ISO/IEC 15408-3:2008
(Main)Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
ISO/IEC 15408-3:2008 defines the assurance requirements of the evaluation criteria. It includes the evaluation assurance levels that define a scale for measuring assurance for component targets of evaluation (TOEs), the composed assurance packages that define a scale for measuring assurance for composed TOEs, the individual assurance components from which the assurance levels and packages are composed, and the criteria for evaluation of protection profiles and security targets. ISO/IEC 15408-3:2008 defines the content and presentation of the assurance requirements in the form of assurance classes, families and components and provides guidance on the organization of new assurance requirements. The assurance components within the assurance families are presented in a hierarchical order.
Technologies de l'information — Techniques de sécurité — Critères d'évaluation pour la sécurité TI — Partie 3: Composants d'assurance de sécurité
La présente partie de l'ISO/IEC 15408 définit les exigences d'assurance de l'ISO/IEC 15408. Elle comprend les niveaux d'assurance de l'évaluation (Évaluation Assurance Level, EAL) qui définissent une échelle pour mesurer l'assurance pour les cibles d'évaluation (Targets of Évaluation, TOE) des composants, les paquets d'assurance composés (Composed Assurance Packages, CAP) qui définissent une échelle pour mesurer l'assurance des TOE composées, les composants individuels d'assurance à partir desquels sont composés les niveaux et les paquets d'assurance, et les critères pour l'évaluation des profils de protection (Protection Profiles, PP) et des cibles de sécurité (Security Targets, ST).
General Information
Relations
Buy Standard
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 15408-3
Third edition
2008-08-15
Corrected version
2011-06-01
Information technology Security
techniques — Evaluation criteria for IT
security —
Part 3:
Security assurance components
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 3: Composants d'assurance de sécurité
Reference number
ISO/IEC 15408-3:2008(E)
©
ISO/IEC 2008
---------------------- Page: 1 ----------------------
ISO/IEC 15408-3:2008(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2008 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 15408-3:2008(E)
Contents Page
Foreword .ix
Introduction.xi
1 Scope.1
2 Normative references.1
3 Terms and definitions, symbols and abbreviated terms.1
4 Overview.1
4.1 Organisation of this part of ISO/IEC 15408.1
5 Assurance paradigm.2
5.1 ISO/IEC 15408 philosophy .2
5.2 Assurance approach.2
5.2.1 Significance of vulnerabilities.2
5.2.2 Cause of vulnerabilities .3
5.2.3 ISO/IEC 15408 assurance.3
5.2.4 Assurance through evaluation.3
5.3 ISO/IEC 15408 evaluation assurance scale.3
6 Security assurance components .4
6.1 Security assurance classes, families and components structure .4
6.1.1 Assurance class structure.4
6.1.2 Assurance family structure .5
6.1.3 Assurance component structure .6
6.1.4 Assurance elements.8
6.1.5 Component taxonomy.8
6.2 EAL structure.9
6.2.1 EAL name.9
6.2.2 Objectives.9
6.2.3 Application notes .9
6.2.4 Assurance components.10
6.2.5 Relationship between assurances and assurance levels .10
6.3 CAP structure.11
6.3.1 CAP name.11
6.3.2 Objectives.11
6.3.3 Application notes .11
6.3.4 Assurance components.12
