iTeh Standards logo
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 15408-3:2008

(Main)

Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components

Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components

ISO/IEC 15408-3:2008 defines the assurance requirements of the evaluation criteria. It includes the evaluation assurance levels that define a scale for measuring assurance for component targets of evaluation (TOEs), the composed assurance packages that define a scale for measuring assurance for composed TOEs, the individual assurance components from which the assurance levels and packages are composed, and the criteria for evaluation of protection profiles and security targets. ISO/IEC 15408-3:2008 defines the content and presentation of the assurance requirements in the form of assurance classes, families and components and provides guidance on the organization of new assurance requirements. The assurance components within the assurance families are presented in a hierarchical order.

Technologies de l'information — Techniques de sécurité — Critères d'évaluation pour la sécurité TI — Partie 3: Composants d'assurance de sécurité

La présente partie de l'ISO/IEC 15408 définit les exigences d'assurance de l'ISO/IEC 15408. Elle comprend les niveaux d'assurance de l'évaluation (Évaluation Assurance Level, EAL) qui définissent une échelle pour mesurer l'assurance pour les cibles d'évaluation (Targets of Évaluation, TOE) des composants, les paquets d'assurance composés (Composed Assurance Packages, CAP) qui définissent une échelle pour mesurer l'assurance des TOE composées, les composants individuels d'assurance à partir desquels sont composés les niveaux et les paquets d'assurance, et les critères pour l'évaluation des profils de protection (Protection Profiles, PP) et des cibles de sécurité (Security Targets, ST).

General Information

Status
Withdrawn
Publication Date
18-Aug-2008
ICS
35.030 - IT Security
35.040 - Information coding
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27/WG 3 - Security evaluation, testing and specification
Current Stage
9599 - Withdrawal of International Standard
Start Date
09-Aug-2022
Completion Date
30-Oct-2025
Ref Project

Relations

Revised
ISO/IEC 15408-3:2022 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components
Effective Date
17-Dec-2016
Revises
ISO/IEC 15408-3:2005 - Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements
Effective Date
15-Apr-2008
ISO/IEC 15408-3:2008 - Information technology -- Security techniques -- Evaluation criteria for IT securityISO/IEC 15408-3:2008 - Information technology -- Security techniques -- Evaluation criteria for IT security
PreviousNext
Standard
ISO/IEC 15408-3:2008 - Information technology -- Security techniques -- Evaluation criteria for IT security
English language
174 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 15408-3:2008 - Information technology -- Security techniques -- Evaluation criteria for IT securityISO/IEC 15408-3:2008 - Information technology -- Security techniques -- Evaluation criteria for IT security
PreviousNext
Standard
ISO/IEC 15408-3:2008 - Information technology -- Security techniques -- Evaluation criteria for IT security
English language
174 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 15408-3:2008 - Technologies de l'information -- Techniques de sécurité -- Critères d'évaluation pour la sécurité TIISO/IEC 15408-3:2008 - Technologies de l'information -- Techniques de sécurité -- Critères d'évaluation pour la sécurité TI
PreviousNext
Standard
ISO/IEC 15408-3:2008 - Technologies de l'information -- Techniques de sécurité -- Critères d'évaluation pour la sécurité TI
French language
189 pages
sale 15% off
Preview
sale 15% off
Preview

Frequently Asked Questions

ISO/IEC 15408-3:2008 is a standard published by the International Organization for Standardization (ISO). Its full title is "Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components". This standard covers: ISO/IEC 15408-3:2008 defines the assurance requirements of the evaluation criteria. It includes the evaluation assurance levels that define a scale for measuring assurance for component targets of evaluation (TOEs), the composed assurance packages that define a scale for measuring assurance for composed TOEs, the individual assurance components from which the assurance levels and packages are composed, and the criteria for evaluation of protection profiles and security targets. ISO/IEC 15408-3:2008 defines the content and presentation of the assurance requirements in the form of assurance classes, families and components and provides guidance on the organization of new assurance requirements. The assurance components within the assurance families are presented in a hierarchical order.

ISO/IEC 15408-3:2008 defines the assurance requirements of the evaluation criteria. It includes the evaluation assurance levels that define a scale for measuring assurance for component targets of evaluation (TOEs), the composed assurance packages that define a scale for measuring assurance for composed TOEs, the individual assurance components from which the assurance levels and packages are composed, and the criteria for evaluation of protection profiles and security targets. ISO/IEC 15408-3:2008 defines the content and presentation of the assurance requirements in the form of assurance classes, families and components and provides guidance on the organization of new assurance requirements. The assurance components within the assurance families are presented in a hierarchical order.

ISO/IEC 15408-3:2008 is classified under the following ICS (International Classification for Standards) categories: 35.030 - IT Security; 35.040 - Information coding. The ICS classification helps identify the subject area and facilitates finding related standards.

ISO/IEC 15408-3:2008 has the following relationships with other standards: It is inter standard links to ISO/IEC 15408-3:2022, ISO/IEC 15408-3:2005. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

You can purchase ISO/IEC 15408-3:2008 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of ISO standards.

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 15408-3
Third edition
2008-08-15
Information technology — Security
techniques — Evaluation criteria for IT
security —
Part 3:
Security assurance components
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 3: Composants d'assurance de sécurité

Reference number
©
ISO/IEC 2008
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2008 – All rights reserved

Contents Page
1 Scope . 1

2 Normative references . 1

3 Terms and definitions, symbols and abbreviated terms . 1

4 Overview . 1
4.1 Organisation of this part of ISO/IEC 15408 . 1

5 Assurance paradigm . 2
5.1 ISO/IEC 15408 philosophy . 2

5.2 Assurance approach . 2
5.2.1 Significance of vulnerabilities . 2

5.2.2 Cause of vulnerabilities . 3
5.2.3 ISO/IEC 15408 assurance. 3

5.2.4 Assurance through evaluation . 3
5.3 ISO/IEC 15408 evaluation assurance scale. 3

6 Security assurance components . 4
6.1 Security assurance classes, families and components structure . 4

6.1.1 Assurance class structure. 4
6.1.2 Assurance family structure . 5

6.1.3 Assurance component structure . 6
6.1.4 Assurance elements . 8

6.1.5 Component taxonomy . 8
6.2 EAL structure . 8

6.2.1 EAL name . 9
6.2.2 Objectives . 9

6.2.3 Application notes . 9
6.2.4 Assurance components . 9

6.2.5 Relationship between assurances and assurance levels . 10
6.3 CAP structure . 10

6.3.1 CAP name . 11
6.3.2 Objectives . 11

6.3.3 Application notes . 11
6.3.4 Assurance components . 11

6.3.5 Relationship between assurances and assurance levels . 12

7 Evaluation assurance levels . 12
7.1 Evaluation assurance level (EAL) overview . 13
7.2 Evaluation assurance level details . 14
7.3 Evaluation assurance level 1 (EAL1) - functionally tested . 14
7.3.1 Objectives . 14
7.3.2 Assurance components . 15
7.4 Evaluation assurance level 2 (EAL2) - structurally tested . 15

7.4.1 Objectives . 15
7.4.2 Assurance components . 15

7.5 Evaluation assurance level 3 (EAL3) - methodically tested and checked . 16
7.5.1 Objectives . 16

7.5.2 Assurance components . 16
7.6 Evaluation assurance level 4 (EAL4) - methodically designed, tested, and reviewed . 17

