ДСТУ ISO/IEC 15408-2:2023 Информационные технологии. Кибербезопасность и защита конфиденциальности. Критерии оценки безопасности ИТ. Часть 2. Функциональные компоненты безопасности (ISO/IEC 15408-2:2022, IDT)



ДСТУ ISO/IEC 15408-2:2023
(ISO/IEC 15408-2:2022, IDT)

Інформаційні технології. Кібербезпека та захист конфіденційності. Критерії
оцінювання безпеки ІТ. Частина 2. Функційні компоненти безпеки

 

 
   
 
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Abbreviated terms

5 Overview

5.1 General

5.2 Organization of this document

6 Functional requirements paradigm

7 Security functional components

7.1 Overview

7.2 Component catalogue

8 Class FAU: Security audit

8.1 Class description

8.2 Security audit automatic response (FAU_ARP)

8.3 Security audit data generation (FAU_GEN)

8.4 Security audit analysis (FAU_SAA)

8.5 Security audit review (FAU_SAR)

8.6 Security audit event selection (FAU_SEL)

8.7 Security audit data storage (FAU_STG)

9 Class FCO: Communication

9.1 Class description

9.2 Non-repudiation of origin (FCO_NRO)

9.3 Non-repudiation of receipt (FCO_NRR)

10 Class FCS: Cryptographic support

10.1 Class description

10.2 Cryptographic key management (FCS_CKM)

10.3 Cryptographic operation (FCS_COP)

10.4 Random bit generation (FCS_RBG)

10.5 Generation of random numbers (FCS_RNG)

11 Class FDP: User data protection

11.1 Class description

11.2 Access control policy (FDP_ACC)

11.3 Access control functions (FDP_ACF)

11.4 Data authentication (FDP_DAU)

11.5 Export from the TOE (FDP_ETC)

11.6 Information flow control policy (FDP_IFC)

11.7 Information flow control functions (FDP_IFF)

11.8 Information Retention Control (FDP_IRC)

11.9 Import from outside of the TOE (FDP_ITC)

11.10 Internal TOE transfer (FDP_ITT)

11.11 Residual information protection (FDP_RIP)

11.12 Rollback (FDP_ROL)

11.13 Stored data confidentiality (FDP_SDC)

11.14 Stored data integrity (FDP_SDI)

11.15 Inter-TSF user data confidentiality transfer protection (FDP_UCT)

11.16 Inter-TSF user data integrity transfer protection (FDP_UIT)

12 Class FIA: Identification and authentication

12.1 Class description

12.2 Authentication failures (FIA_AFL)

12.3 Authentication proof of identity (FlA_APl)

12.4 User attribute definition (FIA_ATD)

12.5 Specification of secrets (FIA_SOS)

12.6 User authentication (FIA_UAU)

12.7 User identification (FIA_UID)

12.8 User-subject binding (FIA_USB)

13 Class FMT: Security management

13.1 Class description

13.2 Limited capabilities and availability (FMT_LIM)

13.3 Management of functions in TSF (FMT_MOF)

13.4 Management of security attributes (FMT_MSA)

13.5 Management of TSF data (FMT_MTD)

13.6 Revocation (FMT_REV)

13.7 Security attribute expiration (FMT_SAE)

13.8 Specification of Management Functions (FMT_SMF)

13.9 Security management roles (FMT_SMR)

14 Class FPR: Privacy

14.1 Class description

14.2 Anonymity (FPR_ANO)

14.3 Pseudonymity (FPR_PSE)

14.4 Unlinkability (FPR_UNL)

14.5 Unobservability (FPR_UNO)

15 Class FPT: Protection of the TSF

15.1 Class description

15.2 TOE emanation (FPT_EMS)

15.3 Fail secure (FPT_FLS)

15.4 TSF initialization (FPT_INI)

15.5 Availability of exported TSF data (FPT_ITA)

15.6 Confidentiality of exported TSF data (FPT_ITC)

15.7 Integrity of exported TSF data (FPT_ITI)

15.8 Internal TOE TSF data transfer (FPT_ITT)

15.9 TSF physical protection (FPT_PHP)

16 Class FRU: Resource utilization

16.1 Class description

16.2 Fault tolerance (FRU_FLT)

16.3 Priority of service (FRU_PRS)

16.4 Resource allocation (FRU_RSA)

17 Class FTA: TOE access

17.1 Class description

17.2 Limitation on scope of selectable attributes (FTA_LSA)

17.3 Limitation on multiple concurrent sessions (FTA_MCS)

17.4 Session locking and termination (FTA_SSL)

17.5 TOE access banners (FTA_TAB)

17.6 TOE access history (FTA_TAH)

17.7 TOE session establishment (FTA_TSE)

18 Class FTP: Trusted path/channels

18.1 Class description

18.2 Inter-TSF trusted channel (FTP_ITC)

18.3 Trusted channel protocol (FTP_PRO)

18.4 Trusted path (FTP_TRP)

Annex A (informative) Security functional requirements (SFRs) structure of the application notes

Annex В (informative) Dependency tables for security functional components

Annex C (normative) Class FAU: Security audit — Application notes

Annex D (normative) Class FCO: Communication — Application notes

Annex E (normative) Class FCS: Cryptographic support — Application notes

Annex F (normative) Class FDP: User data protection — Application notes

Annex G (normative) Class FIA: Identification and authentication — Application notes

Annex H (normative) Class FMT: Security management — Application notes

Annex I (normative) Class FPR: Privacy — Application notes

Annex J (normative) Class FPT: Protection of the TSF — Application notes

Annex К (normative) Class FRU: Resource utilization — Application notes

Annex L (normative) Class FTA: TOE access — Application notes

Annex M (normative) Class FTP: Trusted path/channels- application notes

Bibliography