6.3.5 Relationship between assurances and assurance levels .13
7 Evaluation assurance levels .13
7.1 Evaluation assurance level (EAL) overview .14
7.2 Evaluation assurance level details .15
7.3 Evaluation assurance level 1 (EAL1) - functionally tested.15
7.3.1 Objectives.15
7.3.2 Assurance components.16
7.4 Evaluation assurance level 2 (EAL2) - structurally tested .16
7.4.1 Objectives.16
7.4.2 Assurance components.16
7.5 Evaluation assurance level 3 (EAL3) - methodically tested and checked.17
7.5.1 Objectives.17
7.5.2 Assurance components.17
7.6 Evaluation assurance level 4 (EAL4) - methodically designed, tested, and reviewed.18
7.6.1 Objectives.18
7.6.2 Assurance components.18
© ISO/IEC 2008 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 15408-3:2008(E)
7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and tested .19
7.7.1 Objectives.19
7.7.2 Assurance components .19
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified design and tested.20
7.8.1 Objectives.20
7.8.2 Assurance components .20
7.9 Evaluation assurance level 7 (EAL7) - formally verified design and tested .21
7.9.1 Objectives.21
7.9.2 Assurance components .22
8 Composed assurance packages.23
8.1 Composed assurance package (CAP) overview .23
8.2 Composed assurance package details .24
8.3 Composition assurance level A (CAP-A) - Structurally composed .24
8.3.1 Objectives.24
8.3.2 Assurance components .24
8.4 Composition assurance level B (CAP-B) - Methodically composed .25
8.4.1 Objectives.25
8.4.2 Assurance components .25
8.5 Composition assurance level C (CAP-C) - Methodically composed, tested and reviewed .26
8.5.1 Objectives.26
8.5.2 Assurance components .26
9 Class APE: Protection Profile evaluation.27
9.1 PP introduction (APE_INT) .28
9.1.1 Objectives.28
9.1.2 APE_INT.1 PP introduction.28
9.2 Conformance claims (APE_CCL).29
9.2.1 Objectives.29
9.2.2 APE_CCL.1 Conformance claims.29
9.3 Security problem definition (APE_SPD).31
9.3.1 Objectives.31
9.3.2 APE_SPD.1 Security problem definition .31
9.4 Security objectives (APE_OBJ).31
9.4.1 Objectives.31
9.4.2 Component levelling .32
9.4.3 APE_OBJ.1 Security objectives for the operational environment.32
9.4.4 APE_OBJ.2 Security objectives .32
9.5 Extended components definition (APE_ECD) .33
9.5.1 Objectives.33
9.5.2 APE_ECD.1 Extended components definition.33
9.6 Security requirements (APE_REQ) .34
9.6.1 Objectives.34
9.6.2 Component levelling .34
9.6.3 APE_REQ.1 Stated security requirements.34
9.6.4 APE_REQ.2 Derived security requirements.35
10 Class ASE: Security Target evaluation.36
10.1 ST introduction (ASE_INT).37
10.1.1 Objectives.37
10.1.2 ASE_INT.1 ST introduction .37
10.2 Conformance claims (ASE_CCL).38
10.2.1 Objectives.38
10.2.2 ASE_CCL.1 Conformance claims.38
10.3 Security problem definition (ASE_SPD).40
10.3.1 Objectives.40
10.3.2 ASE_SPD.1 Security problem definition .40
10.4 Security objectives (ASE_OBJ).41
10.4.1 Objectives.41
10.4.2 Component levelling .41
10.4.3 ASE_OBJ.1 Security objectives for the operational environment.41
iv © ISO/IEC 2008 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 15408-3:2008(E)
10.4.4 ASE_OBJ.2 Security objectives.41
10.5 Extended components definition (ASE_ECD) .42
10.5.1 Objectives.42
10.5.2 ASE_ECD.1 Extended components definition.42
10.6 Security requirements (ASE_REQ).43
10.6.1 Objectives.43
10.6.2 Component levelling .43
