ДСТУ ISO/IEC 19989-1:2023 Информационная сохранность. Критерии и методология оценки безопасности биометрических систем. Часть 1. Структура (ISO/IEC 19989-1:2020, IDT)
ПІДТВЕРДЖУВАЛЬНЕ ПОВІДОМЛЕННЯ
Державне підприємство
«Український науково-дослідний і навчальний центр
проблем стандартизації, сертифікації та якості»
(ДП «УкрНДНЦ»)
Наказ від 17.08.2023 №210
ISO/IEC 19989-1:2020
Information security. Criteria and methodology for security
evaluation of biometric
systems. Part 1: Framework
прийнято як національний стандарт
методом «підтвердження» за позначенням
ДСТУ ISO/IEC 19989-1:2023
(ISO/IEC 19989-1:2020, IDT)
Інформаційна безпека. Критерії та методологія оцінювання
безпеки біометричних
систем. Частина 1. Структура
З наданням чинності від 2023-08-22
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)
Contents
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 General remarks
6 Vulnerabilities in biometric systems and security evaluation
6.1 Categorization of common vulnerabilities of biometric systems
6.2 Biometric system and presentation attack detection
6.3 Categorization of TOEs in relation to the type of evaluation
7 Extended security functional components to Class FPT: Protection of the TSF
7.1 General
7.2 Presentation attack detection (FPT.PAD)
7.3 Biometric capture with presentation attack detection (FPT.BCP)
8 Extended security functional components to Class FIA: Identification and authentication
8.1 General
8.2 Enrolment of biometric reference (FIA.EBR)
8.3 Biometric verification (FIA.BVR)
8.4 Biometric identification (FIA.BID)
9 Supplementary activities to ISO/IEC 18045 on Class APE: Protection Profile evaluation
10 Supplementary activities to ISO/IEC 18045 on Class ASE: Security Target evaluation
11 Supplementary activities to ISO/IEC 18045 on Class ADV: Development
11.1 Supplementary activities to security architecture ADV_ARC
11.2 Supplementary activities to functional specification ADVJFSP
11.3 Supplementary activities to TOE design ADV.TDS
12 Supplementary activities to ISO/IEC 18045 on Class AGD: Guidance documents
12.1 Supplementary activities to operational user guidance AGD.OPE
12.2 Supplementary activities to preparative procedures AGD.PRE
13 Supplementary activities to ISO/IEC 18045 on Class ALC: Life-cycle support
13.1 Supplementary activities to CM support ALC_CMS
13.2 Supplementary activities to Delivery ALC.DEL
13.3 Supplementary activities to flaw remediation ALC_FLR
14 Supplementary activities to ISO/IEC 18045 on Class ATE: Tests
14.1 Supplementary activities to functional tests ATE_FUN
14.2 Supplementary activities to independent testing ATEJND
15 Supplementary activities to ISO/IEC 18045 on Class AVA: Vulnerability assessment
15.1 General
15.2 Supplementary activities to vulnerability analysis AVA_VAN
Annex A (informative) Introduction to the basic concepts of ISO/IEC 15408
Annex В (normative) Class FPT: Protection of the TSF
Annex C (normative) Class FIA: Identification and authentication
Annex D (informative) Background information on supplementary activities for PAD evaluation
Annex E (informative) Other general vulnerabilities
Annex F (normative) Attack potential and TOE resistance
Bibliography
Полная версия документа доступна в тарифе «ВСЕ ВКЛЮЧЕНО».