BS ISO/IEC 15408-1-2005 信息技术.安全技术.IT安全评价准则.引言和一般模型
作者:标准资料网 时间:2024-04-29 18:52:33 浏览:8795
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:Informationtechnology-Securitytechniques-EvaluationcriteriaforITsecurity-Introductionandgeneralmodel
【原文标准名称】:信息技术.安全技术.IT安全评价准则.引言和一般模型
【标准号】:BSISO/IEC15408-1-2005
【标准状态】:作废
【国别】:英国
【发布日期】:2005-11-14
【实施或试行日期】:2005-11-14
【发布单位】:英国标准学会(GB-BSI)
【起草单位】:BSI
【标准类型】:()
【标准水平】:()
【中文主题词】:置信区间;数据处理;数据保护;数据安全;数据传输;定义;信息交流;信息交换;信息技术;志新水平;模型;特性;可靠度;安全
【英文主题词】:Confidenceintervals;Dataexchange;Dataprocessing;Dataprotection;Datasecurity;Datatransmission;Definitions;Englishlanguage;Evaluations;Informationexchange;Informationinterchange;Informationtechnology;ITsecurity;Levelofconfidence;Models;Properties;Reliability;Safety
【摘要】:ISO/IEC15408ismeanttobeusedasthebasisforevaluationofsecuritypropertiesofITproductsandsystems.Byestablishingsuchacommoncriteriabase,theresultsofanITsecurityevaluationwillbemeaningfultoawideraudience.Certaintopics,becausetheyinvolvespecializedtechniquesorbecausetheyaresomewhatperipheraltoITsecurity,areconsideredtobeoutsidethescopeofISO/IEC15408.Someoftheseareidentifiedbelow:a)ISO/IEC15408doesnotcontainsecurityevaluationcriteriapertainingtoadministrativesecuritymeasuresnotrelateddirectlytotheITsecuritymeasures.However,itisrecognisedthatasignificantpartofthesecurityofaTOEcanoftenbeachievedthroughadministrativemeasuressuchasorganisational,personnel,physical,andproceduralcontrols.AdministrativesecuritymeasuresintheoperatingenvironmentoftheTOEaretreatedassecureusageassumptionswherethesehaveanimpactontheabilityoftheITsecuritymeasurestocountertheidentifiedthreats.b)TheevaluationoftechnicalphysicalaspectsofITsecuritysuchaselectromagneticemanationcontrolisnotspecificallycovered,althoughmanyoftheconceptsaddressedwillbeapplicabletothatarea.Inparticular,ISO/IEC15408addressessomeaspectsofphysicalprotectionoftheTOE.c)ISO/IEC15408addressesneithertheevaluationmethodologynortheadministrativeandlegalframeworkunderwhichthecriteriamaybeappliedbyevaluationauthorities.However,itisexpectedthatISO/IEC15408willbeusedforevaluationpurposesinthecontextofsuchaframeworkandsuchamethodology.d)TheproceduresforuseofevaluationresultsinproductorsystemaccreditationareoutsidethescopeofISO/IEC15408.ProductorsystemaccreditationistheadministrativeprocesswherebyauthorityisgrantedfortheoperationofanITproductorsysteminitsfulloperationalenvironment.EvaluationfocusesontheITsecuritypartsoftheproductorsystemandthosepartsoftheoperationalenvironmentthatmaydirectlyaffectthesecureuseofITelements.Theresultsoftheevaluationprocessareconsequentlyavaluableinputtotheaccreditationprocess.However,asothertechniquesaremoreappropriatefortheassessmentsofnon-ITrelatedproductorsystemsecuritypropertiesandtheirrelationshiptotheITsecurityparts,accreditorsshouldmakeseparateprovisionforthoseaspects.e)ThesubjectofcriteriafortheassessmentoftheinherentqualitiesofcryptographicalgorithmsisnotcoveredinISO/IEC15408.ShouldindependentassessmentofmathematicalpropertiesofcryptographyembeddedinaTOEberequired,theevaluationschemeunderwhichISO/IEC15408isappliedmustmakeprovisionforsuchassessments.Informationtechnology—Securitytechniques—EvaluationcriteriaforITsecurity—Part1:IntroductionandgeneralmodelThispartofISO/IEC15408definestwoformsforexpressingITsecurityfunctionalandassurancerequirements.Theprotectionprofile(PP)constructallowscreationofgeneralizedreusablesetsofthesesecurityrequirements.ThePPcanbeusedbyprospectiveconsumersforspecificationandidentificationofproductswithITsecurityfeatureswhichwillmeettheirneeds.Thesecuritytarget(ST)expressesthesecurityrequirementsandspecifiesthesecurityfunctionsforaparticularproductorsystemtobeevaluated,calledthetargetofevaluation(TOE).TheSTisusedbyevaluatorsasthebasisforevaluationsconductedinaccordancewithISO/IEC15408.
