Information technology — Security techniques — Methodology for IT security evaluation

ISO/IEC 18045:2005 is a companion document to ISO/IEC 15408, Information technology --Security techniques -- Evaluation criteria for IT security. ISO/IEC 18045 specifies the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408.

Technologies de l'information — Techniques de sécurité — Méthodologie pour l'évaluation de sécurité TI

General Information

Status
Withdrawn
Publication Date
06-Oct-2005
Withdrawal Date
06-Oct-2005
Current Stage
9599 - Withdrawal of International Standard
Completion Date
19-Aug-2008
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 18045:2005 - Information technology -- Security techniques -- Methodology for IT security evaluation
English language
276 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 18045
First edition
2005-10-01

Information technology — Security
techniques — Methodology for IT security
evaluation
Technologies de l'information — Techniques de sécurité —
Méthodologie pour l'évaluation de sécurité TI




Reference number
ISO/IEC 18045:2005(E)
©
ISO/IEC 2005

---------------------- Page: 1 ----------------------
ISO/IEC 18045:2005(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


©  ISO/IEC 2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2005 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 18045:2005(E)
Contents Page
Foreword .vii
Introduction .viii
1 Scope.1
2 Normative references.1
3 Terms and definitions.1
4 Symbols and abbreviated terms .3
5 Overview.3
5.1 Organisation of this International Standard .3
6 Document Conventions.3
6.1 Terminology.3
6.2 Verb usage.4
6.3 General evaluation guidance.4
6.4 Relationship between ISO/IEC 15408 and ISO/IEC 18045 structures.4
6.5 Evaluator verdicts.4
7 General evaluation tasks.5
7.1 Introduction.5
7.2 Evaluation input task.6
7.2.1 Objectives.6
7.2.2 Application notes.6
7.2.3 Management of evaluation evidence sub-task.7
7.3 Evaluation output task.7
7.3.1 Objectives.7
7.3.2 Application notes.8
7.3.3 Write OR sub-task.8
7.3.4 Write ETR sub-task.8
7.3.5 Evaluation sub-activities.13
8 Protection Profile evaluation.14
8.1 Introduction.14
8.2 PP evaluation relationships.14
8.3 Protection Profile evaluation activity.15
8.3.1 Evaluation of TOE description (APE_DES.1).15
8.3.2 Evaluation of Security environment (APE_ENV.1).16
8.3.3 Evaluation of PP introduction (APE_INT.1) .19
8.3.4 Evaluation of Security objectives (APE_OBJ.1).20
8.3.5 Evaluation of IT security requirements (APE_REQ.1) .23
8.3.6 Evaluation of Explicitly stated IT security requirements (APE_SRE.1).32
9 Security Target evaluation.35
9.1 Introduction.35
9.2 ST evaluation relationships.35
9.3 Security Target evaluation activity.36
9.3.1 Evaluation of TOE description (ASE_DES.1).36
9.3.2 Evaluation of Security environment (ASE_ENV.1).37
9.3.3 Evaluation of ST introduction (ASE_INT.1).40
9.3.4 Evaluation of Security objectives (ASE_OBJ.1).42
9.3.5 Evaluation of PP claims (ASE_PPC.1).45
9.3.6 Evaluation of IT security requirements (ASE_REQ.1) .46
9.3.7 Evaluation of Explicitly stated IT security requirements (ASE_SRE.1).56
© ISO/IEC 2005 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 18045:2005(E)