7.6.1 Objectives . 17
7.6.2 Assurance components . 17

7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and tested . 18
7.7.1 Objectives . 18

7.7.2 Assurance components . 18
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified design and tested. 19

© ISO/IEC 2008 – All rights reserved iii

7.8.1 Objectives . 19
7.8.2 Assurance components . 19
7.9 Evaluation assurance level 7 (EAL7) - formally verified design and tested . 20

7.9.1 Objectives . 20
7.9.2 Assurance components . 20

8 Composed assurance packages . 21

8.1 Composed assurance package (CAP) overview . 22
8.2 Composed assurance package details . 23

8.3 Composition assurance level A (CAP-A) - Structurally composed . 23
8.3.1 Objectives . 23

8.3.2 Assurance components . 23
8.4 Composition assurance level B (CAP-B) - Methodically composed . 24

8.4.1 Objectives . 24
8.4.2 Assurance components . 24

8.5 Composition assurance level C (CAP-C) - Methodically composed, tested and reviewed . 25
8.5.1 Objectives . 25

8.5.2 Assurance components . 25
9 Class APE: Protection Profile evaluation . 26

9.1 PP introduction (APE_INT) . 27
9.1.1 Objectives . 27

9.1.2 APE_INT.1 PP introduction . 27
9.2 Conformance claims (APE_CCL) . 27

9.2.1 Objectives . 27
9.2.2 APE_CCL.1 Conformance claims. 27

9.3 Security problem definition (APE_SPD) . 29
9.3.1 Objectives . 29

9.3.2 APE_SPD.1 Security problem definition . 29
9.4 Security objectives (APE_OBJ) . 30

9.4.1 Objectives . 30
9.4.2 Component levelling . 30

9.4.3 APE_OBJ.1 Security objectives for the operational environment . 30
9.4.4 APE_OBJ.2 Security objectives . 30

9.5 Extended components definition (APE_ECD) . 31
9.5.1 Objectives . 31

9.5.2 APE_ECD.1 Extended components definition . 32
9.6 Security requirements (APE_REQ) . 32

9.6.1 Objectives . 32
9.6.2 Component levelling . 33

9.6.3 APE_REQ.1 Stated security requirements . 33
9.6.4 APE_REQ.2 Derived security requirements . 34

10 Class ASE: Security Target evaluation. 35
10.1 ST introduction (ASE_INT) . 35

10.1.1 Objectives . 35
10.1.2 ASE_INT.1 ST introduction . 35

10.2 Conformance claims (ASE_CCL) . 36
10.2.1 Objectives . 36

10.2.2 ASE_CCL.1 Conformance claims. 37
10.3 Security problem definition (ASE_SPD) . 38

10.3.1 Objectives . 38
10.3.2 ASE_SPD.1 Security problem definition . 38

10.4 Security objectives (ASE_OBJ) . 39
10.4.1 Objectives . 39

10.4.2 Component levelling . 39
10.4.3 ASE_OBJ.1 Security objectives for the operational environment . 39

10.4.4 ASE_OBJ.2 Security objectives . 39
10.5 Extended components definition (ASE_ECD) . 40

10.5.1 Objectives . 40
10.5.2 ASE_ECD.1 Extended components definition . 40

iv © ISO/IEC 2008 – All rights reserved

10.6 Security requirements (ASE_REQ) . 41
10.6.1 Objectives . 41
10.6.2 Component levelling . 42

10.6.3 ASE_REQ.1 Stated security requirements . 42
10.6.4 ASE_REQ.2 Derived security requirements . 42

10.7 TOE summary specification (ASE_TSS) . 44
10.7.1 Objectives . 44

10.7.2 Component levelling . 44
10.7.3 ASE_TSS.1 TOE summary specification . 44

10.7.4 ASE_TSS.2 TOE summary specification with architectural design summary . 44

11 Class ADV: Development. 45
11.1 Security Architecture (ADV_ARC) . 50

11.1.1 Objectives . 50
11.1.2 Component levelling . 50

11.1.3 Application notes . 50
11.1.4 ADV_ARC.1 Security architecture description . 51

11.2 Functional specification (ADV_FSP) . 52
11.2.1 Objectives . 52

11.2.2 Component levelling . 52
11.2.3 Application notes . 52

11.2.4 ADV_FSP.1 Basic functional specification . 54
11.2.5 ADV_FSP.2 Security-enforcing functional specification . 55
11 .2.6 ADV_FSP.3 Functional specification with complete summary . 56
11.2.7 ADV_FSP.4 Complete functional specification . 57
11 .2.8 ADV_FSP.5 Complete semi-formal functional specification with additional error
information . 58
11.2.9 ADV_FSP.6 Complete semi-formal functional specification with additional formal

specification . 59
11.3 Implementation representation (ADV_IMP) . 61

11.3.1 Objectives . 61
11.3.2 Component levelling . 61

11.3.3 Application notes . 61
11.3.4 ADV_IMP.1 Implementation representation of the TSF . 62

11.3.5 ADV_IMP.2 Complete mapping of the implementation representation of the TSF . 62
11.4 TSF internals (ADV_INT) . 63

11.4.1 Objectives . 63
11.4.2 Component levelling . 63

11.4.3 Application notes . 63
11.4.4 ADV_INT.1 Well-structured subset of TSF internals . 64

11.4.5 ADV_INT.2 Well-structured internals . 65
11.4.6 ADV_INT.3 Minimally complex internals . 66

11.5 Security policy modelling (ADV_SPM) . 67
11.5.1 Objectives . 67

11.5.2 Component levelling . 67
11.5.3 Application notes . 67

11.5.4 ADV_SPM.1 Formal TOE security policy model . 68
11.6 TOE design (ADV_TDS) . 69

11.6.1 Objectives . 69
11.6.2 Component levelling . 69

11.6.3 Application notes . 69
11.6.4 ADV_TDS.1 Basic design. 70

11.6.5 ADV_TDS.2 Architectural design . 71
11.6.6 ADV_TDS.3 Basic modular design . 72

11.6.7 ADV_TDS.4 Semiformal modular design . 74
11.6.8 ADV_TDS.5 Complete semiformal modular design . 75

11.6.9 ADV_TDS.6 Complete semiformal modular design with formal high-level design
presentation . 76

12 Class AGD: Guidance documents . 78
12.1 Operational user guidance (AGD_OPE) . 78

© ISO/IEC 2008 – All rights reserved v

12.1.1 Objectives . 78
12.1.2 Component levelling . 78
12.1.3 Application notes . 79

12.1.4 AGD_OPE.1 Operational user guidance . 79
12.2 Preparative procedures (AGD_PRE) . 80

12.2.1 Objectives . 80
12.2.2 Component levelling . 80

12.2.3 Application notes . 80
12.2.4 AGD_PRE.1 Preparative procedures . 81

13 Class ALC: Life-cycle support . 81

13.1 CM capabilities (ALC_CMC) . 82
13.1.1 Objectives . 82

13.1.2 Component levelling . 82
13.1.3 Application notes . 83

13.1.4 ALC_CMC.1 Labelling of the TOE . 83
13.1.5 ALC_CMC.2 Use of a CM system . 84

13.1.6 ALC_CMC.3 Authorisation controls. 85
13.1.7 ALC_CMC.4 Production support, acceptance procedures and automation . 86