10.6.3 ASE_REQ.1 Stated security requirements.44
10.6.4 ASE_REQ.2 Derived security requirements .44
10.7 TOE summary specification (ASE_TSS) .46
10.7.1 Objectives.46
10.7.2 Component levelling .46
10.7.3 ASE_TSS.1 TOE summary specification.46
10.7.4 ASE_TSS.2 TOE summary specification with architectural design summary.47
11 Class ADV: Development.48
11.1 Security Architecture (ADV_ARC).52
11.1.1 Objectives.52
11.1.2 Component levelling .52
11.1.3 Application notes .52
11.1.4 ADV_ARC.1 Security architecture description.53
11.2 Functional specification (ADV_FSP) .54
11.2.1 Objectives.54
11.2.2 Component levelling .54
11.2.3 Application notes .54
11.2.4 ADV_FSP.1 Basic functional specification.56
11.2.5 ADV_FSP.2 Security-enforcing functional specification.57
11.2.6 ADV_FSP.3 Functional specification with complete summary .58
11.2.7 ADV_FSP.4 Complete functional specification .59
11.2.8 ADV_FSP.5 Complete semi-formal functional specification with additional error
information.60
11.2.9 ADV_FSP.6 Complete semi-formal functional specification with additional formal
specification.61
11.3 Implementation representation (ADV_IMP) .63
11.3.1 Objectives.63
11.3.2 Component levelling .63
11.3.3 Application notes .63
11.3.4 ADV_IMP.1 Implementation representation of the TSF.64
11.3.5 ADV_IMP.2 Complete mapping of the implementation representation of the TSF.64
11.4 TSF internals (ADV_INT).65
11.4.1 Objectives.65
11.4.2 Component levelling .65
11.4.3 Application notes .65
11.4.4 ADV_INT.1 Well-structured subset of TSF internals.66
11.4.5 ADV_INT.2 Well-structured internals.67
11.4.6 ADV_INT.3 Minimally complex internals .68
11.5 Security policy modelling (ADV_SPM).69
11.5.1 Objectives.69
11.5.2 Component levelling .69
11.5.3 Application notes .69
11.5.4 ADV_SPM.1 Formal TOE security policy model.70
11.6 TOE design (ADV_TDS) .71
11.6.1 Objectives.71
11.6.2 Component levelling .71
11.6.3 Application notes .71
11.6.4 ADV_TDS.1 Basic design.72
11.6.5 ADV_TDS.2 Architectural design.73
11.6.6 ADV_TDS.3 Basic modular design .74
11.6.7 ADV_TDS.4 Semiformal modular design .76
11.6.8 ADV_TDS.5 Complete semiformal modular design .77
© ISO/IEC 2008 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC 15408-3:2008(E)
11.6.9 ADV_TDS.6 Complete semiformal modular design with formal high-level design
presentation .78
12 Class AGD: Guidance documents .80
12.1 Operational user guidance (AGD_OPE) .80
12.1.1 Objectives.80
12.1.2 Component levelling .81
12.1.3 Application notes.81
12.1.4 AGD_OPE.1 Operational user guidance.81
12.2 Preparative procedures (AGD_PRE).82
12.2.1 Objectives.82
12.2.2 Component levelling .82
12.2.3 Application notes.82
12.2.4 AGD_PRE.1 Preparative procedures.83
13 Class ALC: Life-cycle support.83
13.1 CM capabilities (ALC_CMC).84
13.1.1 Objectives.84
13.1.2 Component levelling .85
13.1.3 Application notes.85
13.1.4 ALC_CMC.1 Labelling of the TOE .85
13.1.5 ALC_CMC.2 Use of a CM system .86
13.1.6 ALC_CMC.3 Authorisation controls.87
13.1.7 ALC_CMC.4 Production support, acceptance procedures and automation .88
13.1.8 ALC_CMC.5 Advanced support.90
13.2 CM scope (ALC_CMS) .92
13.2.1 Objectives.92
13.2.2 Component levelling .93
13.2.3 Application notes.93
13.2.4 ALC_CMS.1 TOE CM coverage.93
13.2.5 ALC_CMS.2 Parts of the TOE CM coverage.93
13.2.6 ALC_CMS.3 Implementation representation CM coverage .94
13.2.7 ALC_CMS.4 Problem tracking CM coverage .
...
