ISO/IEC 15408-1:2009 信息技术 安全技术 IT安全的评估准则 第1部分：简介和一般模型

标准编号：ISO/IEC 15408-1:2009

中文名称：信息技术 安全技术 IT安全的评估准则 第1部分：简介和一般模型

英文名称：Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model

发布日期：2009-12

标准范围

ISO/IEC 15408-1:20 09建立了IT安全评估的一般概念和原则，并指定了ISO/IEC 15408各部分给出的一般评估模型，该模型整体上旨在用作IT产品安全属性评估的基础。它概述了ISO/IEC 15408的所有部分。它描述了ISO/IEC 15408的各个部分；定义ISO/IEC 15408所有部分中使用的术语和缩写；确立了评价目标（TOE）的核心概念；评估背景；并且描述了评价标准所针对的受众。介绍了评估IT产品所需的基本安全概念。它定义了ISO/IEC 15408中给出的功能和保证组件的各种操作-2和ISO/IEC 15408-3可以通过使用允许的操作来定制。指定了保护配置文件（PP）、安全需求包和一致性主题的关键概念，并描述了评估结果和评估结果。ISO/IEC 15408-1:20 09给出了安全目标（ST）规范的指南，并提供了整个模型中组件组织的描述。ISO/IEC 18045中给出了有关评估方法的一般信息，并提供了评估方案的范围。

ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.

It provides an overview of all parts of ISO/IEC 15408. It describes the various parts of ISO/IEC 15408; defines the terms and abbreviations to be used in all parts ISO/IEC 15408; establishes the core concept of a Target of Evaluation (TOE); the evaluation context; and describes the audience to which the evaluation criteria are addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.

It defines the various operations by which the functional and assurance components given in ISO/IEC 15408-2 and ISO/IEC 15408-3 may be tailored through the use of permitted operations.

The key concepts of protection profiles (PP), packages of security requirements and the topic of conformance are specified and the consequences of evaluation and evaluation results are described.

ISO/IEC 15408-1:2009 gives guidelines for the specification of Security Targets (ST) and provides a description of the organization of components throughout the model.

General information about the evaluation methodology is given in ISO/IEC 18045 and the scope of evaluation schemes is provided.

标准预览图