Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements

ISO/IEC 15408-3:2005 defines the assurance requirements of ISO/IEC 15408. It includes the evaluation assurance levels (EALs) that define a scale for measuring assurance, the individual assurance components from which the assurance levels are composed, and the criteria for evaluation of protection profiles and security targets.

Technologies de l'information — Techniques de sécurité — Critères d'évaluation pour la sécurité TI — Partie 3: Exigences d'assurance de sécurité

General Information

Status
Withdrawn
Publication Date
06-Oct-2005
Withdrawal Date
06-Oct-2005
Current Stage
9599 - Withdrawal of International Standard
Completion Date
19-Aug-2008
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 15408-3:2005 - Information technology -- Security techniques -- Evaluation criteria for IT security
English language
149 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 15408-3
Second edition
2005-10-01

Information technology — Security
techniques — Evaluation criteria for IT
security —
Part 3:
Security assurance requirements
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 3: Exigences d'assurance de sécurité




Reference number
ISO/IEC 15408-3:2005(E)
©
ISO/IEC 2005

---------------------- Page: 1 ----------------------
ISO/IEC 15408-3:2005(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2005 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 15408-3:2005(E)
Contents Page
Foreword .ix
Introduction.xi
1 Scope.1
2 Normative references.1
3 Terms, definitions, symbols and abbreviated terms.1
4 Overview.1
4.1 Organisation of this part of ISO/IEC 15408.1
5 ISO/IEC 15408 assurance paradigm .2
5.1 ISO/IEC 15408 philosophy.2
5.2 Assurance approach.2
5.2.1 Significance of vulnerabilities.2
5.2.2 Cause of vulnerabilities.3
5.2.3 ISO/IEC 15408 assurance.3
5.2.4 Assurance through evaluation.3
5.3 ISO/IEC 15408 evaluation assurance scale .3
6 Security assurance requirements.4
6.1 Structures.4
6.1.1 Class structure.4
6.1.2 Assurance family structure.5
6.1.3 Assurance component structure.6
6.1.4 Assurance elements.8
6.1.5 EAL structure.8
6.2 Component taxonomy.10
6.3 Protection Profile and Security Target evaluation criteria class structure.11
6.4 Usage of terms in this part of ISO/IEC 15408 .11
6.5 Assurance categorisation.13
6.6 Assurance class and family overview.13
6.6.1 Class ACM:Configuration management.13
6.6.2 Class ADO:Delivery and operation.14
6.6.3 Class ADV:Development.14
6.6.4 Class AGD:Guidance documents.15
6.6.5 Class ALC:Life cycle support .15
6.6.6 Class APE:Protection Profile evaluation .16
6.6.7 Class ASE:Security Target evaluation .16
6.6.8 Class ATE:Tests.16
6.6.9 Class AVA:Vulnerability assessment.17
7 Protection Profile and Security Target evaluation criteria.17
7.1 Overview.17
7.2 Protection Profile criteria overview.18
7.2.1 Protection Profile evaluation.18
7.2.2 Relation to the Security Target evaluation criteria .18
7.2.3 Evaluator tasks.18
7.3 Security Target criteria overview.19
7.3.1 Security Target evaluation.19
7.3.2 Relation to the other evaluation criteria in this part of ISO/IEC 15408 .19
7.3.3 Evaluator tasks.19
8 Class APE: Protection Profile evaluation .20
8.1 TOE description (APE_DES).20
© ISO/IEC 2005 - All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 15408-3:2005(E)
8.1.1 Objectives. 20
8.1.2 APE_DES.1 Protection Profile, TOE description, Evaluation requirements. 21
8.2 Security environment (APE_ENV). 21
8.2.1 Objectives. 21
8.2.2 APE_ENV.1 Protection Profile, Security environment, Evaluation requirements. 21
8.3 PP introduction (APE_INT). 22
8.3.1 Objectives. 22
8.3.2 APE_INT.1 Protection Profile, PP introduction, Evaluation requirements . 22
8.4 Security objectives (APE_OBJ). 23
8.4.1 Objectives. 23
8.4.2 APE_OBJ.1 Protection Profile, Security objectives, Evaluation requirements. 23
8.5 IT security requirements (APE_REQ) . 24
8.5.1 Objectives. 24
8.5.2 Application notes. 24
8.5.3 APE_REQ.1 Protection Profile, IT security requirements, Evaluation requirements . 25
8.6 Explicitly stated IT security requirements (APE_SRE) . 26
8.6.1 Objectives. 26
8.6.2 Application notes. 26
8.6.3 APE_SRE.1 Protection Profile, Explicitly stated IT security requirements, Evaluation
requirements . 27
9 Class ASE: Security Target evaluation . 28
9.1 TOE description (ASE_DES). 29
9.1.1 Objectives. 29
9.1.2 ASE_DES.1 Security Target, TOE description, Evaluation requirements. 29
9.2 Security environment (ASE_ENV). 29
9.2.1 Objectives. 29
9.2.2 ASE_ENV.1 Security Target, Security environment, Evaluation requirements . 30
9.3 ST introduction (ASE_INT). 30
9.3.1 Objectives. 30
9.3.2 ASE_INT.1 Security Target, ST introduction, Evaluation requirements . 30
9.4 Security objectives (ASE_OBJ). 31
9.4.1 Objectives. 31
