ISO/IEC 15408-5:2022 信息安全、网络安全和隐私保护 IT安全评估标准 第5部分：预先定义的安全要求包

标准编号：ISO/IEC 15408-5:2022

中文名称：信息安全、网络安全和隐私保护 IT安全评估标准 第5部分：预先定义的安全要求包

英文名称：Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 5: Pre-defined packages of security requirements

发布日期：2022-08

标准范围

ISO/IEC 15408-5:20 22本文件提供了安全保证和安全功能要求包，已被确定为有助于支持利益相关者的共同使用。示例-提供的包的示例包括评估保证级别（EAL）和组合保证包（CAP）。本文件介绍:-评估保证级别(EAL)包系列，其指定可以在PPs和STs中引用的预定义的安全保证组件集，并且指定在评估目标(TOE)的评估期间要提供的适当的安全保证；-组合保证(CAP)包族，其指定用于指定在组合TOE的评估期间要提供的适当安全保证的安全保证组件的集合；-复合产品(COMP)包，其指定用于指定在评估复合产品TOEs期间要提供的适当安全保证的一组安全保证组件；-保护配置文件保证(PPA)包系列，其指定用于指定在保护配置文件评估期间要提供的适当安全保证的安全保证组件的集合；-安全目标保证(STA)包系列，其指定用于指定在安全目标评估期间提供的适当安全保证的安全保证组件的集合。本文档的用户可以包括安全IT产品的消费者、开发人员和评估人员。

ISO/IEC 15408-5:2022 This document provides packages of security assurance and security functional requirements that have been identified as useful in support of common usage by stakeholders.
EXAMPLE - Examples of provided packages include the evaluation assurance levels (EAL) and the composed assurance packages (CAPs).
This document presents:
- evaluation assurance level (EAL) family of packages that specify pre-defined sets of security assurance components that may be referenced in PPs and STs and which specify appropriate security assurances to be provided during an evaluation of a target of evaluation (TOE);
- composition assurance (CAP) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during an evaluation of composed TOEs;
- composite product (COMP) package that specifies a set of security assurance components used for specifying appropriate security assurances to be provided during an evaluation of a composite product TOEs;
- protection profile assurance (PPA) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during a protection profile evaluation;
- security target assurance (STA) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during a security target evaluation.
The users of this document can include consumers, developers, and evaluators of secure IT products.

标准预览图