prEN ISO/IEC 15408-2
(Main)Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 2: Security functional components (ISO/IEC DIS 15408-2:2024)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 2: Security functional components (ISO/IEC DIS 15408-2:2024)
This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that meets the common security functionality requirements of many IT products.
Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre - Evaluationskriterien für IT-Sicherheit - Teil 2: Sicherheitsfunktionskomponenten (ISO/IEC DIS 15408-2:2024)
Sécurité de l'information, cybersécurité et protection de la vie privée - Critères d'évaluation pour la sécurité des technologies de l'information - Partie 2: Composants fonctionnels de sécurité (ISO/IEC DIS 15408-2:2024)
Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Merila za vrednotenje varnosti IT - 2. del: Funkcionalne varnostne komponente (ISO/IEC DIS 15408-2:2024)
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-november-2024
Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Merila za
vrednotenje varnosti IT - 2. del: Funkcionalne varnostne komponente (ISO/IEC DIS
15408-2:2024)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT
security - Part 2: Security functional components (ISO/IEC DIS 15408-2:2024)
Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre -
Evaluationskriterien für IT-Sicherheit - Teil 2: Sicherheitsfunktionskomponenten (ISO/IEC
DIS 15408-2:2024)
Sécurité de l'information, cybersécurité et protection de la vie privée - Critères
d'évaluation pour la sécurité des technologies de l'information - Partie 2: Composants
fonctionnels de sécurité (ISO/IEC DIS 15408-2:2024)
Ta slovenski standard je istoveten z: prEN ISO/IEC 15408-2
ICS:
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
DRAFT
International
Standard
ISO/IEC
DIS
15408-2
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2024-08-19
Part 2:
Voting terminates on:
2024-11-11
Security functional components
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 2: Composants fonctionnels de sécurité
ICS: 35.030
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Reference number
© ISO/IEC 2024
ISO/IEC DIS 15408-2:2024(en)
DRAFT
ISO/IEC DIS 15408-2:2024(en)
International
Standard
ISO/IEC
DIS
15408-2
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
Part 2:
Voting terminates on:
Security functional components
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 2: Composants fonctionnels de sécurité
ICS: 35.030
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
© ISO/IEC 2024
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
BE CONSIDERED IN THE LIGHT OF THEIR
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
or ISO’s member body in the country of the requester.
NATIONAL REGULATIONS.
ISO copyright office
RECIPIENTS OF THIS DRAFT ARE INVITED
CP 401 • Ch. de Blandonnet 8
TO SUBMIT, WITH THEIR COMMENTS,
CH-1214 Vernier, Geneva
NOTIFICATION OF ANY RELEVANT PATENT
Phone: +41 22 749 01 11
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
© ISO/IEC 2024
ISO/IEC DIS 15408-2:2024(en)
© ISO/IEC 2024 – All rights reserved
ii
ISO/IEC DIS 15408-2:2024(en)
DIS ISO/IEC 15408-2(E)
Contents
Foreword . xxi
Legal notice . xxii
Introduction . xxiii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Overview . 4
5.1 General . 4
5.2 Organization of this document . 4
6 Functional requirements paradigm . 5
7 Security functional components . 9
7.1 Overview . 9
7.2 Functional class structure . 9
7.2.1 General . 9
7.2.2 Class name . 9
7.2.3 Class introduction . 9
7.2.4 Class informative notes . 9
7.2.5 Functional families . 10
7.3 Functional family structure . 10
7.3.1 General . 10
7.3.2 Family name . 10
7.3.3 Family behaviour. 10
7.3.4 Component levelling and description . 10
7.3.5 Component management . 11
7.3.6 Component audit . 11
7.3.7 Family application notes . 11
7.3.8 Family evaluator notes . 12
7.3.9 Functional components . 12
7.4 Functional component structure . 12
7.4.1 General . 12
7.4.2 Component name . 12
7.4.3 Component relationships . 12
7.4.4 Component rationale . 13
7.4.5 Functional elements . 13
7.5 Functional elements . 13
7.6 Component catalogue . 14
7.6.1 Highlighting of component changes . 15
8 Class FAU Security audit . 15
8.1 Introduction . 15
8.2 Notes on class FAU . 17
8.2.1 General information about audit requirements . 17
8.2.2 Audit requirements in a distributed environment . 17
8.3 Security audit automatic response (FAU_ARP) . 18
8.3.1 Family Behaviour . 18
8.3.2 Component levelling and description . 18
© ISO/IEC 2024 – All rights reserved
© ISO/IEC 2024 – All rights reserved
iii
iii
ISO/IEC DIS 15408-2:2024(en)
DIS ISO/IEC 15408-2(E)
8.3.3 Management of FAU_ARP.1 . 18
8.3.4 Audit of FAU_ARP.1 . 18
8.3.5 Application notes. 18
8.3.6 FAU_ARP.1 Security alarms . 19
8.4 Security audit data generation (FAU_GEN) . 19
8.4.1 Family Behaviour . 19
8.4.2 Component levelling and description . 19
8.4.3 Management of FAU_GEN.1, FAU_GEN.2 . 19
8.4.4 Audit of FAU_GEN.1, FAU_GEN.2 . 19
8.4.5 Application notes. 20
8.4.6 Evaluator notes . 21
8.4.7 FAU_GEN.1 Audit data generation . 21
8.4.8 FAU_GEN.2 User identity association . 22
8.5 Security audit analysis (FAU_SAA) . 23
8.5.1 Family Behaviour . 23
8.5.2 Component levelling and description . 23
8.5.3 Management of FAU_SAA.1 . 23
8.5.4 Management of FAU_SAA.2 . 24
8.5.5 Management of FAU_SAA.3 . 24
8.5.6 Management of FAU_SAA.4 . 24
8.5.7 Audit of FAU_SAA.1, FAU_SAA.2, FAU_SAA.3, FAU_SAA.4 .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.