13.1.8 ALC_CMC.5 Advanced support . 88
13.2 CM scope (ALC_CMS) . 90

13.2.1 Objectives . 90
13.2.2 Component levelling . 91
13.2.3 Application notes . 91
13.2.4 ALC_CMS.1 TOE CM coverage . 91
13.2.5 ALC_CMS.2 Parts of the TOE CM coverage . 91
13.2.6 ALC_CMS.3 Implementation representation CM coverage . 92
13.2.7 ALC_CMS.4 Problem tracking CM coverage . 93

13.2.8 ALC_CMS.5 Development tools CM coverage . 94
13.3 Delivery (ALC_DEL) . 95

13.3.1 Objectives . 95
13.3.2 Component levelling . 95

13.3.3 Application notes . 95
13.3.4 ALC_DEL.1 Delivery procedures . 96

13.4 Development security (ALC_DVS) . 96
13.4.1 Objectives . 96

13.4.2 Component levelling . 96
13.4.3 Application notes . 96

13.4.4 ALC_DVS.1 Identification of security measures . 97
13.4.5 ALC_DVS.2 Sufficiency of security measures . 97

13.5 Flaw remediation (ALC_FLR) . 98
13.5.1 Objectives . 98

13.5.2 Component levelling . 98
13.5.3 Application notes . 98

13.5.4 ALC_FLR.1 Basic flaw remediation . 98
13.5.5 ALC_FLR.2 Flaw reporting procedures . 99

13.5.6 ALC_FLR.3 Systematic flaw remediation . 100
13.6 Life-cycle definition (ALC_LCD) . 102

13.6.1 Objectives . 102
13.6.2 Component levelling . 102

13.6.3 Application notes . 102
13.6.4 ALC_LCD.1 Developer defined life-cycle model . 103

13.6.5 ALC_LCD.2 Measurable life-cycle model . 104
13.7 Tools and techniques (ALC_TAT) . 104

13.7.1 Objectives . 104
13.7.2 Component levelling . 105

13.7.3 Application notes . 105
13.7.4 ALC_TAT.1 Well-defined development tools . 105

13.7.5 ALC_TAT.2 Compliance with implementation standards . 106
13.7.6 ALC_TAT.3 Compliance with implementation standards - all parts . 106

vi © ISO/IEC 2008 – All rights reserved

14 Class ATE: Tests . 107
14.1 Coverage (ATE_COV) . 108
14.1.1 Objectives . 108

14.1.2 Component levelling . 108
14.1.3 Application notes . 108

14.1.4 ATE_COV.1 Evidence of coverage . 108
14.1.5 ATE_COV.2 Analysis of coverage . 109

14.1.6 ATE_COV.3 Rigorous analysis of coverage . 109
14.2 Depth (ATE_DPT) . 110

14.2.1 Objectives . 110
14.2.2 Component levelling . 111

14.2.3 Application notes . 111
14.2.4 ATE_DPT.1 Testing: basic design . 111

14.2.5 ATE_DPT.2 Testing: security enforcing modules . 112
14.2.6 ATE_DPT.3 Testing: modular design . 112

14.2.7 ATE_DPT.4 Testing: implementation representation . 113
14.3 Functional tests (ATE_FUN) . 114

14.3.1 Objectives . 114
14.3.2 Component levelling . 114

14.3.3 Application notes . 114
14.3.4 ATE_FUN.1 Functional testing . 115

14.3.5 ATE_FUN.2 Ordered functional testing . 115
14.4 Independent testing (ATE_IND) . 116

14.4.1 Objectives . 116
14.4.2 Component levelling . 116

14.4.3 Application notes . 117
14.4.4 ATE_IND.1 Independent testing - conformance . 117

14.4.5 ATE_IND.2 Independent testing - sample . 118
14.4.6 ATE_IND.3 Independent testing - complete . 119

15 Class AVA: Vulnerability assessment . 120
15.1 Application notes . 120

15.2 Vulnerability analysis (AVA_VAN) . 121
15.2.1 Objectives . 121

15.2.2 Component levelling . 121
15.2.3 AVA_VAN.1 Vulnerability survey . 121

15.2.4 AVA_VAN.2 Vulnerability analysis . 122
15.2.5 AVA_VAN.3 Focused vulnerability analysis . 123

15.2.6 AVA_VAN.4 Methodical vulnerability analysis . 124
15.2.7 AVA_VAN.5 Advanced methodical vulnerability analysis . 125

16 Class ACO: Composition . 126

16.1 Composition rationale (ACO_COR) . 128
16.1.1 Objectives . 128

16.1.2 Component levelling . 128
16.1.3 ACO_COR.1 Composition rationale . 128

16.2 Development evidence (ACO_DEV) . 129
16.2.1 Objectives . 129
16 .2.2 Component levelling . 129
16.2.3 Application notes . 129
16 .2.4 ACO_DEV.1 Functional Description . 130
16.2.5 ACO_DEV.2 Basic evidence of design . 130
16.2.6 ACO_DEV.3 Detailed evidence of design. 131

16.3 Reliance of dependent component (ACO_REL) . 132
16.3.1 Objectives . 132

16.3.2 Component levelling . 132
16.3.3 Application notes . 133

16.3.4 ACO_REL.1 Basic reliance information . 133
16.3.5 ACO_REL.2 Reliance information . 133

16.4 Composed TOE testing (ACO_CTT) . 134
16.4.1 Objectives . 134

© ISO/IEC 2008 – All rights reserved vii

16.4.2 Component levelling . 134
16.4.3 Application notes .
...


INTERNATIONAL ISO/IEC
STANDARD 15408-3
Third edition
2008-08-15
Corrected version
2011-06-01
Information technology Security
techniques — Evaluation criteria for IT
security —
Part 3:
Security assurance components
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 3: Composants d'assurance de sécurité

Reference number
©
ISO/IEC 2008
©  ISO/IEC 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2008 – All rights reserved

Contents Page
Foreword .ix
Introduction.xi
1 Scope.1
2 Normative references.1
3 Terms and definitions, symbols and abbreviated terms.1
4 Overview.1
4.1 Organisation of this part of ISO/IEC 15408.1
5 Assurance paradigm.2
5.1 ISO/IEC 15408 philosophy .2
5.2 Assurance approach.2
5.2.1 Significance of vulnerabilities.2
5.2.2 Cause of vulnerabilities .3
5.2.3 ISO/IEC 15408 assurance.3
5.2.4 Assurance through evaluation.3
5.3 ISO/IEC 15408 evaluation assurance scale.3
6 Security assurance components .4
6.1 Security assurance classes, families and components structure .4
6.1.1 Assurance class structure.4
6.1.2 Assurance family structure .5
6.1.3 Assurance component structure .6
6.1.4 Assurance elements.8
6.1.5 Component taxonomy.8
6.2 EAL structure.9
6.2.1 EAL name.9
6.2.2 Objectives.9
6.2.3 Application notes .9
6.2.4 Assurance components.10
6.2.5 Relationship between assurances and assurance levels .10
6.3 CAP structure.11
6.3.1 CAP name.11
6.3.2 Objectives.11
6.3.3 Application notes .11
6.3.4 Assurance components.12
6.3.5 Relationship between assurances and assurance levels .13
7 Evaluation assurance levels .13
7.1 Evaluation assurance level (EAL) overview .14
7.2 Evaluation assurance level details .15
7.3 Evaluation assurance level 1 (EAL1) - functionally tested.15
7.3.1 Objectives.15
7.3.2 Assurance components.16
7.4 Evaluation assurance level 2 (EAL2) - structurally tested .16
7.4.1 Objectives.16
7.4.2 Assurance components.16
7.5 Evaluation assurance level 3 (EAL3) - methodically tested and checked.17
7.5.1 Objectives.17
7.5.2 Assurance components.17
7.6 Evaluation assurance level 4 (EAL4) - methodically designed, tested, and reviewed.18
7.6.1 Objectives.18
7.6.2 Assurance components.18
© ISO/IEC 2008 – All rights reserved iii