9.3.8 Evaluation of TOE summary specification (ASE_TSS.1). 58
10 EAL1 evaluation. 62
10.1 Introduction. 62
10.2 Objectives. 62
10.3 EAL1 evaluation relationships. 62
10.4 Configuration management activity. 63
10.4.1 Evaluation of CM capabilities (ACM_CAP.1). 63
10.5 Delivery and operation activity. 64
10.5.1 Evaluation of Installation, generation and start-up (ADO_IGS.1). 64
10.6 Development activity. 65
10.6.1 Application notes. 65
10.6.2 Evaluation of Functional specification (ADV_FSP.1). 66
10.6.3 Evaluation of Representation correspondence (ADV_RCR.1). 69
10.7 Guidance documents activity. 72
10.7.1 Application notes. 72
10.7.2 Evaluation of Administrator guidance (AGD_ADM.1). 72
10.7.3 Evaluation of User guidance (AGD_USR.1) . 75
10.8 Tests activity. 77
10.8.1 Application notes. 77
10.8.2 Evaluation of Independent testing (ATE_IND.1). 78
11 EAL2 evaluation. 81
11.1 Introduction. 81
11.2 Objectives. 82
11.3 EAL2 evaluation relationships. 82
11.4 Configuration management activity. 82
11.4.1 Evaluation of CM capabilities (ACM_CAP.2). 82
11.5 Delivery and operation activity. 85
11.5.1 Evaluation of Delivery (ADO_DEL.1). 85
11.5.2 Evaluation of Installation, generation and start-up (ADO_IGS.1). 86
11.6 Development activity. 87
11.6.1 Application notes. 87
11.6.2 Evaluation of Functional specification (ADV_FSP.1). 88
11.6.3 Evaluation of High-level design (ADV_HLD.1). 91
11.6.4 Evaluation of Representation correspondence (ADV_RCR.1). 94
11.7 Guidance documents activity. 97
11.7.1 Application notes. 97
11.7.2 Evaluation of Administrator guidance (AGD_ADM.1). 97
11.7.3 Evaluation of User guidance (AGD_USR.1) . 100
11.8 Tests activity. 102
11.8.1 Application notes. 102
11.8.2 Evaluation of Coverage (ATE_COV.1) . 103
11.8.3 Evaluation of Functional tests (ATE_FUN.1) . 104
11.8.4 Evaluation of Independent testing (ATE_IND.2). 108
11.9 Vulnerability assessment activity. 114
11.9.1 Evaluation of Strength of TOE security functions (AVA_SOF.1). 114
11.9.2 Evaluation of Vulnerability analysis (AVA_VLA.1). 116
12 EAL3 evaluation. 121
12.1 Introduction. 121
12.2 Objectives. 122
12.3 EAL3 evaluation relationships. 122
12.4 Configuration management activity. 122
12.4.1 Evaluation of CM capabilities (ACM_CAP.3). 122
12.4.2 Evaluation of CM scope (ACM_SCP.1) . 126
12.5 Delivery and operation activity. 127
12.5.1 Evaluation of Delivery (ADO_DEL.1). 127
12.5.2 Evaluation of Installation, generation and start-up (ADO_IGS.1). 128
12.6 Development activity. 129
12.6.1 Application notes. 130
iv © ISO/IEC 2005 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 18045:2005(E)
12.6.2 Evaluation of Functional specification (ADV_FSP.1) .130
12.6.3 Evaluation of High-level design (ADV_HLD.2) .134
12.6.4 Evaluation of Representation correspondence (ADV_RCR.1).138
12.7 Guidance documents activity .140
12.7.1 Application notes.140
12.7.2 Evaluation of Administrator guidance (AGD_ADM.1).140
12.7.3 Evaluation of User guidance (AGD_USR.1).143
12.8 Life cycle support activity.146
12.8.1 Evaluation of Development security (ALC_DVS.1) .146
12.9 Tests activity.148
12.9.1 Application notes.148
12.9.2 Evaluation of Coverage (ATE_COV.2).150
12.9.3 Evaluation of Depth (ATE_DPT.1).152
