ISO/IEC TS 19608:2018 基于ISO/IEC 15408开发安全和隐私功能需求指南

标准编号：ISO/IEC TS 19608:2018

中文名称：基于ISO/IEC 15408开发安全和隐私功能需求指南

英文名称：Guidance for developing security and privacy functional requirements based on ISO/IEC 15408

发布日期：2018-10

标准范围

ISO/IEC TS 19608:2018本文件为以下方面提供了指导:-从ISO/IEC 15408-2中选择和指定安全功能要求（SFR）以保护个人身份信息（PII）；-以协调方式定义隐私和安全功能要求的程序；和-通过ISO/IEC 15408-2中描述的范例，基于ISO/IEC 29100中定义的隐私原则，将隐私功能要求开发为扩展组件。本文档的目标受众是:-实施处理PII的产品或系统并希望使用ISO/IEC 15408对这些产品进行安全评估的开发人员。他们将获得如何为其产品或系统的安全目标选择符合ISO/IEC 29100中定义的隐私原则的安全功能要求的指导；-关于保护PII的保护简介的作者；和-使用ISO/IEC 15408和ISO/IEC 18045进行安全评估的评估人员。本文件旨在完全符合ISO/IEC 15408；但是，如果本文件与ISO/IEC 15408之间有任何不一致之处，则以后者作为规范性标准为准。

ISO/IEC TS 19608:2018 This document provides guidance for:
- selecting and specifying security functional requirements (SFRs) from ISO/IEC 15408-2 to protect Personally Identifiable Information (PII);
- the procedure to define both privacy and security functional requirements in a coordinated manner; and
- developing privacy functional requirements as extended components based on the privacy principles defined in ISO/IEC 29100 through the paradigm described in ISO/IEC 15408-2.
The intended audience for this document are:
- developers who implement products or systems that deal with PII and want to undergo a security evaluation of those products using ISO/IEC 15408. They will get guidance how to select security functional requirements for the Security Target of their product or system that map to the privacy principles defined in ISO/IEC 29100;
- authors of Protection Profiles that address the protection of PII; and
- evaluators that use ISO/IEC 15408 and ISO/IEC 18045 for a security evaluation.
This document is intended to be fully consistent with ISO/IEC 15408; however, in the event of any inconsistency between this document and ISO/IEC 15408, the latter, as a normative standard, takes precedence.

标准预览图