iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

prEN ISO/IEC 15408-3

(Main)

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components (ISO/IEC DIS 15408-3:2024)

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components (ISO/IEC DIS 15408-3:2024)

This document defines the assurance requirements of the ISO/IEC 15408 series. It includes the individual assurance components from which the evaluation assurance levels and other packages contained in ISO/IEC 15408-5 are composed, and the criteria for evaluation of Protection Profiles (PPs), PP-Configurations, PP-Modules, and Security Targets (STs).

Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre - Evaluationskriterien für IT-Sicherheit - Teil 3: Komponenten für die Vertrauenswürdigkeit der Sicherheit

Sécurité de l'information, cybersécurité et protection de la vie privée - Critères d'évaluation pour la sécurité des technologies de l'information - Partie 3: Composants d'assurance de sécurité (ISO/IEC DIS 15408-3:2024)

Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Merila za vrednotenje varnosti IT - 3. del: Komponente za zagotavljanje varnosti (ISO/IEC DIS 15408-3:2024)

General Information

Status
Not Published
Publication Date
11-Mar-2026
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Current Stage
4020 - Submission to enquiry - Enquiry
Start Date
22-Aug-2024
Completion Date
22-Aug-2024
Ref Project
oSIST prEN ISO/IEC 15408-3:2024 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components (ISO/IEC DIS 15408-3:2024)

Relations

Revises
EN ISO/IEC 15408-3:2023 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components (ISO/IEC 15408-3:2022)
Effective Date
22-May-2024

Buy Standard

prEN ISO/IEC 15408-3:2024prEN ISO/IEC 15408-3:2024
PreviousNext
Draft
prEN ISO/IEC 15408-3:2024
English language
202 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-november-2024
Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Merila za
vrednotenje varnosti IT - 3. del: Komponente za zagotavljanje varnosti (ISO/IEC
DIS 15408-3:2024)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT
security - Part 3: Security assurance components (ISO/IEC DIS 15408-3:2024)
Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre -
Evaluationskriterien für IT-Sicherheit - Teil 3: Komponenten für die Vertrauenswürdigkeit
der Sicherheit
Sécurité de l'information, cybersécurité et protection de la vie privée - Critères
d'évaluation pour la sécurité des technologies de l'information - Partie 3: Composants
d'assurance de sécurité (ISO/IEC DIS 15408-3:2024)
Ta slovenski standard je istoveten z: prEN ISO/IEC 15408-3
ICS:
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

DRAFT
International
Standard
ISO/IEC
DIS
15408-3
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2024-08-19
Part 3:
Voting terminates on:
2024-11-11
Security assurance components
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 3: Composants d'assurance de sécurité
ICS: ISO ics
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Reference number
© ISO/IEC 2024
ISO/IEC DIS 15408-3:2024(en)
DRAFT
ISO/IEC DIS 15408-3:2024(en)
International
Standard
ISO/IEC
DIS
15408-3
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2024-08-19
Part 3:
Voting terminates on:
2024-11-11
Security assurance components
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 3: Composants d'assurance de sécurité
ICS: ISO ics
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
© ISO/IEC 2024
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
BE CONSIDERED IN THE LIGHT OF THEIR
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
or ISO’s member body in the country of the requester.
NATIONAL REGULATIONS.
ISO copyright office
RECIPIENTS OF THIS DRAFT ARE INVITED
CP 401 • Ch. de Blandonnet 8
TO SUBMIT, WITH THEIR COMMENTS,
CH-1214 Vernier, Geneva
NOTIFICATION OF ANY RELEVANT PATENT
Phone: +41 22 749 01 11
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
© ISO/IEC 2024
ISO/IEC DIS 15408-3:2024(en)
© ISO/IEC 2024 – All rights reserved
ii
ISO/IEC DIS 15408-3:2024(en)
Contents Page
Foreword .x
Introduction .xii
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
4 Overview . 5
5 Assurance paradigm . 6
5.1 General .6
5.2 ISO/IEC 15408 series approach .6
5.3 Assurance approach .6
5.3.1 General .6
5.3.2 Significance of vulnerabilities .6
5.3.3 Cause of vulnerabilities .7
5.3.4 ISO/IEC 15408 series assurance .7
5.3.5 Assurance through evaluation .7
5.4 ISO/IEC 15408 series evaluation assurance scale .8
6 Security assurance components . 8
6.1 Overview .8
6.2 Assurance class structure .8
6.2.1 General .8
6.2.2 Class name .8
6.2.3 Class introduction .9
6.2.4 Assurance families .9
6.3 Assurance family structure .9
6.3.1 General .9
6.3.2 Family name .9
6.3.3 Family objectives .9
6.3.4 Component levelling .10
6.3.5 Family application notes .10
6.3.6 Assurance components .10
6.4 Assurance component structure .10
6.4.1 General .10
6.4.2 Component name .10
6.4.3 Component objectives . .11
6.4.4 Component application notes .11
6.4.5 Component dependencies .11
6.4.6 Assurance elements .11
6.5 Assurance elements . 12
6.6 Component taxonomy . 12
7 Class APE Protection Profile (PP) evaluation .12
7.1 Introduction . 12
7.2 Conformance claims (APE_CCL) .14
7.2.1 Objectives .14
7.2.2 Conformance claims (APE_CCL.1) .14
7.3 Extended components definition (APE_ECD) .16
7.3.1 Objectives .16
7.3.2 Extended components definition (APE_ECD.1) .16
7.4 PP introduction (APE_INT) .17
7.4.1 Objectives .17
7.4.2 PP introduction (APE_INT.1) .17
7.5 Security objectives (APE_OBJ) .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 19085-9:2024(Main)
Woodworking machines - Safety - Part 9: Circular saw benches (with and without sliding table) (ISO 19085-9:2024)
SIST EN ISO 19085-9:2024