12.9.4 Evaluation of Functional tests (ATE_FUN.1) .154
12.9.5 Evaluation of Independent testing (ATE_IND.2).159
12.10 Vulnerability assessment activity.164
12.10.1 Evaluation of Misuse (AVA_MSU.1).164
12.10.2 Evaluation of Strength of TOE security functions (AVA_SOF.1) .167
12.10.3 Evaluation of Vulnerability analysis (AVA_VLA.1).169
13 EAL4 evaluation.174
13.1 Introduction.174
13.2 Objectives.175
13.3 EAL4 evaluation relationships.175
13.4 Configuration management activity.175
13.4.1 Evaluation of CM automation (ACM_AUT.1).175
13.4.2 Evaluation of CM capabilities (ACM_CAP.4) .177
13.4.3 Evaluation of CM scope (ACM_SCP.2).182
13.5 Delivery and operation activity .183
13.5.1 Evaluation of Delivery (ADO_DEL.2) .183
13.5.2 Evaluation of Installation, generation and start-up (ADO_IGS.1).185
13.6 Development activity.186
13.6.1 Application notes.186
13.6.2 Evaluation of Functional specification (ADV_FSP.2) .187
13.6.3 Evaluation of High-level design (ADV_HLD.2) .191
13.6.4 Evaluation of Implementation representation (ADV_IMP.1).195
13.6.5 Evaluation of Low-level design (ADV_LLD.1).197
13.6.6 Evaluation of Representation correspondence (ADV_RCR.1).200
13.6.7 Evaluation of Security policy modeling (ADV_SPM.1) .203
13.7 Guidance documents activity .206
13.7.1 Application notes.206
13.7.2 Evaluation of Administrator guidance (AGD_ADM.1).206
13.7.3 Evaluation of User guidance (AGD_USR.1).209
13.8 Life cycle support activity.211
13.8.1 Evaluation of Development security (ALC_DVS.1) .212
13.8.2 Evaluation of Life cycle definition (ALC_LCD.1).214
13.8.3 Evaluation of Tools and techniques (ALC_TAT.1).215
13.9 Tests activity.217
13.9.1 Application notes.217
13.9.2 Evaluation of Coverage (ATE_COV.2).218
13.9.3 Evaluation of Depth (ATE_DPT.1).220
13.9.4 Evaluation of Functional tests (ATE_FUN.1) .222
13.9.5 Evaluation of Independent testing (ATE_IND.2).227
13.10 Vulnerability assessment activity.232
13.10.1 Evaluation of Misuse (AVA_MSU.2).232
13.10.2 Evaluation of Strength of TOE security functions (AVA_SOF.1) .236
13.10.3 Evaluation of Vulnerability analysis (AVA_VLA.2).238
14 Flaw remediation sub-activities.250
14.1 Evaluation of flaw remediation (ALC_FLR.1).250
14.1.1 Objectives.250
© ISO/IEC 2005 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 18045:2005(E)
14.1.2 Input. 250

14.1.3 Action ALC_FLR.1.1E. 250
14.2 Evaluation of flaw remediation (ALC_FLR.2). 252
14.2.1 Objectives. 252
14.2.2 Input. 252
14.2.3 Action ALC_FLR.2.1E. 252
14.3 Evaluation of flaw remediation (ALC_FLR.3). 255
14.3.1 Objectives. 255
14.3.2 Input. 255
14.3.3 Action ALC_FLR.3.1E. 255
Annex A (normative) General evaluation guidance. 260
A.1 Objectives. 260
A.2 Sampling. 260
A.3 Consistency analysis. 262
A.4 Dependencies. 264
A.4.1 Dependencies between activities. 264
A.4.2 Dependencies between sub-activities. 264
A.4.3 Dependencies between actions. 264
A.5 Site Visits. 264
A.6 TOE Boundary. 265
A.6.1 Product and system. 265
A.6.2 TOE. 266
A.6.3 TSF. 266
A.6.4 Evaluation. 266
A.6.5 Certification. 267
A.7 Threats and FPT Requirements. 267
A.7.1 TOEs not necessarily requiring the FPT class . 268
A.7.2 Impact upon Assurance Families. 268
A.8 St
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.