【中国标准分类号】:L70
【国际标准分类号】:35_040
【页数】:52P.;A4
【正文语种】:英语
【原文标准名称】:信息技术.安全技术.IT安全评价准则.引言和一般模型
【标准号】:BSISO/IEC15408-1-2005
【标准状态】:作废
【国别】:英国
【发布日期】:2005-11-14
【实施或试行日期】:2005-11-14
【发布单位】:英国标准学会(GB-BSI)
【起草单位】:BSI
【标准类型】:()
【标准水平】:()
【中文主题词】:置信区间;数据处理;数据保护;数据安全;数据传输;定义;信息交流;信息交换;信息技术;志新水平;模型;特性;可靠度;安全
【英文主题词】:Confidenceintervals;Dataexchange;Dataprocessing;Dataprotection;Datasecurity;Datatransmission;Definitions;Englishlanguage;Evaluations;Informationexchange;Informationinterchange;Informationtechnology;ITsecurity;Levelofconfidence;Models;Properties;Reliability;Safety
【摘要】:ISO/IEC15408ismeanttobeusedasthebasisforevaluationofsecuritypropertiesofITproductsandsystems.Byestablishingsuchacommoncriteriabase,theresultsofanITsecurityevaluationwillbemeaningfultoawideraudience.Certaintopics,becausetheyinvolvespecializedtechniquesorbecausetheyaresomewhatperipheraltoITsecurity,areconsideredtobeoutsidethescopeofISO/IEC15408.Someoftheseareidentifiedbelow:a)ISO/IEC15408doesnotcontainsecurityevaluationcriteriapertainingtoadministrativesecuritymeasuresnotrelateddirectlytotheITsecuritymeasures.However,itisrecognisedthatasignificantpartofthesecurityofaTOEcanoftenbeachievedthroughadministrativemeasuressuchasorganisational,personnel,physical,andproceduralcontrols.AdministrativesecuritymeasuresintheoperatingenvironmentoftheTOEaretreatedassecureusageassumptionswherethesehaveanimpactontheabilityoftheITsecuritymeasurestocountertheidentifiedthreats.b)TheevaluationoftechnicalphysicalaspectsofITsecuritysuchaselectromagneticemanationcontrolisnotspecificallycovered,althoughmanyoftheconceptsaddressedwillbeapplicabletothatarea.Inparticular,ISO/IEC15408addressessomeaspectsofphysicalprotectionoftheTOE.c)ISO/IEC15408addressesneithertheevaluationmethodologynortheadministrativeandlegalframeworkunderwhichthecriteriamaybeappliedbyevaluationauthorities.However,itisexpectedthatISO/IEC15408willbeusedforevaluationpurposesinthecontextofsuchaframeworkandsuchamethodology.d)TheproceduresforuseofevaluationresultsinproductorsystemaccreditationareoutsidethescopeofISO/IEC15408.ProductorsystemaccreditationistheadministrativeprocesswherebyauthorityisgrantedfortheoperationofanITproductorsysteminitsfulloperationalenvironment.EvaluationfocusesontheITsecuritypartsoftheproductorsystemandthosepartsoftheoperationalenvironmentthatmaydirectlyaffectthesecureuseofITelements.Theresultsoftheevaluationprocessareconsequentlyavaluableinputtotheaccreditationprocess.However,asothertechniquesaremoreappropriatefortheassessmentsofnon-ITrelatedproductorsystemsecuritypropertiesandtheirrelationshiptotheITsecurityparts,accreditorsshouldmakeseparateprovisionforthoseaspects.e)ThesubjectofcriteriafortheassessmentoftheinherentqualitiesofcryptographicalgorithmsisnotcoveredinISO/IEC15408.ShouldindependentassessmentofmathematicalpropertiesofcryptographyembeddedinaTOEberequired,theevaluationschemeunderwhichISO/IEC15408isappliedmustmakeprovisionforsuchassessments.Informationtechnology—Securitytechniques—EvaluationcriteriaforITsecurity—Part1:IntroductionandgeneralmodelThispartofISO/IEC15408definestwoformsforexpressingITsecurityfunctionalandassurancerequirements.Theprotectionprofile(PP)constructallowscreationofgeneralizedreusablesetsofthesesecurityrequirements.ThePPcanbeusedbyprospectiveconsumersforspecificationandidentificationofproductswithITsecurityfeatureswhichwillmeettheirneeds.Thesecuritytarget(ST)expressesthesecurityrequirementsandspecifiesthesecurityfunctionsforaparticularproductorsystemtobeevaluated,calledthetargetofevaluation(TOE).TheSTisusedbyevaluatorsasthebasisforevaluationsconductedinaccordancewithISO/IEC15408.
【中国标准分类号】:L70
【国际标准分类号】:35_040
【页数】:52P.;A4
【正文语种】:英语
下载地址: 点击此处下载