Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements

ISO/IEC 15408-2:2005 defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that will meet the common security functionality requirements of many IT products and systems.

Technologies de l'information — Techniques de sécurité — Critères d'évaluation pour la sécurité TI — Partie 2: Exigences fonctionnelles de sécurité

General Information

Status
Withdrawn
Publication Date
06-Oct-2005
Withdrawal Date
06-Oct-2005
Current Stage
9599 - Withdrawal of International Standard
Completion Date
19-Aug-2008
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 15408-2:2005 - Information technology -- Security techniques -- Evaluation criteria for IT security
English language
227 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 15408-2
Second edition
2005-10-01

Information technology — Security
techniques — Evaluation criteria for IT
security —
Part 2:
Security functional requirements
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 2: Exigences fonctionnelles de sécurité




Reference number
ISO/IEC 15408-2:2005(E)
©
ISO/IEC 2005

---------------------- Page: 1 ----------------------
ISO/IEC 15408-2:2005(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2005 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 15408-2:2005(E)
Contents Page
Foreword .xviii
Introduction.xx
1 Scope.1
2 Normative references.1
3      Terms, definitions, symbols and abbreviated terms.1
4 Overview.1
4.1 Organisation of this part of ISO/IEC 15408.1
5 Functional requirements paradigm.2
6 Security functional components.6
6.1 Overview.6
6.1.1 Class structure.7
6.1.2 Family structure.7
6.1.3 Component structure.9
6.2 Component catalogue.10
6.2.1 Component changes highlighting.11
7 Class FAU: Security audit.11
7.1 Security audit automatic response (FAU_ARP) .12
7.1.1 Family Behaviour.12
7.1.2 Component levelling.12
7.1.3 Management of FAU_ARP.1.12
7.1.4 Audit of FAU_ARP.1.12
7.1.5 FAU_ARP.1 Security alarms.13
7.2 Security audit data generation (FAU_GEN) .13
7.2.1 Family Behaviour.13
7.2.2 Component levelling.13
7.2.3 Management of FAU_GEN.1, FAU_GEN.2.13
7.2.4 Audit of FAU_GEN.1, FAU_GEN.2 .13
7.2.5 FAU_GEN.1 Audit data generation .13
7.2.6 FAU_GEN.2 User identity association.14
7.3 Security audit analysis (FAU_SAA).14
7.3.1 Family Behaviour.14
7.3.2 Component levelling.14
7.3.3 Management of FAU_SAA.1.15
7.3.4 Management of FAU_SAA.2.15
7.3.5 Management of FAU_SAA.3.15
7.3.6 Management of FAU_SAA.4.15
7.3.7 Audit of FAU_SAA.1, FAU_SAA.2, FAU_SAA.3, FAU_SAA.4.15
7.3.8 FAU_SAA.1 Potential violation analysis.15
7.3.9 FAU_SAA.2 Profile based anomaly detection.16
7.3.10 FAU_SAA.3 Simple attack heuristics .16
7.3.11 FAU_SAA.4 Complex attack heuristics.16
7.4 Security audit review (FAU_SAR).17
7.4.1 Family Behaviour.17
7.4.2 Component levelling.17
7.4.3 Management of FAU_SAR.1.17
7.4.4 Management of FAU_SAR.2, FAU_SAR.3.17
7.4.5 Audit of FAU_SAR.1.17
7.4.6 Audit of FAU_SAR.2.18
© ISO/IEC 2005 - All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 15408-2:2005(E)
7.4.7 Audit of FAU_SAR.3. 18
