpins the ISO/IEC 15408-3 approach to assurance. An understanding of this subclause will permit the reader to understand the rationale behind the ISO/IEC 15408-3 assurance requirements. 0 1 2 3 4 5 ... 73
|