This document specifies the safety requirements and measures for circular saw benches with or without sliding table or demountable power feed unit or both and capable of continuous production use, also known as “table saws” (in the USA), hereinafter referred to also as “machines”.
The machines are designed to cut solid wood and material with similar physical characteristics to wood (see ISO 19085-1:2021, 3.2).
This document deals with all significant hazards, hazardous situations and events as listed in Annex A relevant to the machines when operated, adjusted and maintained as intended and under the conditions foreseen by the manufacturer; reasonably foreseeable misuse has been considered too. Transport, assembly, dismantling, disabling and scrapping phases have also been taken into account.
This document is also applicable to machines fitted with one or more of the following devices or working units, whose hazards have been dealt with:
—     device for the main saw blade and scoring saw blade to be raised and lowered through the table;
—     device to tilt the main saw blade and scoring saw blade for angled cutting;
—     device for scoring;
—     device for grooving with milling tool with a width not exceeding 20 mm in one pass;
—     demountable power feed unit;
—     additional manually operated sliding table;
—     powered workpiece clamping device.
This document does not apply to:
a)       machines intended for outdoor use on building sites;
NOTE            Building site saws (contractor saws) are covered by the requirements of ISO 19085-10:2018.
b)       handheld woodworking machines including any adaptation permitting their use in a different mode, i.e. bench mounting;
c)        machines intended for use in a potentially explosive atmosphere;
d)       machines manufactured prior to the publication of this document.

  • Draft
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17928-2:2024(Main)
Gas infrastructure - Injection stations - Part 2: Specific requirements regarding the injection of biomethane
kSIST FprEN 17928-2:2024

This document establishes specific functional requirements for injection stations for biomethane into gas transmission and distribution systems operated with gases of the second gas family in accordance with EN 437 in addition to the general functional requirements of EN 17928 1:2024.
This document represents the recommendations at the time of its preparation. This document does not apply to injection stations operating prior to the publication of this document.
This document complements EN 17928 1:2024 by specifying the technical safety requirements to be observed in respect of the chemical and physical properties of biomethane.
This document specifies common basic principles for gas infrastructure. Users of this document are expected to be aware that more detailed national standards and/or codes of practice can exist in the CEN member countries.
This document is intended to be applied in association with these national standards and/or codes of practice setting out the above-mentioned basic principles.
In the event of terms of additional requirements in national legislation/regulation than in this document, CEN/TR 13737 (all parts) illustrates these terms.
CEN/TR 13737 (all parts) gives:
—   legislation/regulations applicable in a member state;
—   if appropriate, more restrictive national requirements;
—   a national contact point for the latest information.