7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and tested .19
7.7.1 Objectives.19
7.7.2 Assurance components .19
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified design and tested.20
7.8.1 Objectives.20
7.8.2 Assurance components .20
7.9 Evaluation assurance level 7 (EAL7) - formally verified design and tested .21
7.9.1 Objectives.21
7.9.2 Assurance components .22
8 Composed assurance packages.23
8.1 Composed assurance package (CAP) overview .23
8.2 Composed assurance package details .24
8.3 Composition assurance level A (CAP-A) - Structurally composed .24
8.3.1 Objectives.24
8.3.2 Assurance components .24
8.4 Composition assurance level B (CAP-B) - Methodically composed .25
8.4.1 Objectives.25
8.4.2 Assurance components .25
8.5 Composition assurance level C (CAP-C) - Methodically composed, tested and reviewed .26
8.5.1 Objectives.26
8.5.2 Assurance components .26
9 Class APE: Protection Profile evaluation.27
9.1 PP introduction (APE_INT) .28
9.1.1 Objectives.28
9.1.2 APE_INT.1 PP introduction.28
9.2 Conformance claims (APE_CCL).29
9.2.1 Objectives.29
9.2.2 APE_CCL.1 Conformance claims.29
9.3 Security problem definition (APE_SPD).31
9.3.1 Objectives.31
9.3.2 APE_SPD.1 Security problem definition .31
9.4 Security objectives (APE_OBJ).31
9.4.1 Objectives.31
9.4.2 Component levelling .32
9.4.3 APE_OBJ.1 Security objectives for the operational environment.32
9.4.4 APE_OBJ.2 Security objectives .32
9.5 Extended components definition (APE_ECD) .33
9.5.1 Objectives.33
9.5.2 APE_ECD.1 Extended components definition.33
9.6 Security requirements (APE_REQ) .34
9.6.1 Objectives.34
9.6.2 Component levelling .34
9.6.3 APE_REQ.1 Stated security requirements.34
9.6.4 APE_REQ.2 Derived security requirements.35
10 Class ASE: Security Target evaluation.36
10.1 ST introduction (ASE_INT).37
10.1.1 Objectives.37
10.1.2 ASE_INT.1 ST introduction .37
10.2 Conformance claims (ASE_CCL).38
10.2.1 Objectives.38
10.2.2 ASE_CCL.1 Conformance claims.38
10.3 Security problem definition (ASE_SPD).40
10.3.1 Objectives.40
10.3.2 ASE_SPD.1 Security problem definition .40
10.4 Security objectives (ASE_OBJ).41
10.4.1 Objectives.41
10.4.2 Component levelling .41
10.4.3 ASE_OBJ.1 Security objectives for the operational environment.41
iv © ISO/IEC 2008 – All rights reserved

10.4.4 ASE_OBJ.2 Security objectives.41
10.5 Extended components definition (ASE_ECD) .42
10.5.1 Objectives.42
10.5.2 ASE_ECD.1 Extended components definition.42
10.6 Security requirements (ASE_REQ).43
10.6.1 Objectives.43
10.6.2 Component levelling .43
10.6.3 ASE_REQ.1 Stated security requirements.44
10.6.4 ASE_REQ.2 Derived security requirements .44
10.7 TOE summary specification (ASE_TSS) .46
10.7.1 Objectives.46
10.7.2 Component levelling .46
10.7.3 ASE_TSS.1 TOE summary specification.46
10.7.4 ASE_TSS.2 TOE summary specification with architectural design summary.47
11 Class ADV: Development.48
11.1 Security Architecture (ADV_ARC).52
11.1.1 Objectives.52
11.1.2 Component levelling .52
11.1.3 Application notes .52
11.1.4 ADV_ARC.1 Security architecture description.53
11.2 Functional specification (ADV_FSP) .54
11.2.1 Objectives.54
11.2.2 Component levelling .54
11.2.3 Application notes .54
11.2.4 ADV_FSP.1 Basic functional specification.56
11.2.5 ADV_FSP.2 Security-enforcing functional specification.57
11.2.6 ADV_FSP.3 Functional specification with complete summary .58
11.2.7 ADV_FSP.4 Complete functional specification .59
11.2.8 ADV_FSP.5 Complete semi-formal functional specification with additional error
information.60
11.2.9 ADV_FSP.6 Complete semi-formal functional specification with additional formal
specification.61
11.3 Implementation representation (ADV_IMP) .63
11.3.1 Objectives.63
11.3.2 Component levelling .63
11.3.3 Application notes .63
11.3.4 ADV_IMP.1 Implementation representation of the TSF.64
11.3.5 ADV_IMP.2 Complete mapping of the implementation representation of the TSF.64
11.4 TSF internals (ADV_INT).65
11.4.1 Objectives.65
11.4.2 Component levelling .65
11.4.3 Application notes .65
11.4.4 ADV_INT.1 Well-structured subset of TSF internals.66
11.4.5 ADV_INT.2 Well-structured internals.67
11.4.6 ADV_INT.3 Minimally complex internals .68
11.5 Security policy modelling (ADV_SPM).69
11.5.1 Objectives.69
11.5.2 Component levelling .69
11.5.3 Application notes .69
11.5.4 ADV_SPM.1 Formal TOE security policy model.70
11.6 TOE design (ADV_TDS) .71
11.6.1 Objectives.71
11.6.2 Component levelling .71
11.6.3 Application notes .71
11.6.4 ADV_TDS.1 Basic design.72
11.6.5 ADV_TDS.2 Architectural design.73
11.6.6 ADV_TDS.3 Basic modular design .74
11.6.7 ADV_TDS.4 Semiformal modular design .76
11.6.8 ADV_TDS.5 Complete semiformal modular design .77
© ISO/IEC 2008 – All rights reserved v