INTERNATIONAL ISO/IEC
STANDARD 15408-3
Third edition
2008-08-15
Information technology — Security
techniques — Evaluation criteria for IT
security —
Part 3:
Security assurance components
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 3: Composants d'assurance de sécurité
Reference number
ISO/IEC 15408-3:2008(E)
©
ISO/IEC 2008
---------------------- Page: 1 ----------------------
ISO/IEC 15408-3:2008(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2008 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 15408-3:2008(E)
Contents Page
1 Scope . 1
2 Normative references . 1
3 Terms and definitions, symbols and abbreviated terms . 1
4 Overview . 1
4.1 Organisation of this part of ISO/IEC 15408 . 1
5 Assurance paradigm . 2
5.1 ISO/IEC 15408 philosophy . 2
5.2 Assurance approach . 2
5.2.1 Significance of vulnerabilities . 2
5.2.2 Cause of vulnerabilities . 3
5.2.3 ISO/IEC 15408 assurance. 3
5.2.4 Assurance through evaluation . 3
5.3 ISO/IEC 15408 evaluation assurance scale. 3
6 Security assurance components . 4
6.1 Security assurance classes, families and components structure . 4
6.1.1 Assurance class structure. 4
6.1.2 Assurance family structure . 5
6.1.3 Assurance component structure . 6
6.1.4 Assurance elements . 8
6.1.5 Component taxonomy . 8
6.2 EAL structure . 8
6.2.1 EAL name . 9
6.2.2 Objectives . 9
6.2.3 Application notes . 9
6.2.4 Assurance components . 9
6.2.5 Relationship between assurances and assurance levels . 10
6.3 CAP structure . 10
6.3.1 CAP name . 11
6.3.2 Objectives . 11
6.3.3 Application notes . 11
6.3.4 Assurance components . 11
6.3.5 Relationship between assurances and assurance levels . 12
7 Evaluation assurance levels . 12
7.1 Evaluation assurance level (EAL) overview . 13
7.2 Evaluation assurance level details . 14
7.3 Evaluation assurance level 1 (EAL1) - functionally tested . 14
7.3.1 Objectives . 14
7.3.2 Assurance components . 15
7.4 Evaluation assurance level 2 (EAL2) - structurally tested . 15
7.4.1 Objectives . 15
7.4.2 Assurance components . 15
7.5 Evaluation assurance level 3 (EAL3) - methodically tested and checked . 16
7.5.1 Objectives . 16
7.5.2 Assurance components . 16
7.6 Evaluation assurance level 4 (EAL4) - methodically designed, tested, and reviewed . 17
7.6.1 Objectives . 17
7.6.2 Assurance components . 17
7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and tested . 18
7.7.1 Objectives . 18
7.7.2 Assurance components . 18
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified design and tested. 19
© ISO/IEC 2008 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 15408-3:2008(E)
7.8.1 Objectives . 19
7.8.2 Assurance components . 19
7.9 Evaluation assurance level 7 (EAL7) - formally verified design and tested . 20
7.9.1 Objectives . 20
7.9.2 Assurance components . 20
8 Composed assurance packages . 21
8.1 Composed assurance package (CAP) overview . 22
8.2 Composed assurance package details . 23
8.3 Composition assurance level A (CAP-A) - Structurally composed . 23
8.3.1 Objectives . 23
8.3.2 Assurance components . 23
8.4 Composition assurance level B (CAP-B) - Methodically composed . 24
8.4.1 Objectives . 24
8.4.2 Assurance components . 24
8.5 Composition assurance level C (CAP-C) - Methodically composed, tested and reviewed . 25
8.5.1 Objectives . 25
8.5.2 Assurance components . 25
9 Class APE: Protection Profile evaluation . 26
9.1 PP introduction (APE_INT) . 27
9.1.1 Objectives . 27
9.1.2 APE_INT.1 PP introduction . 27
9.2 Conformance claims (APE_CCL) . 27
9.2.1 Objectives . 27
9.2.2 APE_CCL.1 Conformance claims. 27
9.3 Security problem definition (APE_SPD) . 29
9.3.1 Objectives . 29
9.3.2 APE_SPD.1 Security problem definition . 29
9.4 Security objectives (APE_OBJ) . 30
9.4.1 Objectives . 30
9.4.2 Component levelling . 30
9.4.3 APE_OBJ.1 Security objectives for the operational environment . 30
9.4.4 APE_OBJ.2 Security objectives . 30
9.5 Extended components definition (APE_ECD) . 31
9.5.1 Objectives . 31
9.5.2 APE_ECD.1 Extended components definition . 32
9.6 Security requirements (APE_REQ) . 32
9.6.1 Objectives . 32
9.6.2 Component levelling . 33
9.6.3 APE_REQ.1 Stated security requirements . 33