9.4.2 ASE_OBJ.1 Security Target, Security objectives, Evaluation requirements . 31
9.5 PP claims (ASE_PPC). 32
9.5.1 Objectives. 32
9.5.2 Application notes. 32
9.5.3 ASE_PPC.1 Security Target, PP claims, Evaluation requirements . 33
9.6 IT security requirements (ASE_REQ) . 33
9.6.1 Objectives. 33
9.6.2 Application notes. 34
9.6.3 ASE_REQ.1 Security Target, IT security requirements, Evaluation requirements. 34
9.7 Explicitly stated IT security requirements (ASE_SRE) . 35
9.7.1 Objectives. 35
9.7.2 Application notes. 36
9.7.3 ASE_SRE.1 Security Target, Explicitly stated IT security requirements, Evaluation
requirements . 36
9.8 TOE summary specification (ASE_TSS) . 37
9.8.1 Objectives. 37
9.8.2 Application notes. 37
9.8.3 ASE_TSS.1 Security Target, TOE summary specification, Evaluation requirements . 38
10 Evaluation assurance levels. 39
10.1 Evaluation assurance level (EAL) overview. 39
10.2 Evaluation assurance level details . 40
10.3 Evaluation assurance level 1 (EAL1) - functionally tested. 40
10.3.1 Objectives. 40
10.3.2 Assurance components. 41
10.4 Evaluation assurance level 2 (EAL2) - structurally tested . 41
10.4.1 Objectives. 41
10.4.2 Assurance components. 41
iv © ISO/IEC 2005 - All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 15408-3:2005(E)
10.5 Evaluation assurance level 3 (EAL3) - methodically tested and checked.42
10.5.1 Objectives.42
10.5.2 Assurance components.42
10.6 Evaluation assurance level 4 (EAL4) - methodically designed, tested, and reviewed.43
10.6.1 Objectives.43
10.6.2 Assurance components.43
10.7 Evaluation assurance level 5 (EAL5) - semiformally designed and tested .44
10.7.1 Objectives.44
10.7.2 Assurance components.44
10.8 Evaluation assurance level 6 (EAL6) - semiformally verified design and tested.45
10.8.1 Objectives.45
10.8.2 Assurance components.45
10.9 Evaluation assurance level 7 (EAL7) - formally verified design and tested.46
10.9.1 Objectives.46
10.9.2 Assurance components.46
11 Assurance classes, families, and components.47
12 Class ACM: Configuration management.47
12.1 CM automation (ACM_AUT).48
12.1.1 Objectives.48
12.1.2 Component levelling.48
12.1.3 Application notes.48
12.1.4 ACM_AUT.1 Partial CM automation.48
12.1.5 ACM_AUT.2 Complete CM automation .49
12.2 CM capabilities (ACM_CAP).50
12.2.1 Objectives.50
12.2.2 Component levelling.51
12.2.3 Application notes.51
12.2.4 ACM_CAP.1 Version numbers.51
12.2.5 ACM_CAP.2 Configuration items.52
12.2.6 ACM_CAP.3 Authorisation controls.53
12.2.7 ACM_CAP.4 Generation support and acceptance procedures .54
12.2.8 ACM_CAP.5 Advanced support.56
12.3 CM scope (ACM_SCP).59
12.3.1 Objectives.59
12.3.2 Component levelling.59
12.3.3 Application notes.59
12.3.4 ACM_SCP.1 TOE CM coverage .59
12.3.5 ACM_SCP.2 Problem tracking CM coverage.60
12.3.6 ACM_SCP.3 Development tools CM coverage .60
13 Class ADO: Delivery and operation.61
13.1 Delivery (ADO_DEL).61
13.1.1 Objectives.61
13.1.2 Component levelling.62
13.1.3 Application notes.62
13.1.4 ADO_DEL.1 Delivery procedures.62
13.1.5 ADO_DEL.2 Detection of modification.62
13.1.6 ADO_DEL.3 Prevention of modification.63
13.2 Installation, generation and start-up (ADO_IGS) .64
13.2.1 Objectives.64
13.2.2 Component levelling.64
13.2.3 Application notes.64
13.2.4 ADO_IGS.1 Installation, generation, and start-up procedures .64
13.2.5 ADO_IGS.2 Generation log.65
14 Class ADV: Development.66
14.1 Functional specification (ADV_FSP).70
14.1.1 Objectives.70
14.1.2 Component levelling.70
14.1.3 Application notes.70
© ISO/IEC 2005 - All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 15408-3:2005(E)
14.1.4 ADV_FSP.1 Informal functional specification. 71
14.1.5 ADV_FSP.2 Fully defined external interfaces. 71
14.1.6 ADV_FSP.3 Semiformal functional specification.72
14.1.7 ADV_FSP.4 Formal functional specification. 73
14.2 High-level design (ADV_HLD). 74
14.2.1 Objectives. 74
14.2.2 Component levelling. 74
14.2.3 Application notes. 74
14.2.4 ADV_HLD.1 Descriptive high-level design. 75
14.2.5 ADV_HLD.2 Security enforcing high-level design.76
14.2.6 ADV_HLD.3 Semiformal high-level design. 77
14.2.7 ADV_HLD.4 Semiformal high-level explanation .78
14.2.8 ADV_HLD.5 Formal high-level design . 79
14.3 Implementation representation (ADV_IMP). 81
14.3.1 Objectives. 81
14.3.2 Component levelling. 81
14.3.3 Application notes. 81
14.3.4 ADV_IMP.1 Subset of the implementation of the TSF. 81
14.3.5 ADV_IMP.2 Implementation of the TSF . 82
14.3.6 ADV_IMP.3 Structured implementation of the TSF . 83
14.4 TSF internals (ADV_INT). 84
14.4.1 Objectives. 84
14.4.2 Component levelling. 84
14.4.3 Application notes. 84
14.4.4 ADV_INT.1 Modularity. 85
14.4.5 ADV_INT.2 Reduction of complexity. 86
14.4.6 ADV_INT.3 Minimisation of complexity .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.