ДСТУ ISO/IEC 15408-3:2017 Інформаційні технології. Методи захисту. Критерії оцінки. Частина 3. Вимоги до гарантії безпеки (ISO/IEC 15408-3:2008, IDT)

ПІДТВЕРДЖУВАЛЬНЕ ПОВІДОМЛЕННЯ

Державне підприємство
«Український науково-дослідний і навчальний центр
проблем стандартизації, сертифікації та якості»
(З питань придбання офіційного видання звертайтесь до національного органу стандартизації
(ДП «УкрНДНЦ»))

Наказ від 04.08.2017 № 207

ISO/IEC 15408-3:2008

Information technology — Security techniques — Evaluation
criteria for IT security — Part 3: Security assurance components

прийнято як національний стандарт
методом «підтвердження» за позначенням
Відповідає офіційному тексту

ДСТУ ISO/IEC 15408-3:2017
(ISO/IEC 15408-3:2008, IDТ)

Інформаційні технології. Методи захисту. Критерії оцінки.
Частина 3. Вимоги до гарантії безпеки

З наданням чинності від 2017-10-01

Contents

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions, symbols and abbreviated terms

4 Overview

4.1 Organisation of this part of ISO/IEC 15408

5 Assurance paradigm

5.1 ISO/IEC 15408 philosophy

5.2 Assurance approach

5.3 ISO/IEC 15408 evaluation assurance scale

6 Security assurance components

6.1 Security assurance classes, families and components structure

6.2 EAL structure

6.3 CAP structure

7 Evaluation assurance levels

7.1 Evaluation assurance level (EAL) overview

7.2 Evaluation assurance level details

7.3 Evaluation assurance level 1 (EAL1) - functionally tested

7.4 Evaluation assurance level 2 (EAL2) - structurally tested

7.5 Evaluation assurance level 3 (EAL3) - methodically tested and checked

7.6 Evaluation assurance level 4 (EAL4) - methodically designed, tested, and reviewed

7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and tested

7.8 Evaluation assurance level 6 (EAL6) - semiformally verified design and tested

7.9 Evaluation assurance level 7 (EAL7) - formally verified design and tested

8 Composed assurance packages

8.1 Composed assurance package (CAP) overview

8.2 Composed assurance package details

8.3 Composition assurance level A (CAP-A) - Structurally composed

8.4 Composition assurance level B (CAP-B) - Methodically composed

8.5 Composition assurance level C (CAP-C) - Methodically composed, tested and reviewed

9 Class APE: Protection Profile evaluation

9.1 PP introduction (APE_INT)

9.2 Conformance claims (APE_CCL)

9.3 Security problem definition (APE_SPD)

9.4 Security objectives (APE_OBJ)

9.5 Extended components definition (APE_ECD)

9.6 Security requirements (APE_REQ)

10 Class ASE: Security Target evaluation

10.1 ST introduction (ASE_INT)

10.2 Conformance claims (ASE_CCL)

10.3 Security problem definition (ASE_SPD)

10.4 Security objectives (ASE_OBJ)

10.5 Extended components definition (ASE_ECD)

10.6 Security requirements (ASE_REQ)

10.7 TOE summary specification (ASE_TSS)

11 Class ADV

11.1 Security Architecture (ADV_ARC)

11.2 Functional specification (ADV_FSP)

11.3 Implementation representation (ADV_IMP)

11.4 TSF internals (ADV_INT)

11.5 Security policy modelling (ADV_SPM)

11.6 TOE design (ADV_TDS)

12 Class AGD: Guidance documents

12.1 Operational user guidance (AGD_OPE)

12.2 Preparative procedures (AGD_PRE)

13 Class ALC: Life-cycle support

13.1 CM capabilities (ALC_CMC)

13.2 CM scope (ALC_CMS)

13.3 Delivery (ALC_DEL)

13.4 Development security (ALC_DVS)

13.5 Flaw remediation (ALC_FLR)

13.6 Life-cycle definition (ALC_LCD)

13.7 Tools and techniques (ALC_TAT)

14 Class ATE: Tests

14.1 Coverage (ATE_COV)

14.2 Depth (ATE_DPT)

14.3 Functional tests (ATE_FUN)

14.4 Independent testing (ATE_IND)

15 Class AVA: Vulnerability assessment

15.1 Application notes

15.2 Vulnerability analysis (AVA_VAN)

16 Class ACO: Composition

16.1 Composition rationale (ACO_COR)

16.2 Development evidence (ACO_DEV)

16.3 Reliance of dependent component (ACO_REL)

16.4 Composed TOE testing (ACO_CTT)

16.5 Composition vulnerability analysis (ACO_VUL)

Annex A (informative) Development (ADV)

Annex B (informative) Composition (ACO)

Annex C (informative) CrB.1 Necessity for compososs reference of assurance component dependencies

Annex D (informative) Cross reference of PPs and assurance components

Annex E (informative) Cross reference of EALs and assurance components

Annex F (informative) Cross reference of CAPs and assurance components