9.6.4 APE_REQ.2 Derived security requirements . 34
10 Class ASE: Security Target evaluation. 35
10.1 ST introduction (ASE_INT) . 35
10.1.1 Objectives . 35
10.1.2 ASE_INT.1 ST introduction . 35
10.2 Conformance claims (ASE_CCL) . 36
10.2.1 Objectives . 36
10.2.2 ASE_CCL.1 Conformance claims. 37
10.3 Security problem definition (ASE_SPD) . 38
10.3.1 Objectives . 38
10.3.2 ASE_SPD.1 Security problem definition . 38
10.4 Security objectives (ASE_OBJ) . 39
10.4.1 Objectives . 39
10.4.2 Component levelling . 39
10.4.3 ASE_OBJ.1 Security objectives for the operational environment . 39
10.4.4 ASE_OBJ.2 Security objectives . 39
10.5 Extended components definition (ASE_ECD) . 40
10.5.1 Objectives . 40
10.5.2 ASE_ECD.1 Extended components definition . 40
iv © ISO/IEC 2008 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 15408-3:2008(E)
10.6 Security requirements (ASE_REQ) . 41
10.6.1 Objectives . 41
10.6.2 Component levelling . 42
10.6.3 ASE_REQ.1 Stated security requirements . 42
10.6.4 ASE_REQ.2 Derived security requirements . 42
10.7 TOE summary specification (ASE_TSS) . 44
10.7.1 Objectives . 44
10.7.2 Component levelling . 44
10.7.3 ASE_TSS.1 TOE summary specification . 44
10.7.4 ASE_TSS.2 TOE summary specification with architectural design summary . 44
11 Class ADV: Development. 45
11.1 Security Architecture (ADV_ARC) . 50
11.1.1 Objectives . 50
11.1.2 Component levelling . 50
11.1.3 Application notes . 50
11.1.4 ADV_ARC.1 Security architecture description . 51
11.2 Functional specification (ADV_FSP) . 52
11.2.1 Objectives . 52
11.2.2 Component levelling . 52
11.2.3 Application notes . 52
11.2.4 ADV_FSP.1 Basic functional specification . 54
11.2.5 ADV_FSP.2 Security-enforcing functional specification . 55
11 .2.6 ADV_FSP.3 Functional specification with complete summary . 56
11.2.7 ADV_FSP.4 Complete functional specification . 57
11 .2.8 ADV_FSP.5 Complete semi-formal functional specification with additional error
information . 58
11.2.9 ADV_FSP.6 Complete semi-formal functional specification with additional formal
specification . 59
11.3 Implementation representation (ADV_IMP) . 61
11.3.1 Objectives . 61
11.3.2 Component levelling . 61
11.3.3 Application notes . 61
11.3.4 ADV_IMP.1 Implementation representation of the TSF . 62
11.3.5 ADV_IMP.2 Complete mapping of the implementation representation of the TSF . 62
11.4 TSF internals (ADV_INT) . 63
11.4.1 Objectives . 63
11.4.2 Component levelling . 63
11.4.3 Application notes . 63
11.4.4 ADV_INT.1 Well-structured subset of TSF internals . 64
11.4.5 ADV_INT.2 Well-structured internals . 65
11.4.6 ADV_INT.3 Minimally complex internals . 66
11.5 Security policy modelling (ADV_SPM) . 67
11.5.1 Objectives . 67
11.5.2 Component levelling . 67
11.5.3 Application notes . 67
11.5.4 ADV_SPM.1 Formal TOE security policy model . 68
11.6 TOE design (ADV_TDS) . 69
11.6.1 Objectives . 69
11.6.2 Component levelling . 69
11.6.3 Application notes . 69
11.6.4 ADV_TDS.1 Basic design. 70
11.6.5 ADV_TDS.2 Architectural design . 71
11.6.6 ADV_TDS.3 Basic modular design . 72
11.6.7 ADV_TDS.4 Semiformal modular design . 74
11.6.8 ADV_TDS.5 Complete semiformal modular design . 75
11.6.9 ADV_TDS.6 Complete semiformal modular design with formal high-level design
presentation . 76
12 Class AGD: Guidance documents . 78
12.1 Operational user guidance (AGD_OPE) . 78
© ISO/IEC 2008 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC 15408-3:2008(E)
12.1.1 Objectives . 78
12.1.2 Component levelling . 78
12.1.3 Application notes . 79
12.1.4 AGD_OPE.1 Operational user guidance . 79
12.2 Preparative procedures (AGD_PRE) . 80
12.2.1 Objectives . 80
12.2.2 Component levelling . 80
12.2.3 Application notes . 80
12.2.4 AGD_PRE.1 Preparative procedures . 81
13 Class ALC: Life-cycle support . 81
13.1 CM capabilities (ALC_CMC) . 82
13.1.1 Objectives . 82
13.1.2 Component levelling . 82
13.1.3 Application notes . 83
13.1.4 ALC_CMC.1 Labelling of the TOE . 83
13.1.5 ALC_CMC.2 Use of a CM system . 84
13.1.6 ALC_CMC.3 Authorisation controls. 85
13.1.7 ALC_CMC.4 Production support, acceptance procedures and automation . 86
13.1.8 ALC_CMC.5 Advanced support . 88
13.2 CM scope (ALC_CMS) . 90
13.2.1 O
...
