没有合适的资源?快使用搜索试试~ 我知道了~
首页ISO_IEC_15408-1
ISO_IEC_15408-1
需积分: 0 74 下载量 94 浏览量
更新于2023-05-29
评论
收藏 825KB PDF 举报
ISO_IEC_15408-1英文原版标准,比中文版更准确,适合研究人员学习标准。
资源详情
资源评论
资源推荐
Reference numbe
r
ISO/IEC 15408-1:2009(E)
©
ISO/IEC 2009
INTERNATIONAL
STANDARD
ISO/IEC
15408-1
Third edition
2009-12-15
Corrected version
2014-01-15
Information technology — Security
techniques — Evaluation criteria for IT
security —
Part 1:
Introduction and general model
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI — Partie 1: Introduction et modèle
général
ISO/IEC 15408-1:2009(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2009
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii
© ISO/IEC 2009 – All rights reserved
ISO/IEC 15408-1:2009(E)
© ISO/IEC 2009 – All rights reserved
iii
Contents Page
Foreword ............................................................................................................................................................... v
Introduction .......................................................................................................................................................... vi
2 Normative references .................................................................................................................................... 1
3 Terms and definitions .................................................................................................................................... 1
3.1 Terms and definitions common in ISO/IEC 15408 ............................................................................... 2
3.2 Terms and definitions related to the ADV class ................................................................................... 9
3.3 Terms and definitions related to the AGD class ................................................................................. 13
3.4 Terms and definitions related to the ALC class .................................................................................. 13
3.5 Terms and definitions related to the AVA class .................................................................................. 17
3.6 Terms and definitions related to the ACO class ................................................................................. 17
4 Abbreviated terms ....................................................................................................................................... 18
5 Overview...................................................................................................................................................... 19
5.1 General ............................................................................................................................................... 19
5.2 The TOE ............................................................................................................................................. 19
5.3 Target audience of ISO/IEC 15408 .................................................................................................... 20
5.4 The different parts of ISO/IEC 15408 ................................................................................................. 21
5.5 Evaluation context .............................................................................................................................. 22
6 General model ............................................................................................................................................. 22
6.1 Introduction to the general model ....................................................................................................... 22
6.2 Assets and countermeasures ............................................................................................................. 23
6.3 Evaluation ........................................................................................................................................... 27
7 Tailoring Security Requirements ................................................................................................................. 27
7.1 Operations .......................................................................................................................................... 27
7.2 Dependencies between components ................................................................................................. 30
7.3 Extended components ........................................................................................................................ 30
8 Protection Profiles and Packages ............................................................................................................... 31
8.1 Introduction ......................................................................................................................................... 31
8.2 Packages ............................................................................................................................................ 31
8.3 Protection Profiles............................................................................................................................... 31
8.4 Using PPs and packages ................................................................................................................... 34
8.5 Using Multiple Protection Profiles ....................................................................................................... 34
9 Evaluation results ........................................................................................................................................ 34
9.1 Introduction ......................................................................................................................................... 34
9.2 Results of a PP evaluation ................................................................................................................. 35
9.3 Results of an ST/TOE evaluation ....................................................................................................... 35
9.4 Conformance claim ............................................................................................................................. 35
ISO/IEC 15408-1:2009(E)
iv
© ISO/IEC 2009 – All rights reserved
9.5 Use of ST/TOE evaluation results ..................................................................................................... 36
Annex A (informative) Specification of Security Targets .................................................................................. 38
Annex B (informative) Specification of Protection Profiles ............................................................................... 54
Annex C (informative) Guidance for Operations ............................................................................................... 59
Annex D (informative) PP conformance ........................................................................................................... 62
Bibliography ....................................................................................................................................................... 64
ISO/IEC 15408-1:2009(E)
© ISO/IEC 2009 – All rights reserved
v
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 15408-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, IT Security techniques. The identical text of ISO/IEC 15408 is published by the
Common Criteria Project Sponsoring Organisations as Common Criteria for Information Technology Security
Evaluation. The common XML source for both publications can be found at
http://www.commoncriteriaportal.org/cc/
This third edition cancels and replaces the second edition (ISO/IEC 15408-1:2005), which has been
technically revised.
ISO/IEC 15408 consists of the following parts, under the general title Information technology — Security
techniques — Evaluation criteria for IT security:
Part 1: Introduction and general model
Part 2: Security functional components
Part 3: Security assurance components
This corrected version of ISO/IEC 15408-1:2009 incorporates miscellaneous editorial corrections related to
the following:
terminology: correction for the terms "security problem" and "security domains";
clause 8.3: explanation of strict conformance, removal of former Figure 4.
剩余73页未读,继续阅读
panyhabc
- 粉丝: 0
- 资源: 5
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- RTL8188FU-Linux-v5.7.4.2-36687.20200602.tar(20765).gz
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
- SPC统计方法基础知识.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0