ISO/IEC TS 9569:2023 信息安全、网络安全和隐私保护 IT安全评估准则 ISO/IEC 15408系列和ISO/IEC 18045的补丁管理扩展

标准编号：ISO/IEC TS 9569:2023

中文名称：信息安全、网络安全和隐私保护 IT安全评估准则 ISO/IEC 15408系列和ISO/IEC 18045的补丁管理扩展

英文名称：Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Patch Management Extension for the ISO/IEC 15408 series and ISO/IEC 18045

发布日期：2023-11

标准范围

ISO/IEC TS 9569:2023本文件规定了补丁管理(PAM)安全保证要求，旨在用作ISO/IEC 15408系列和ISO/IEC 18045的扩展。本文件中规定的安全保证要求不包括对最终评估目标（TOE）的评估或测试活动，而是侧重于初始TOE和制造商使用的生命周期过程。此外，本文档提供了有助于评估TOE的指南，包括支持补丁管理的补丁和开发流程。本文件列出了评估机构（或相互认可协议）如何在其流程中利用附加保证和附加证据的选项，以使开发人员能够一致地重新认证其更新或修补的TOEs，从而使用户受益。使用评估方案实施这些选项超出了本文档的范围。

ISO/IEC TS 9569:2023 This document specifies patch management (PAM) security assurance requirements and is intended to be used as an extension of the ISO/IEC 15408 series and ISO/IEC 18045.
The security assurance requirements specified in this document do not include evaluation or test activities on the final target of evaluation (TOE), but focus on the initial TOE and on the life cycle processes used by manufacturers. Additionally, this document gives guidance to facilitate the evaluation of the TOE, including the patch and development processes which support the patch management.
This document lists options for evaluation authorities (or mutual recognition agreements) on how to utilize the additional assurance and additional evidence in their processes to enable the developer to consistently re-certify their updated or patched TOEs to the benefit of the users. The implementation of these options using an evaluation scheme is out of the scope of this document.

标准预览图