NORME ISO/IEC
INTERNATIONALE 15408-3
Troisième édition
2008-08-15
Technologies de l'information —
Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 3:
Composants d'assurance de sécurité
Information technology — Security techniques — Evaluation criteria
for IT security —
Part 3: Security assurance components
Numéro de référence
ISO/IEC 15408-3:2008(F)
© ISO/IEC 2008
---------------------- Page: 1 ----------------------
ISO/IEC 15408-3:2008(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/IEC 2008
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
Fax: +41 22 749 09 47
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii
© ISO/IEC 2008 – Tous droits réservés
---------------------- Page: 2 ----------------------
ISO/IEC 15408-3:2008(F)
Sommaire Page
Avant-propos .ix
Introduction .xi
1 Domaine d'application .1
2 Références normatives .1
3 Termes, définitions, symboles et abréviations . 1
4 Vue d'ensemble . 1
4.1 Organisation de la présente partie de l'ISO/IEC 15408 . 1
5 Paradigme de l'assurance . 2
5.1 Philosophie de l'ISO/IEC 15408 . 2
5.2 Approche de l'assurance . 2
5.2.1 Importance des vulnérabilités . 2
5.2.2 Origine des vulnérabilités . 3
5.2.3 Assurance de l'ISO/IEC 15408 . 3
5.2.4 Assurance obtenue par l'évaluation . 3
5.3 L'échelle ISO/IEC 15408 d'assurance de l'évaluation . 4
6 Composants d'assurance de sécurité . 4
6.1 Structure des classes, des familles et des composants d'assurance de sécurité . 4
6.1.1 Structure d'une classe d'assurance . 4
6.1.2 Structure d'une famille d'assurance . 5
6.1.3 Structure d'un composant d'assurance . 6
6.1.4 Éléments d'assurance . 8
6.1.5 Taxinomie d'un composant . 8
6.2 Structure d'un EAL . 9
6.2.1 Nom de l'EAL . 9
6.2.2 Objectifs . 9
6.2.3 Notes d'application . 10
6.2.4 Composants d'assurance . 10
6.2.5 Relation entre exigences et niveaux d'assurance . 10
6.3 Structure d'un CAP . 11
6.3.1 Nom d'un CAP. 12
6.3.2 Objectifs .12
6.3.3 Notes d'application .12
6.3.4 Composants d'assurance .12
6.3.5 Relation entre exigences et niveaux d'assurance .13
7 Niveaux d'assurance de l'évaluation .14
7.1 Généralités sur les niveaux d'assurance de l'évaluation (EAL) . 14
7.2 Détails du niveau d'assurance de l'évaluation . 15
7.3 Niveau d'assurance de l'évaluation 1 (EAL1) — testé fonctionnellement .15
7.3.1 Objectifs . 15
7.3.2 Composants d'assurance . 16
7.4 Niveau d'assurance de l'évaluation 2 (EAL2) — testé structurellement . 16
7.4.1 Objectifs . 16
7.4.2 Composants d'assurance . 16
7.5 Niveau d'assurance de l'évaluation 3 (EAL3) — testé et vérifié méthodiquement . 17
7.5.1 Objectifs . 17
7.5.2 Composants d'assurance . 18
7.6 Niveau d'assurance de l'évaluation 4 (EAL4) — conçu, testé et revu
méthodiquement . 19
7.6.1 Objectifs . 19
7.6.2 Composants d'assurance . 19
7.7 Niveau d'assurance de l'évaluation 5 (EAL5) — conçu à l'aide de méthodes semi-
formelles et testé . 20