7.4.8 FAU_SAR.1 Audit review. 18
7.4.9 FAU_SAR.2 Restricted audit review . 18
7.4.10 FAU_SAR.3 Selectable audit review . 18
7.5 Security audit event selection (FAU_SEL) . 19
7.5.1 Family Behaviour. 19
7.5.2 Component levelling. 19
7.5.3 Management of FAU_SEL.1 . 19
7.5.4 Audit of FAU_SEL.1. 19
7.5.5 FAU_SEL.1 Selective audit. 19
7.6 Security audit event storage (FAU_STG) . 19
7.6.1 Family Behaviour. 19
7.6.2 Component levelling. 20
7.6.3 Management of FAU_STG.1. 20
7.6.4 Management of FAU_STG.2. 20
7.6.5 Management of FAU_STG.3. 20
7.6.6 Management of FAU_STG.4. 20
7.6.7 Audit of FAU_STG.1, FAU_STG.2. 20
7.6.8 Audit of FAU_STG.3. 20
7.6.9 Audit of FAU_STG.4. 21
7.6.10 FAU_STG.1 Protected audit trail storage . 21
7.6.11 FAU_STG.2 Guarantees of audit data availability . 21
7.6.12 FAU_STG.3 Action in case of possible audit data loss . 21
7.6.13 FAU_STG.4 Prevention of audit data loss. 21
8 Class FCO: Communication . 22
8.1 Non-repudiation of origin (FCO_NRO). 22
8.1.1 Family Behaviour. 22
8.1.2 Component levelling. 22
8.1.3 Management of FCO_NRO.1, FCO_NRO.2. 22
8.1.4 Audit of FCO_NRO.1. 22
8.1.5 Audit of FCO_NRO.2. 23
8.1.6 FCO_NRO.1 Selective proof of origin. 23
8.1.7 FCO_NRO.2 Enforced proof of origin. 23
8.2 Non-repudiation of receipt (FCO_NRR). 24
8.2.1 Family Behaviour. 24
8.2.2 Component levelling. 24
8.2.3 Management of FCO_NRR.1, FCO_NRR.2. 24
8.2.4 Audit of FCO_NRR.1. 24
8.2.5 Audit of FCO_NRR.2. 24
8.2.6 FCO_NRR.1 Selective proof of receipt . 24
8.2.7 FCO_NRR.2 Enforced proof of receipt . 25
9 Class FCS: Cryptographic support. 25
9.1 Cryptographic key management (FCS_CKM). 26
9.1.1 Family Behaviour. 26
9.1.2 Component levelling. 26
9.1.3 Management of FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4 . 27
9.1.4 Audit of FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4 . 27
9.1.5 FCS_CKM.1 Cryptographic key generation . 27
9.1.6 FCS_CKM.2 Cryptographic key distribution. 27
9.1.7 FCS_CKM.3 Cryptographic key access. 27
9.1.8 FCS_CKM.4 Cryptographic key destruction. 28
9.2 Cryptographic operation (FCS_COP). 28
9.2.1 Family Behaviour. 28
9.2.2 Component levelling. 28
9.2.3 Management of FCS_COP.1. 28
9.2.4 Audit of FCS_COP.1. 29
9.2.5 FCS_COP.1 Cryptographic operation. 29
10 Class FDP: User data protection. 29
iv © ISO/IEC 2005 - All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 15408-2:2005(E)
10.1 Access control policy (FDP_ACC).31
10.1.1 Family Behaviour.31
10.1.2 Component levelling.32
10.1.3 Management of FDP_ACC.1, FDP_ACC.2.32
10.1.4 Audit of FDP_ACC.1, FDP_ACC.2.32
10.1.5 FDP_ACC.1 Subset access control.32
10.1.6 FDP_ACC.2 Complete access control.32
10.2 Access control functions (FDP_ACF) .33
10.2.1 Family Behaviour.33
10.2.2 Component levelling.33
10.2.3 Management of FDP_ACF.1.33
10.2.4 Audit of FDP_ACF.1.33
10.2.5 FDP_ACF.1 Security attribute based access control .33
10.3 Data authentication (FDP_DAU).34
10.3.1 Family Behaviour.34
10.3.2 Component levelling.34
10.3.3 Management of FDP_DAU.1, FDP_DAU.2.34
10.3.4 Audit of FDP_DAU.1.34
10.3.5 Audit of FDP_DAU.2.35