  • Draft
    7 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16186-6:2024(Main)
Railway applications - Driver's cab - Part 6: Integration of displays, controls and indicators for tram vehicles
SIST EN 16186-6:2024

This document is applicable to vehicles operating on tram networks.
This document gives design requirements and guidance in order to ensure visibility and operability of displays, controls and indicators in the cab in all operating conditions (day, night, natural or artificial lighting).
It covers four aspects:
-   the characteristics of the displays, controls and indicators in order to ensure proper visibility: i.e. range of luminance and contrast as well as the possibility of adjustment of perceived brightness;
-   the requirements for the location of the displays, keyboards, controls and indicators in the cab and on the driver’s desk: i.e. position, angle of visibility, etc. with consideration of the normal driving position and the working environment (windscreen, natural or artificial lighting in the cab, unwanted glare and reflections, etc.);
-   the characteristics and requirements for the location of microphones and loudspeakers;
-   design of symbols.
NOTE   All element numbers within the text refer to Table B.1.
This document does not apply to refurbishment of existing vehicles. This document is not intended to be applicable to driver's auxiliary desk, except for 5.3.13, Clause 6, 7.1.2, Clause 9 and Table B.1.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 19085-8:2024(Main)
Woodworking machines - Safety - Part 8: Wide belt sanding machines and surface treating machines (ISO 19085-8:2024)
SIST EN ISO 19085-8:2024

This document specifies the safety requirements and measures for wide belt sanding machines (defined in 3.1) and for surface treating machines (defined in 3.2) capable of continuous production use, altogether referred to as “machines”.
This document deals with all significant hazards, hazardous situations and events, as listed in Annex A, relevant to the machines, when operated, adjusted and maintained as intended and under the conditions foreseen by the manufacturer, including reasonably foreseeable misuse. Transport, assembly, dismantling, disabling and scrapping phases are also taken into account.
This document is also applicable to machines fitted with one or more of the following devices/additional working units, whose hazards have been dealt with:
—     transversal sanding unit;
—     cleaning brushing unit;
—     satining roller unit;
—     disk brushing unit;
—     texturing brushing roller unit;
—     texturing brushing belt unit;
—     cutterblock unit;
—     texturing band saw unit;
—     spiked roller unit;
—     multi blade unit;
—     conveyor directly controlled by the machine;
—     additional workpiece vacuum clamping device;
—     antistatic bar unit.
NOTE 1        An antistatic bar is a device that eliminates electrostatic charges on the workpiece to ease its subsequent cleaning from dust by airflow.
This document is also applicable to machines fitted with a laser engraving unit, but the specific hazards of this unit have not been dealt with.
The machines are designed to process workpieces with flat surface and even thickness, in shape of panels or beams or frames, consisting of:
a)       solid wood;
b)       material with similar physical characteristics to wood (see ISO 19085-1:2021, 3.2);
c)        gypsum boards, gypsum bounded fibreboards;
d)       composite materials with core consisting of, e.g. polyurethane or mineral material;
e)       composite boards made from the materials listed above;
f)         all materials listed above, already lacquered.
This document does not deal with hazards related to:
—     specific devices other than those listed above;
—     access through in-feed and out-feed openings of machines with a work piece height capacity greater than 700 mm;
—     systems for powered loading or unloading, or both, of the workpiece to or from a single machine;
NOTE 2        Loading the machine manually includes manually placing the workpiece onto a conveyor directly controlled by the machine. Unloading the machine manually includes manually removing the workpiece from a conveyor directly controlled by the machine.
—     out-feed workpieces on machines with feed speed higher than 60 m/min;
—     interfacing of the machine with any other machine.
This document is not applicable to machines intended for use in a potentially explosive atmosphere and to machines manufactured prior to the date of its publication.

  • Draft
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17450-2:2024(Main)
Fixed firefighting systems - Water mist systems - Part 2: Product characteristics and test methods for nozzles
kSIST FprEN 17450-2:2024

This document specifies product characteristics and test methods of open nozzles and automatic nozzles for use in water mist systems.
NOTE   All pressure data in this document are given as gauge pressures in bar.