11.6.9 ADV_TDS.6 Complete semiformal modular design with formal high-level design
presentation .78
12 Class AGD: Guidance documents .80
12.1 Operational user guidance (AGD_OPE) .80
12.1.1 Objectives.80
12.1.2 Component levelling .81
12.1.3 Application notes.81
12.1.4 AGD_OPE.1 Operational user guidance.81
12.2 Preparative procedures (AGD_PRE).82
12.2.1 Objectives.82
12.2.2 Component levelling .82
12.2.3 Application notes.82
12.2.4 AGD_PRE.1 Preparative procedures.83
13 Class ALC: Life-cycle support.83
13.1 CM capabilities (ALC_CMC).84
13.1.1 Objectives.84
13.1.2 Component levelling .85
13.1.3 Application notes.85
13.1.4 ALC_CMC.1 Labelling of the TOE .85
13.1.5 ALC_CMC.2 Use of a CM system .86
13.1.6 ALC_CMC.3 Authorisation controls.87
13.1.7 ALC_CMC.4 Production support, acceptance procedures and automation .88
13.1.8 ALC_CMC.5 Advanced support.90
13.2 CM scope (ALC_CMS) .92
13.2.1 Objectives.92
13.2.2 Component levelling .93
13.2.3 Application notes.93
13.2.4 ALC_CMS.1 TOE CM coverage.93
13.2.5 ALC_CMS.2 Parts of the TOE CM coverage.93
13.2.6 ALC_CMS.3 Implementation representation CM coverage .94
13.2.7 ALC_CMS.4 Problem tracking CM coverage .95
13.2.8 ALC_CMS.5 Development tools CM coverage.96
13.3 Delivery (ALC_DEL).97
13.3.1 Objectives.97
13.3.2 Component levelling .97
13.3.3 Application notes.97
13.3.4 ALC_DEL.1 Delivery procedures.98
13.4 Development security (ALC_DVS) .98
13.4.1 Objectives.98
13.4.2 Component levelling .98
13.4.3 Application notes.98
13.4.4 ALC_DVS.1 Identification of security measures .99
13.4.5 ALC_DVS.2 Sufficiency of security measures.99
13.5 Flaw remediation (ALC_FLR).100
13.5.1 Objectives.100
13.5.2 Component levelling .100
13.5.3 Application notes.100
13.5.4 ALC_FLR.1 Basic flaw remediation .100
13.5.5 ALC_FLR.2 Flaw reporting procedures.101
13.5.6 ALC_FLR.3 Systematic flaw remediation.102
13.6 Life-cycle definition (ALC_LCD).104
13.6.1 Objectives.104
13.6.2 Component levelling .104
13.6.3 Application notes.104
13.6.4 ALC_LCD.1 Developer defined life-cycle model.105
13.6.5 ALC_LCD.2 Measurable life-cycle model .106
13.7 Tools and techniques (ALC_TAT).106
13.7.1 Objectives.106
13.7.2 Component levelling .107
vi © ISO/IEC 2008 – All rights reserved

13.7.3 Application notes .107
13.7.4 ALC_TAT.1 Well-defined development tools.107
13.7.5 ALC_TAT.2 Compliance with implementation standards .108
13.7.6 ALC_TAT.3 Compliance with implementation standards - all parts .108
14 Class ATE: Tests.109
14.1 Coverage (ATE_COV).110
14.1.1 Objectives.110
14.1.2 Component levelling .110
14.1.3 Application notes .110
14.1.4 ATE_COV.1 Evidence of coverage .110
14.1.5 ATE_COV.2 Analysis of coverage .111
14.1.6 ATE_COV.3 Rigorous analysis of coverage .112
14.2 Depth (ATE_DPT).112
14.2.1 Objectives.112
14.2.2 Component levelling .113
14.2.3 Application notes .113
14.2.4 ATE_DPT.1 Testing: basic design .113
14.2.5 ATE_DPT.2 Testing: security enforcing modules.114
14.2.6 ATE_DPT.3 Testing: modular design .114
14.2.7 ATE_DPT.4 Testing: implementation representation .115
14.3 Functional tests (ATE_FUN).116
14.3.1 Objectives.116
14.3.2 Component levelling .116
14.3.3 Application notes .116
14.3.4 ATE_FUN.1 Functional testing.117
14.3.5 ATE_FUN.2 Ordered functional testing.117
14.4 Independent testing (ATE_IND) .118
14.4.1 Objectives.118
14.4.2 Component levelling .118
14.4.3 Application notes .119
14.4.4 ATE_IND.1 Independent testing - conformance.119
14.4.5 ATE_IND.2 Independent testing - sample .120
14.4.6 ATE_IND.3 Independent testing - complete.121
15 Class AVA: Vulnerability assessment.122
15.1 Application notes .122
15.2 Vulnerability analysis (AVA_VAN).123
15.2.1 Objectives.123
15.2.2 Component levelling .123
15.2.3 AVA_VAN.1 Vulnerability survey.123
15.2.4 AVA_VAN.2 Vulnerability analysis .124
15.2.5 AVA_VAN.3 Focused vulnerability analysis.125
15.2.6 AVA_VAN.4 Methodical vulnerability analysis.126
15.2.7 AVA_VAN.5 Advanced methodical vulnerability analysis .127
16 Class ACO: Composition.128
16.1 Composition rationale (ACO_COR) .130
16.1.1 Objectives.130
16.1.2 Component levelling .130
16.1.3 ACO_COR.1 Composition rationale .131
16.2 Development evidence (ACO_DEV).131
16.2.1 Objectives.131
16.2.2 Component levelling .131
16.2.3 Application notes .131
16.2.4 ACO_DEV.1 Functional Description .132
16.2.5 ACO_DEV.2 Basic evidence of design .132
16.2.6 ACO_DEV.3 Detailed evidence of design.133
16.3 Reliance of dependent component (ACO_REL).134
16.3.1 Objectives.134
16.3.2 Component levelling .135
© ISO/IEC 2008 – All rights reserved vii

16.3.3 Application notes.135
16.3.4 ACO_REL.1 Basic reliance information .135
16.3.5 ACO_REL.2 Reliance information.136
16.4 Composed TOE testing (ACO_CTT).136
16.4.1 Objectives.136
16.4.2 Component levelling .136
16.4.3 Application notes.136
16.4.4 ACO_CTT.1 Interface testing.137
16.4.5 ACO_CTT.2 Rigorous interface testing .138
16.5 Composition vulnerability analysis (ACO_VUL).139
16.5.1 Objectives.139
16.5.2 Component levelling .139
16.5.3 Application notes.140
16.5.4 ACO_VUL.1 Composition vulnerability review .140
16.5.5 ACO_VUL.2 Composition vulnerability analysis.
...


NORME ISO/IEC
INTERNATIONALE 15408-3
Troisième édition
2008-08-15
Technologies de l'information —
Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 3:
Composants d'assurance de sécurité
Information technology — Security techniques — Evaluation criteria
for IT security —
Part 3: Security assurance components
Numéro de référence
© ISO/IEC 2008
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/IEC 2008
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
Fax: +41 22 749 09 47
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii
© ISO/IEC 2008 – Tous droits réservés