iii
© ISO/IEC 2008 – Tous droits réservés
---------------------- Page: 3 ----------------------
ISO/IEC 15408-3:2008(F)
7.7.1 Objectifs . 20
7.7.2 Composants d'assurance . 20
7.8 Niveau d'assurance de l'évaluation 6 (EAL6) — conception vérifiée à l'aide de
méthodes semi-formelles et testé . 21
7.8.1 Objectifs . 21
7.8.2 Composants d'assurance . 22
7.9 Niveau d'assurance de l'évaluation 7 (EAL7) — conception vérifiée à l'aide de
méthodes formelles et testé . .23
7.9.1 Objectifs .23
7.9.2 Composants d'assurance . 23
8 Paquets d'assurance composés .24
8.1 Généralités sur les paquets d'assurance composés (CAP) . 24
8.2 Détails des paquets d'assurance composés . 26
8.3 Niveau d'assurance de la composition A (CAP-A) — composé structurellement .26
8.3.1 Objectifs . 26
8.3.2 Composants d'assurance . 26
8.4 Niveau d'assurance de la composition B (CAP-B) — composé méthodiquement . 27
8.4.1 Objectifs . 27
8.4.2 Composants d'assurance . 27
8.5 Niveau d'assurance de la composition C (CAP-C) — composé, testé et revu
méthodiquement .28
8.5.1 Objectifs .28
8.5.2 Composants d'assurance .28
9 Classe APE: Évaluation d'un profil de protection.29
9.1 Introduction du PP (APE_INT) .30
9.1.1 Objectifs .30
9.1.2 APE_INT.1 Introduction du PP .30
9.2 Revendications de conformité (APE_CCL) . 31
9.2.1 Objectifs . 31
9.2.2 APE_CCL.1 Revendications de conformité . 31
9.3 Définition du problème de sécurité (APE_SPD) . 33
9.3.1 Objectifs . 33
9.3.2 APE_SPD.1 Définition du problème de sécurité . 33
9.4 Objectifs de sécurité (APE_OBJ) .34
9.4.1 Objectifs .34
9.4.2 Classement des composants .34
9.4.3 APE_OBJ.1 Objectifs de sécurité pour l'environnement opérationnel .34
9.4.4 APE_OBJ.2 Objectifs de sécurité .34
9.5 Définition des composants étendus (APE_ECD) .36
9.5.1 Objectifs .36
9.5.2 APE_ECD.1 Définitions des composants étendus .36
9.6 Exigences de sécurité (APE_REQ) . 37
9.6.1 Objectifs . 37
9.6.2 Classement des composants . 37
9.6.3 APE_REQ.1 Exigences de sécurité déclarées . 37
9.6.4 APE_REQ.2 Exigences de sécurité dérivées .38
10 Classe ASE: Évaluation d'une cible de sécurité .39
10.1 Introduction de la ST (ASE_INT) .40
10.1.1 Objectifs .40
10.1.2 ASE_INT.1 Introduction de la ST .40
10.2 Revendications de conformité (ASE_CCL) . 41
10.2.1 Objectifs . 41
10.2.2 ASE_CCL.1 Revendications de conformité . 41
10.3 Définition du problème de sécurité (ASE_SPD) . 43
10.3.1 Objectifs . 43
10.3.2 ASE_SPD.1 Définition du problème de sécurité . 43
10.4 Objectifs de sécurité (ASE_OBJ) .44
iv
© ISO/IEC 2008 – Tous droits réservés
---------------------- Page: 4 ----------------------
ISO/IEC 15408-3:2008(F)
10.4.1 Objectifs .44
10.4.2 Classement des composants .44
10.4.3 ASE_OBJ.1 Objectifs de sécurité pour l'environnement opérationnel.44
10.4.4 ASE_OBJ.2 Objectifs de sécurité.44
10.5 Définitions des composants étendus (ASE_ECD) .46
