ДСТУ ISO/IEC 15408-3:2017 Информационные технологии. Методы защиты. Критерии оценки. Часть 3. Требования к гарантии безопасности (ISO/IEC 15408-3:2008, IDT)
ПІДТВЕРДЖУВАЛЬНЕ ПОВІДОМЛЕННЯ
Державне підприємство
«Український науково-дослідний і навчальний центр
проблем стандартизації, сертифікації та якості»
(
(ДП «УкрНДНЦ»))
Наказ від 04.08.2017 № 207
ISO/IEC 15408-3:2008
Information technology — Security techniques —
Evaluation
criteria for IT security —
Part 3: Security assurance components
прийнято як національний стандарт
методом «підтвердження» за позначенням
ДСТУ ISO/IEC 15408-3:2017
(ISO/IEC 15408-3:2008, IDТ)
Інформаційні технології. Методи захисту. Критерії оцінки.
Частина 3. Вимоги до гарантії безпеки
З наданням чинності від 2017-10-01
Contents
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions, symbols and abbreviated terms
4 Overview
4.1 Organisation of this part of ISO/IEC 15408
5 Assurance paradigm
5.1 ISO/IEC 15408 philosophy
5.2 Assurance approach
5.3 ISO/IEC 15408 evaluation assurance scale
6 Security assurance components
6.1 Security assurance classes, families and components structure
6.2 EAL structure
6.3 CAP structure
7 Evaluation assurance levels
7.1 Evaluation assurance level (EAL) overview
7.2 Evaluation assurance level details
7.3 Evaluation assurance level 1 (EAL1) - functionally tested
7.4 Evaluation assurance level 2 (EAL2) - structurally tested
7.5 Evaluation assurance level 3 (EAL3) - methodically tested and checked
7.6 Evaluation assurance level 4 (EAL4) - methodically designed, tested, and reviewed
7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and tested
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified design and tested
7.9 Evaluation assurance level 7 (EAL7) - formally verified design and tested
8 Composed assurance packages
8.1 Composed assurance package (CAP) overview
8.2 Composed assurance package details
8.3 Composition assurance level A (CAP-A) - Structurally composed
8.4 Composition assurance level B (CAP-B) - Methodically composed
8.5 Composition assurance level C (CAP-C) - Methodically composed, tested and reviewed
9 Class APE: Protection Profile evaluation
9.1 PP introduction (APE_INT)
9.2 Conformance claims (APE_CCL)
9.3 Security problem definition (APE_SPD)
9.4 Security objectives (APE_OBJ)
9.5 Extended components definition (APE_ECD)
9.6 Security requirements (APE_REQ)
10 Class ASE: Security Target evaluation
10.1 ST introduction (ASE_INT)
10.2 Conformance claims (ASE_CCL)
10.3 Security problem definition (ASE_SPD)
10.4 Security objectives (ASE_OBJ)
10.5 Extended components definition (ASE_ECD)
10.6 Security requirements (ASE_REQ)
10.7 TOE summary specification (ASE_TSS)
11 Class ADV
11.1 Security Architecture (ADV_ARC)
11.2 Functional specification (ADV_FSP)
11.3 Implementation representation (ADV_IMP)
11.4 TSF internals (ADV_INT)
11.5 Security policy modelling (ADV_SPM)
11.6 TOE design (ADV_TDS)
12 Class AGD: Guidance documents
12.1 Operational user guidance (AGD_OPE)
12.2 Preparative procedures (AGD_PRE)
13 Class ALC: Life-cycle support
13.1 CM capabilities (ALC_CMC)
13.2 CM scope (ALC_CMS)
13.3 Delivery (ALC_DEL)
13.4 Development security (ALC_DVS)
13.5 Flaw remediation (ALC_FLR)
13.6 Life-cycle definition (ALC_LCD)
13.7 Tools and techniques (ALC_TAT)
14 Class ATE: Tests
14.1 Coverage (ATE_COV)
14.2 Depth (ATE_DPT)
14.3 Functional tests (ATE_FUN)
14.4 Independent testing (ATE_IND)
15 Class AVA: Vulnerability assessment
15.1 Application notes
15.2 Vulnerability analysis (AVA_VAN)
16 Class ACO: Composition
16.1 Composition rationale (ACO_COR)
16.2 Development evidence (ACO_DEV)
16.3 Reliance of dependent component (ACO_REL)
16.4 Composed TOE testing (ACO_CTT)
16.5 Composition vulnerability analysis (ACO_VUL)
Annex A (informative) Development (ADV)
Annex B (informative) Composition (ACO)
Annex C (informative) CrB.1 Necessity for compososs reference of assurance component dependencies
Annex D (informative) Cross reference of PPs and assurance components
Annex E (informative) Cross reference of EALs and assurance components
Annex F (informative) Cross reference of CAPs and assurance components
Полная версия документа доступна в тарифе «ВСЕ ВКЛЮЧЕНО».