Sommaire Page
Avant-propos .ix
Introduction .xi
1 Domaine d'application .1
2 Références normatives .1
3 Termes, définitions, symboles et abréviations . 1
4 Vue d'ensemble . 1
4.1 Organisation de la présente partie de l'ISO/IEC 15408 . 1
5 Paradigme de l'assurance . 2
5.1 Philosophie de l'ISO/IEC 15408 . 2
5.2 Approche de l'assurance . 2
5.2.1 Importance des vulnérabilités . 2
5.2.2 Origine des vulnérabilités . 3
5.2.3 Assurance de l'ISO/IEC 15408 . 3
5.2.4 Assurance obtenue par l'évaluation . 3
5.3 L'échelle ISO/IEC 15408 d'assurance de l'évaluation . 4
6 Composants d'assurance de sécurité . 4
6.1 Structure des classes, des familles et des composants d'assurance de sécurité . 4
6.1.1 Structure d'une classe d'assurance . 4
6.1.2 Structure d'une famille d'assurance . 5
6.1.3 Structure d'un composant d'assurance . 6
6.1.4 Éléments d'assurance . 8
6.1.5 Taxinomie d'un composant . 8
6.2 Structure d'un EAL . 9
6.2.1 Nom de l'EAL . 9
6.2.2 Objectifs . 9
6.2.3 Notes d'application . 10
6.2.4 Composants d'assurance . 10
6.2.5 Relation entre exigences et niveaux d'assurance . 10
6.3 Structure d'un CAP . 11
6.3.1 Nom d'un CAP. 12
6.3.2 Objectifs .12
6.3.3 Notes d'application .12
6.3.4 Composants d'assurance .12
6.3.5 Relation entre exigences et niveaux d'assurance .13
7 Niveaux d'assurance de l'évaluation .14
7.1 Généralités sur les niveaux d'assurance de l'évaluation (EAL) . 14
7.2 Détails du niveau d'assurance de l'évaluation . 15
7.3 Niveau d'assurance de l'évaluation 1 (EAL1) — testé fonctionnellement .15
7.3.1 Objectifs . 15
7.3.2 Composants d'assurance . 16
7.4 Niveau d'assurance de l'évaluation 2 (EAL2) — testé structurellement . 16
7.4.1 Objectifs . 16
7.4.2 Composants d'assurance . 16
7.5 Niveau d'assurance de l'évaluation 3 (EAL3) — testé et vérifié méthodiquement . 17
7.5.1 Objectifs . 17
7.5.2 Composants d'assurance . 18
7.6 Niveau d'assurance de l'évaluation 4 (EAL4) — conçu, testé et revu
méthodiquement . 19
7.6.1 Objectifs . 19
7.6.2 Composants d'assurance . 19
7.7 Niveau d'assurance de l'évaluation 5 (EAL5) — conçu à l'aide de méthodes semi-
formelles et testé . 20
iii
© ISO/IEC 2008 – Tous droits réservés

7.7.1 Objectifs . 20
7.7.2 Composants d'assurance . 20
7.8 Niveau d'assurance de l'évaluation 6 (EAL6) — conception vérifiée à l'aide de
méthodes semi-formelles et testé . 21
7.8.1 Objectifs . 21
7.8.2 Composants d'assurance . 22
7.9 Niveau d'assurance de l'évaluation 7 (EAL7) — conception vérifiée à l'aide de
méthodes formelles et testé . .23
7.9.1 Objectifs .23
7.9.2 Composants d'assurance . 23
8 Paquets d'assurance composés .24
8.1 Généralités sur les paquets d'assurance composés (CAP) . 24
8.2 Détails des paquets d'assurance composés . 26
8.3 Niveau d'assurance de la composition A (CAP-A) — composé structurellement .26
8.3.1 Objectifs . 26
8.3.2 Composants d'assurance . 26
8.4 Niveau d'assurance de la composition B (CAP-B) — composé méthodiquement . 27
8.4.1 Objectifs . 27
8.4.2 Composants d'assurance . 27
8.5 Niveau d'assurance de la composition C (CAP-C) — composé, testé et revu
méthodiquement .28
8.5.1 Objectifs .28
8.5.2 Composants d'assurance .28
9 Classe APE: Évaluation d'un profil de protection.29
9.1 Introduction du PP (APE_INT) .30
9.1.1 Objectifs .30
9.1.2 APE_INT.1 Introduction du PP .30
9.2 Revendications de conformité (APE_CCL) . 31
9.2.1 Objectifs . 31
9.2.2 APE_CCL.1 Revendications de conformité . 31
9.3 Définition du problème de sécurité (APE_SPD) . 33
9.3.1 Objectifs . 33
9.3.2 APE_SPD.1 Définition du problème de sécurité . 33
9.4 Objectifs de sécurité (APE_OBJ) .34
9.4.1 Objectifs .34
9.4.2 Classement des composants .34
9.4.3 APE_OBJ.1 Objectifs de sécurité pour l'environnement opérationnel .34
9.4.4 APE_OBJ.2 Objectifs de sécurité .34
9.5 Définition des composants étendus (APE_ECD) .36
9.5.1 Objectifs .36
9.5.2 APE_ECD.1 Définitions des composants étendus .36
9.6 Exigences de sécurité (APE_REQ) . 37
9.6.1 Objectifs . 37
9.6.2 Classement des composants . 37
9.6.3 APE_REQ.1 Exigences de sécurité déclarées . 37
9.6.4 APE_REQ.2 Exigences de sécurité dérivées .38
10 Classe ASE: Évaluation d'une cible de sécurité .39
10.1 Introduction de la ST (ASE_INT) .40
10.1.1 Objectifs .40
10.1.2 ASE_INT.1 Introduction de la ST .40
10.2 Revendications de conformité (ASE_CCL) . 41
10.2.1 Objectifs . 41
10.2.2 ASE_CCL.1 Revendications de conformité . 41
10.3 Définition du problème de sécurité (ASE_SPD) . 43
10.3.1 Objectifs . 43
10.3.2 ASE_SPD.1 Définition du problème de sécurité . 43
10.4 Objectifs de sécurité (ASE_OBJ) .44
iv
© ISO/IEC 2008 – Tous droits réservés

10.4.1 Objectifs .44
10.4.2 Classement des composants .44
10.4.3 ASE_OBJ.1 Objectifs de sécurité pour l'environnement opérationnel.44
10.4.4 ASE_OBJ.2 Objectifs de sécurité.44
10.5 Définitions des composants étendus (ASE_ECD) .46
10.5.1 Objectifs .46
10.5.2 ASE_ECD.1 Définition des composants étendus .46
10.6 Exigences de sécurité (ASE_REQ) . 47
10.6.1 Objectifs . 47
10.6.2 Classement des composants . 47
10.6.3 ASE_REQ.1 Exigences de sécurité déclarées . 47
10.6.4 ASE_REQ.2 Exigences de sécurité dérivées .48
10.7 Spécifications globales de la TOE (ASE_TSS) .49
10.7.1 Objectifs .49
10.7.2 Classement des composants .49
10.7.3 ASE_TSS.1 Spécifications globales de la TOE .50
10.7.4 ASE_TSS.2 Spécifications globales de la TOE avec résumé de conception
architecturale .50
11 Classe ADV: Développement . .51
11.1 Architecture de sécurité (ADV_ARC) .56
11.1.1 Objectifs .56
11.1.2 Classement des composants .56
11.1.3 Notes d'application .56
11.1.4 ADV_ARC.1 Description de l'architecture de sécurité . 57
11.2 Spécifications fonctionnelles (ADV_FSP) .58
11.2.1 Objectifs .58
11.2.2 Classement des composants .58
11.2.3 Notes d'application .58
11.2.4 ADV_FSP.1 Spécification fonctionnelle de base . 61
11.2.5 ADV_FSP.2 Spécification fonctionnelle d'application de sécurité . 62
11.2.6 ADV_FSP.3 Spécification fonctionnelle avec résumé complet .63
11.2.7 ADV_FSP.4 Spécification fonctionnelle complète .64
11.2.8 ADV_FSP.5 Spécification fonctionnelle semi-formelle complète avec
informations d'erreurs supplémentaires .65
11.2.9 ADV_FSP.6 Spécification fonctionnelle semi-formelle complète avec
spécification formelle supplémentaire .66
11.3 Représentation de l'implémentation (ADV_IMP). 67
11.3.1 Objectifs . 67
11.3.2 Classement des composants .68
11.3.3 Notes d'application .68
11.3.4 ADV_IMP.1 Représentation de l'implémentation de la TSF .69
11.3.5 ADV_IMP.2 Mappage complet de la représentation de l'implémentation de
la TSF . . 70
11.4 Éléments internes de la TSF (ADV_INT) . 71
11.4.1 Objectifs . 71
11.4.2 Classement des composants . 71
11.4.3 Notes d'application . 71
11.4.4 ADV_INT.1 Sous-ensemble bien structuré d'éléments internes de la TSF . 71
11.4.5 ADV_INT.2 Éléments internes bien structurés .73
11.4.6 ADV_INT.3 Éléments internes minimalement complexes .74
11.5 Modélisation des politiques de sécurité (ADV_SPM) . 75
11.5.1 Objectifs . 75
11.5.2 Classement des composants . 75
11.5.3 Notes d'application .75
11.5.4 ADV_SPM.1 Modèle formel de politique de sécurité de la TOE . 76
11.6 Conception de la TOE (ADV_TDS) .77
11.6.1 Objectifs .77
11.6.2 Classement des composants .77
v
© ISO/IEC 2008 – Tous droits réservés

