ДСТУ ISO/IEC 15408-3:2023 Информационные технологии. Кибербезопасность и защита конфиденциальности. Критерии оценки безопасности ИТ. Часть 3. Компоненты безопасности (ISO/IEC 15408-3:2022, IDT)
ДСТУ ISO/IEC 15408-3:2023
(ISO/IEC 15408-3:2022, IDT)
Інформаційні технології. Кібербезпека
та захист конфіденційності. Критерії
оцінювання безпеки IT. Частина 3. Компоненти убезпечення
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)
Contents
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Overview
5 Assurance paradigm
5.1 General
5.2 ISO/IEC 15408 series approach
5.3 Assurance approach
5.4 ISO/IEC 15408 series evaluation assurance scale
6 Security assurance components
6.1 General
6.2 Assurance class structure
6.3 Assurance family structure
6.4 Assurance component structure
6.5 Assurance elements
6.6 Component taxonomy
7 Class APE: Protection Profile (PP) evaluation
7.1 General
7.2 PP introduction (APE_INT)
7.3 Conformance claims (APE_CCL)
7.4 Security problem definition (APE_SPD)
7.5 Security objectives (APE_OBJ)
7.6 Extended components definition (APE_ECD)
7.7 Security requirements (APE_REQ)
8 Class ACE: Protection Profile Configuration evaluation
8.1 General
8.2 PP-Module introduction (ACE_INT)
8.3 PP-Module conformance claims (ACE_CCL)
8.4 PP-Module security problem definition (ACE_SPD)
8.5 PP-Module security objectives (ACE_OBJ)
8.6 PP-Module extended components definition (ACE_ECD)
8.7 PP-Module security requirements (ACE_REQ)
8.8 PP-Module consistency (ACE_MCO)
8.9 PP-Configuration consistency (ACE_CCO)
9 Class ASE: Security Target (ST) evaluation
9.1 General
9.2 ST introduction (ASE_INT)
9.3 Conformance claims (ASE_CCL)
9.4 Security problem definition (ASE_SPD)
9.5 Security objectives (ASE_OBJ)
9.6 Extended components definition (ASE_ECD)
9.7 Security requirements (ASE_REQ)
9.8 TOE summary specification (ASE_TSS)
9.9 Consistency of composite product Security Target (ASE_COMP)
10 Class ADV: Development
10.1 General
10.2 Security Architecture (ADV_ARC)
10.3 Functional specification (ADV_FSP)
10.4 Implementation representation (ADV_IMP)
10.5 TSF internals (ADV_INT)
10.6 Security policy modelling (ADV_SPM)
10.7 TOE design (ADV_TDS)
10.8 Composite design compliance (ADV_COMP)
11 Class AGD: Guidance documents
11.1 General
11.2 Operational user guidance (AGD_OPE)
11.3 Preparative procedures (AGD_PRE)
12 Class ALC: Life-cycle support
12.1 General
12.2 CM capabilities (ALC_CMC)
12.3 CM scope (ALC_CMS)
12.4 Delivery (ALC_DEL)
12.5 Developer environment security (ALC_DVS)
12.6 Flaw remediation (ALC_FLR)
12.7 Development Life-cycle definition (ALC_LCD)
12.8 TOE Development Artefacts (ALC_TDA)
12.9 Tools and techniques (ALC_TAT)
13 Class ATE: Tests
13.1 General
13.2 Coverage (ATE_COV)
13.3 Depth (ATE_DPT)
13.4 Functional tests (ATE_FUN)
13.5 Independent testing (ATE_IND)
13.6 Composite functional testing (ATE_COMP)
14 Class AVA: Vulnerability assessment
14.1 General
14.2 Application notes
14.3 Vulnerability analysis (AVA_VAN)
14.4 Composite vulnerability assessment (AVA_COMP)
15 Class ACO: Composition
15.1 General
15.2 Composition rationale (ACO_COR)
15.3 Development evidence (ACO_DEV)
15.4 Reliance of dependent component (ACO_REL)
15.5 Composed TOE testing (ACO_CTT)
15.6 Composition vulnerability analysis (ACO_VUL)
Annex A (informative) Development (ADV)
Annex В (informative) Composition (ACO)
Annex C (informative) Cross reference of assurance component dependencies
Bibliography
Полная версия документа доступна в тарифе «ВСЕ ВКЛЮЧЕНО».