  • Draft
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17928-1:2024(Main)
Gas infrastructure - Injection stations - Part 1: General requirements
kSIST FprEN 17928-1:2024

This document establishes the functional requirements for stations for the injection of biomethane, substitute natural gas (SNG) and hydrogen into gas transmission and distribution systems operated with gases (natural gas, biomethane, SNG, hydrogen, gas mixtures) in accordance with European technical rules that ensure the interoperability of systems.
Figure 1 describes the general approach including all the relevant functions that can be installed in different configurations. The injection of Hydrogen is covered separately in EN 17928-3:2024.
This document also applies to refeeding stations that feed such gases back into upstream gas supply networks; see Figure 2.
This document represents the state of the art at the time of its preparation.
This document does not apply to injection stations operating prior to the publication of this document.
This document specifies common basic principles for gas infrastructure. Users of this document are expected to be aware that more detailed national standards and/or codes of practice can exist in the CEN member countries. This document is intended to be applied in association with these national standards and/or codes of practice setting out the above-mentioned basic principles.
In the event of terms of additional requirements in national legislation/regulation than in this document, CEN/TR 13737 (all parts) illustrates these terms.
CEN/TR 13737 (all parts) gives:
—   legislation/regulations applicable in a member state;
—   if appropriate, more restrictive national requirements;
—   a national contact point for the latest information.

  • Draft
    57 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 14105:2024(Main)
Fat and oil derivatives - Fatty Acid Methyl Esters (FAME) - Determination of free and total glycerol and mono-, di-, triglyceride contents
kSIST FprEN 14105:2024

This document specifies a method to determine the free glycerol and residual mono-, di- and triglyceride contents in fatty acid methyl esters (FAME). The total glycerol content is then calculated from the obtained results.
Under the conditions described, the quantification limits are 0,001 % (m/m) for free glycerol, 0,10 % (m/m) for all glycerides (mono-, di- and tri-). This method is suitable for FAME prepared from rapeseed, sunflower, soybean, palm, animal oils and fats and mixture of them. It is not suitable for FAME produced from or containing coconut and palm kernel oils derivatives because of overlapping of different glyceride peaks.
NOTE 1   For the purposes of this document, the term "% (m/m)" is used to represent the mass fraction.
NOTE 2   Under the common EN 14105 GC conditions, squalene can coelute with alpha glycerol monostearate. If the presence of squalene is suspected, EN 17057 can be used to discriminate between squalene and glycerol monostearate.
WARNING - The use of this document can involve hazardous materials, operations and equipment. This document does not purport to address all of the safety problems associated with its use. It is the responsibility of users of this document to take appropriate measures to ensure the safety and health of personnel prior to application of the standard, and fulfil statutory and regulatory requirements for this purpose.

  • Draft
    28 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 1591-1:2024(Main)
Flanges and their joints - Design rules for gasketed circular flange connections - Part 1: Calculation
SIST EN 1591-1:2024

This document defines a calculation method for bolted, gasketed, circular flange joints. Its purpose is to ensure structural integrity and control of leak tightness. It uses gasket parameters based on definitions and test methods specified in EN 13555:2014.
The calculation method is not applicable to joints with a metallic contact out of the sealing face or to joints whose rigidity varies appreciably across gasket width. For gaskets in incompressible materials, which permit large deformations, the results given by the calculation method can be excessively conservative (i.e. required bolting load too high, allowable pressure of the fluid too low, required flange thickness too large, etc.).

  • Draft
    80 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 13237:2024(Main)
Potentially explosive atmospheres - Terms and definitions for equipment and protective systems intended for use in potentially explosive atmospheres
SIST EN 13237:2022

This document specifies terms and definitions (vocabulary) to be used in suitable standards dealing with equipment and protective systems intended for use in potentially explosive atmospheres within the scope of Directive 2014/34/EU.
NOTE   Terms and definitions avoid misunderstandings that are important in relation to the essential health and safety requirements of Directive 2014/34/EU.

  • Draft
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 9300-001:2024(Main)
Aerospace series - LOTAR - LOng Term Archiving and Retrieval of digital technical product documentation such as 3D, CAD and PDM data - Part 001: Structure
kSIST FprEN 9300-001:2023

This document defines the structure and content for the long-term preservation of digital product and technical data. EN 9300 is broken into a series of separate standard parts to make the standard applicable for different business requirements and extensible for further long-term archiving formats.
The following outlines the total scope of this document:
-   for the purpose of this document, structure, and content of EN 9300 standard parts are detailed.

  • Draft
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day