11.6.3 Notes d'application .77
11.6.4 ADV_TDS.1 Conception de base . 79
11.6.5 ADV_TDS.2 Conception architecturale .80
11.6.6 ADV_TDS.3 Conception modulaire de base .81
11.6.7 ADV_TDS.4 Conception modulaire semi-formelle .82
11.6.8 ADV_TDS.5 Conception modulaire semi-formelle complète .84
11.6.9 ADV_TDS.6 Conception modulaire semi-formelle complète avec
présentation formelle de conception de haut niveau .85
12 Classe AGD: Guides .86
12.1 Guide opérationnel de l'utilisateur (AGD_OPE) .87
12.1.1 Objectifs .87
12.1.2 Classement des composants .87
12.1.3 Notes d'application .88
12.1.4 AGD_OPE.1 Guide opérationnel de l'utilisateur .88
12.2 Guide préparatoire (AGD_PRE) .89
12.2.1 Objectifs .89
12.2.2 Classement des composants .89
12.2.3 Notes d'application .90
12.2.4 AGD_PRE.1 Guide préparatoire .90
13 Classe ALC: Support au cycle de vie.91
13.1 Capacités de la CM (ALC_CMC) . 91
13.1.1 Objectifs . 91
13.1.2 Classement des composants . 92
13.1.3 Notes d'application .92
13.1.4 ALC_CMC.1 Labellisation de la TOE . 93
13.1.5 ALC_CMC.2 Utilisation d'un système de CM . 93
13.1.6 ALC_CMC.3 Contrôles d'autorisation.94
13.1.7 ALC_CMC.4 Support à la production, procédures d'acceptation et
automatisation .96
13.1.8 ALC_CMC.5 Support avancé .98
13.2 Périmètre de la CM (ALC_CMS) .100
13.2.1 Objectifs .100
13.2.2 Classement des composants .100
13.2.3 Notes d'application .101
13.2.4 ALC_CMS.1 Couverture de la CM de la TOE . 101
13.2.5 ALC_CMS.2 Parties de la couverture de la CM de la TOE . 101
13.2.6 ALC_CMS.3 Couverture de la CM de la représentation de l'implémentation .102
13.2.7 ALC_CMS.4 Couverture de la CM du suivi des problèmes .103
13.2.8 ALC_CMS.5 Couverture de la CM des outils de développement .104
13.3 Livraison (ALC_DEL) .105
13.3.1 Objectifs .105
13.3.2 Classement des composants .106
13.3.3 Notes d'application .106
13.3.4 ALC_DEL.1 Procédures de livraison .106
13.4 Sécurité du développement (ALC_DVS) .107
13.4.1 Objectifs .107
13.4.2 Classement des composants .107
13.4.3 Notes d'application .107
13.4.4 ALC_DVS.1 Identification des mesures de sécurité .107
13.4.5 ALC_DVS.2 Caractère suffisant des mesures de sécurité .108
13.5 Correction d'anomalies (ALC_FLR) .109
13.5.1 Objectifs .109
13.5.2 Classement des composants .109
13.5.3 Notes d'application .109
13.5.4 ALC_FLR.1 Correction d'anomalies de base .109
13.5.5 ALC_FLR.2 Procédures pour signaler les anomalies . 110
13.5.6 ALC_FLR.3 Correction d'anomalies systématique .112
vi
© ISO/IEC 2008 – Tous droits réservés

13.6 Définition du cycle de vie (ALC_LCD) . 114
13.6.1 Objectifs . 114
13.6.2 Classement des composants . 114
13.6.3 Notes d'application . 114
13.6.4 ALC_LCD.1 Modèle de cycle de vie défini par le développeur .115
13.6.5 ALC_LCD.2 Modèle de cycle de vie normalisé .115
13.7 Outils et techniques (ALC_TAT) . 116
13.7.1 Objectifs . 116
13.7.2 Classement des composants . 116
13.7.3 Notes d'application . 116
13.7.4 ALC_TAT.1 Outils de développement bien définis . 117
13.7.5 ALC_TAT.2 Conformité aux normes d'implémentation .118
13.7.6 ALC_TAT.3 Conformité aux normes d'implémentation - toutes les parties
de la TOE . 118
14 Classe ATE: Tests .119
14.1 Couverture (ATE_COV).120
14.1.1 Objectifs .120
14.1.2 Classement des composants .120
14.1.3 Notes d'application .120
14.1.4 ATE_COV.1 Éléments de preuve de la couverture .120
14.1.5 ATE_COV.2 Analyse de la couverture .121
14.1.6 ATE_COV.3 Analyse rigoureuse de la couverture .122
14.2 Profondeur (ATE_DPT) .123
14.2.1 Objectifs .123
14.2.2 Classement des composants .123
14.2.3 Notes d'application .123
14.2.4 ATE_DPT.1 Tests: conception de base .123
14.2.5 ATE_DPT.2 Tests: modules d'application de la sécurité .124
14.2.6 ATE_DPT.3 Tests: conception modulaire .125
14.2.7 ATE_DPT.4 Tests: représentation de l'implémentation.126
14.3 Tests fonctionnels (ATE_FUN) .127
14.3.1 Objectifs .127
14.3.2 Classement des composants .127
14.3.3 Notes d'application .127
14.3.4 ATE_FUN.1 Tests fonctionnels .127
14.3.5 ATE_FUN.2 Tests fonctionnels ordonnés .128
14.4 Tests indépendants (ATE_IND) .129
14.4.1 Objectifs .129
14.4.2 Classement des composants .129
14.4.3 Notes d'application .130
14.4.4 ATE_IND.1 Tests indépendants - conformité .130
14.4.5 ATE_IND.2 Tests indé
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

ISO
ISO/IEC 18032:2020(Main)
Information security - Prime number generation

This document specifies methods for generating and testing prime numbers as required in cryptographic protocols and algorithms. Firstly, this document specifies methods for testing whether a given number is prime. The testing methods included in this document are divided into two groups: - probabilistic primality tests, which have a small error probability. All probabilistic tests described here can declare a composite to be a prime; - deterministic methods, which are guaranteed to give the right verdict. These methods use so-called primality certificates. Secondly, this document specifies methods to generate prime numbers. Again, both probabilistic and deterministic methods are presented. NOTE It is possible that readers with a background in algorithm theory have already had previous encounters with probabilistic and deterministic algorithms. The deterministic methods in this document internally still make use of random bits (to be generated via methods described in ISO/IEC 18031), and "deterministic" only refers to the fact that the output is correct with probability one. Annex A provides error probabilities that are utilized by the Miller-Rabin primality test. Annex B describes variants of the methods for generating primes so that particular cryptographic requirements can be met. Annex C defines primitives utilized by the prime generation and verification methods.