10.5.1 Objectifs .46
10.5.2 ASE_ECD.1 Définition des composants étendus .46
10.6 Exigences de sécurité (ASE_REQ) . 47
10.6.1 Objectifs . 47
10.6.2 Classement des composants . 47
10.6.3 ASE_REQ.1 Exigences de sécurité déclarées . 47
10.6.4 ASE_REQ.2 Exigences de sécurité dérivées .48
10.7 Spécifications globales de la TOE (ASE_TSS) .49
10.7.1 Objectifs .49
10.7.2 Classement des composants .49
10.7.3 ASE_TSS.1 Spécifications globales de la TOE .50
10.7.4 ASE_TSS.2 Spécifications globales de la TOE avec résumé de conception
architecturale .50
11 Classe ADV: Développement . .51
11.1 Architecture de sécurité (ADV_ARC) .56
11.1.1 Objectifs .56
11.1.2 Classement des composants .56
11.1.3 Notes d'application .56
11.1.4 ADV_ARC.1 Description de l'architecture de sécurité . 57
11.2 Spécifications fonctionnelles (ADV_FSP) .58
11.2.1 Objectifs .58
11.2.2 Classement des composants .58
11.2.3 Notes d'application .58
11.2.4 ADV_FSP.1 Spécification fonctionnelle de base . 61
11.2.5 ADV_FSP.2 Spécification fonctionnelle d'application de sécurité . 62
11.2.6 ADV_FSP.3 Spécification fonctionnelle avec résumé complet .63
11.2.7 ADV_FSP.4 Spécification fonctionnelle complète .64
11.2.8 ADV_FSP.5 Spécification fonctionnelle semi-formelle complète avec
informations d'erreurs supplémentaires .65
11.2.9 ADV_FSP.6 Spécification fonctionnelle semi-formelle complète avec
spécification formelle supplémentaire .66
11.3 Représentation de l'implémentation (ADV_IMP). 67
11.3.1 Objectifs . 67
11.3.2 Classement des composants .68
11.3.3 Notes d'application .68
11.3.4 ADV_IMP.1 Représentation de l'implémentation de la TSF .69
11.3.5 ADV_IMP.2 Mappage complet de la représentation de l'implémentation de
la TSF . . 70
11.4 Éléments internes de la TSF (ADV_INT) . 71
11.4.1 Objectifs . 71
11.4.2 Classement des composants . 71
11.4.3 Notes d'application . 71
11.4.4 ADV_INT.1 Sous-ensemble bien structuré d'éléments internes de la TSF . 71
11.4.5 ADV_INT.2 Éléments internes bien structurés .73
11.4.6 ADV_INT.3 Éléments internes minimalement complexes .74
11.5 Modélisation des politiques de sécurité (ADV_SPM) . 75
11.5.1 Objectifs . 75
11.5.2 Classement des composants . 75
11.5.3 Notes d'application .75
11.5.4 ADV_SPM.1 Modèle formel de politique de sécurité de la TOE . 76
11.6 Conception de la TOE (ADV_TDS) .77
11.6.1 Objectifs .77
11.6.2 Classement des composants .77
v
© ISO/IEC 2008 – Tous droits réservés
---------------------- Page: 5 ----------------------
ISO/IEC 15408-3:2008(F)
11.6.3 Notes d'application .77
11.6.4 ADV_TDS.1 Conception de base . 79
11.6.5 ADV_TDS.2 Conception architecturale .80
11.6.6 ADV_TDS.3 Conception modulaire de base .81
11.6.7 ADV_TDS.4 Conception modulaire semi-formelle .82
11.6.8 ADV_TDS.5 Conception modulaire semi-formelle complète .84
11.6.9 ADV_TDS.6 Conception modul
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.