10.3.6 FDP_DAU.1 Basic Data Authentication.35
10.3.7 FDP_DAU.2 Data Authentication with Identity of Guarantor .35
10.4 Export to outside TSF control (FDP_ETC).35
10.4.1 Family Behaviour.35
10.4.2 Component levelling.36
10.4.3 Management of FDP_ETC.1.36
10.4.4 Management of FDP_ETC.2.36
10.4.5 Audit of FDP_ETC.1, FDP_ETC.2 .36
10.4.6 FDP_ETC.1 Export of user data without security attributes.36
10.4.7 FDP_ETC.2 Export of user data with security attributes.36
10.5 Information flow control policy (FDP_IFC) .37
10.5.1 Family Behaviour.37
10.5.2 Component levelling.37
10.5.3 Management of FDP_IFC.1, FDP_IFC.2.38
10.5.4 Audit of FDP_IFC.1, FDP_IFC.2.38
10.5.5 FDP_IFC.1 Subset information flow control .38
10.5.6 FDP_IFC.2 Complete information flow control.38
10.6 Information flow control functions (FDP_IFF).38
10.6.1 Family Behaviour.38
10.6.2 Component levelling.38
10.6.3 Management of FDP_IFF.1, FDP_IFF.2.39
10.6.4 Management of FDP_IFF.3, FDP_IFF.4, FDP_IFF.5 .39
10.6.5 Management of FDP_IFF.6.39
10.6.6 Audit of FDP_IFF.1, FDP_IFF.2, FDP_IFF.5.39
10.6.7 Audit of FDP_IFF.3, FDP_IFF.4, FDP_IFF.6.39
10.6.8 FDP_IFF.1 Simple security attributes.40
10.6.9 FDP_IFF.2 Hierarchical security attributes.40
10.6.10 FDP_IFF.3 Limited illicit information flows.41
10.6.11 FDP_IFF.4 Partial elimination of illicit information flows.42
10.6.12 FDP_IFF.5 No illicit information flows.42
10.6.13 FDP_IFF.6 Illicit information flow monitoring.42
10.7 Import from outside TSF control (FDP_ITC).42
10.7.1 Family Behaviour.42
10.7.2 Component levelling.43
10.7.3 Management of FDP_ITC.1, FDP_ITC.2.43
10.7.4 Audit of FDP_ITC.1, FDP_ITC.2.43
10.7.5 FDP_ITC.1 Import of user data without security attributes.43
10.7.6 FDP_ITC.2 Import of user data with security attributes .44
10.8 Internal TOE transfer (FDP_ITT).44
10.8.1 Family Behaviour.44
10.8.2 Component levelling.44
© ISO/IEC 2005 - All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 15408-2:2005(E)
10.8.3 Management of FDP_ITT.1, FDP_ITT.2 . 45
10.8.4 Management of FDP_ITT.3, FDP_ITT.4 . 45
10.8.5 Audit of FDP_ITT.1, FDP_ITT.2. 45
10.8.6 Audit of FDP_ITT.3, FDP_ITT.4. 45
10.8.7 FDP_ITT.1 Basic internal transfer protection . 45
10.8.8 FDP_ITT.2 Transmission separation by attribute. 46
10.8.9 FDP_ITT.3 Integrity monitoring. 46
10.8.10 FDP_ITT.4 Attribute-based integrity monitoring . 46
10.9 Residual information protection (FDP_RIP). 47
10.9.1 Family Behaviour. 47
10.9.2 Component levelling. 47
10.9.3 Management of FDP_RIP.1, FDP_RIP.2. 47
10.9.4 Audit of FDP_RIP.1, FDP_RIP.2. 47
10.9.5 FDP_RIP.1 Subset residual information protection . 47
10.9.6 FDP_RIP.2 Full residual information protection. 48
10.10 Rollback (FDP_ROL). 48
10.10.1 Family Behaviour. 48
10.10.2 Component levelling . 48
10.10.3 Management of FDP_ROL.1, FDP_ROL.2. 48
10.10.4 Audit of FDP_ROL.1, FDP_ROL.2. 48
10.10.5 FDP_ROL.1 Basic rollback. 48
10.10.6 FDP_ROL.2 Advanced rollback. 49
10.11 Stored data integrity (FDP_SDI) . 49
10.11.1 Family Behaviour. 49
10.11.2 Component levelling .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.