  • Standard
    33 pages
    English language
    sale 15% off
ISO
ISO/IEC 24761:2019(Main)
Information technology - Security techniques - Authentication context for biometrics

This document defines the structure and the data elements of Authentication Context for Biometrics (ACBio), which is used for checking the validity of the result of a biometric enrolment and verification process executed at a remote site. This document allows any ACBio instance to accompany any biometric processes related to enrolment and verification. The specification of ACBio is applicable not only to single modal biometric enrolment and verification but also to multimodal fusion. The real-time information of presentation attack detection is not provided in this document. Only the assurance information of presentation attack detection (PAD) mechanism can be contained in the BPU report. Biometric identification is out of the scope of this document. This document specifies the cryptographic syntax of an ACBio instance. The cryptographic syntax of an ACBio instance is defined in this document applying a data structure specified in Cryptographic Message Syntax (CMS) schema whose concrete values can be represented using a compact binary encoding. This document does not define protocols to be used between entities such as BPUs, claimant, and validator. Its concern is entirely with the content and encoding of the ACBio instances for the various processing activities.

  • Standard
    75 pages
    English language
    sale 15% off
ISO
ISO/IEC 30111:2019(Main)
Information technology - Security techniques - Vulnerability handling processes

This document provides requirements and recommendations for how to process and remediate reported potential vulnerabilities in a product or service. This document is applicable to vendors involved in handling vulnerabilities.

  • Standard
    13 pages
    English language
    sale 15% off
  • Standard
    15 pages
    French language
    sale 15% off
ISO
ISO/IEC 9798-2:2019(Main)
IT Security techniques - Entity authentication - Part 2: Mechanisms using authenticated encryption

This document specifies entity authentication mechanisms using authenticated encryption algorithms. Four of the mechanisms provide entity authentication between two entities where no trusted third party is involved; two of these are mechanisms to unilaterally authenticate one entity to another, while the other two are mechanisms for mutual authentication of two entities. The remaining mechanisms require an on-line trusted third party for the establishment of a common secret key. They also realize mutual or unilateral entity authentication. Annex A defines Object Identifiers for the mechanisms specified in this document.

  • Standard
    15 pages
    English language
    sale 15% off
ISO
ISO/IEC 9798-3:2019(Main)
IT Security techniques - Entity authentication - Part 3: Mechanisms using digital signature techniques

This document specifies entity authentication mechanisms using digital signatures based on asymmetric techniques. A digital signature is used to verify the identity of an entity. Ten mechanisms are specified in this document. The first five mechanisms do not involve an on-line trusted third party and the last five make use of on-line trusted third parties. In both of these two categories, two mechanisms achieve unilateral authentication and the remaining three achieve mutual authentication. Annex A defines the object identifiers assigned to the entity authentication mechanisms specified in this document.

  • Standard
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 27008:2019(Main)
Information technology - Security techniques - Guidelines for the assessment of information security controls

This document provides guidance on reviewing and assessing the implementation and operation of information security controls, including the technical assessment of information system controls, in compliance with an organization's established information security requirements including technical compliance against assessment criteria based on the information security requirements established by the organization. This document offers guidance on how to review and assess information security controls being managed through an Information Security Management System specified by ISO/IEC 27001. It is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks.

  • Technical specification
    91 pages
    English language
    sale 15% off
ISO
ISO/IEC 10118-3:2018(Main)
IT Security techniques - Hash-functions - Part 3: Dedicated hash-functions

This document specifies dedicated hash-functions, i.e. specially designed hash-functions. The hash-functions in this document are based on the iterative use of a round-function. Distinct round-functions are specified, giving rise to distinct dedicated hash-functions. The use of Dedicated Hash-Functions 1, 2 and 3 in new digital signature implementations is deprecated. NOTE As a result of their short hash-code length and/or cryptanalytic results, Dedicated Hash-Functions 1, 2 and 3 do not provide a sufficient level of collision resistance for future digital signature applications and they are therefore, only usable for legacy applications. However, for applications where collision resistance is not required, such as in hash-functions as specified in ISO/IEC 9797‑2, or in key derivation functions specified in ISO/IEC 11770‑6, their use is not deprecated. Numerical examples for dedicated hash-functions specified in this document are given in Annex B as additional information. For information purposes, SHA-3 extendable-output functions are specified in Annex C.

  • Standard
    398 pages
    English language
    sale 15% off
ISO
ISO/IEC 29147:2018(Main)
Information technology - Security techniques - Vulnerability disclosure

This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical vulnerability management as specified in ISO/IEC 27002:2013, 12.6.1[1]. Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coordinated vulnerability disclosure is especially important when multiple vendors are affected. This document provides: - guidelines on receiving reports about potential vulnerabilities; - guidelines on disclosing vulnerability remediation information; - terms and definitions that are specific to vulnerability disclosure; - an overview of vulnerability disclosure concepts; - techniques and policy considerations for vulnerability disclosure; - examples of techniques, policies (Annex A), and communications (Annex B). Other related activities that take place between receiving and disclosing vulnerability reports are described in ISO/IEC 30111. This document is applicable to vendors who choose to practice vulnerability disclosure to reduce risk to users of vendors' products and services.

  • Standard
    32 pages
    English language
    sale 15% off
  • Standard
    34 pages
    French language
    sale 15% off
ISO
ISO/IEC TS 19608:2018(Main)
Guidance for developing security and privacy functional requirements based on ISO/IEC 15408

This document provides guidance for: — selecting and specifying security functional requirements (SFRs) from ISO/IEC 15408-2 to protect Personally Identifiable Information (PII); — the procedure to define both privacy and security functional requirements in a coordinated manner; and — developing privacy functional requirements as extended components based on the privacy principles defined in ISO/IEC 29100 through the paradigm described in ISO/IEC 15408-2. The intended audience for this document are: — developers who implement products or systems that deal with PII and want to undergo a security evaluation of those products using ISO/IEC 15408. They will get guidance how to select security functional requirements for the Security Target of their product or system that map to the privacy principles defined in ISO/IEC 29100; — authors of Protection Profiles that address the protection of PII; and — evaluators that use ISO/IEC 15408 and ISO/IEC 18045 for a security evaluation. This document is intended to be fully consistent with ISO/IEC 15408; however, in the event of any inconsistency between this document and ISO/IEC 15408, the latter, as a normative standard, takes precedence.

  • Technical specification
    48 pages
    English language
    sale 15% off
ISO
ISO/IEC 27050-2:2018(Main)
Information technology - Electronic discovery - Part 2: Guidance for governance and management of electronic discovery

This document provides guidance for technical and non-technical personnel at senior management levels within an organization, including those with responsibility for compliance with statuary and regulatory requirements, and industry standards. It describes how such personnel can identify and take ownership of risks related to electronic discovery, set policy and achieve compliance with corresponding external and internal requirements. It also suggests how to produce such policies in a form which can inform process control. Furthermore, it provides guidance on how to implement and control electronic discovery in accordance with the policies.

  • Standard
    9 pages
    English language
    sale 15% off