BSI 21/30430578 DC:2021 Edition
$13.70
BS EN 17640. Fixed time cybersecurity evaluation methodology for ICT products
| Published By | Publication Date | Number of Pages |
| BSI | 2021 | 58 |
This document describes the cybersecurity evaluation methodology for ICT products. It is intended for use for all three assurance levels as defined in the Cybersecurity Act (i.e. basic, substantial and high). The methodology is comprised of different evaluation blocks including assessment activities that comply with the evaluation requirements of the CSA for the three levels. Where appropriate, it can be applied both to 3rd party evaluation and self-assessment. It is expected that this methodology may be used by different candidate schemes and verticals providing a common framework to evaluate ICT products.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 10 | 1 Scope 2 Normative references 3 Terms and definitions |
| 12 | 4 Conformance |
| 14 | 5 General concepts 5.1 Usage of this methodology 5.2 Knowledge of the TOE |
| 15 | 5.3 Development process evaluation 5.4 Attack Potential 5.5 Knowledge building |
| 16 | 6 Evaluation tasks 6.1 Completeness check 6.1.1 Aim 6.1.2 Evaluation method 6.1.3 Evaluator qualification 6.1.4 Evaluator work units 6.1.4.1 Work unit 1 6.1.4.2 Work unit 2 6.1.4.3 Work unit 3 6.2 Protection Profile Evaluation 6.2.1 Aim 6.2.2 Evaluation method |
| 17 | 6.2.3 Evaluator qualification 6.2.4 Evaluator work units 6.2.4.1 Work unit 1 |
| 18 | 6.3 Security Target Evaluation 6.3.1 Aim 6.3.2 Evaluation method 6.3.3 Evaluator qualification 6.3.4 Evaluator work units 6.3.4.1 Work unit 1a |
| 19 | 6.3.4.2 Work unit 1b 6.4 Review of security functionalities 6.4.1 Aim 6.4.2 Evaluation method 6.4.3 Evaluator qualification 6.4.4 Evaluator work units – Work unit 1 6.5 Development documentation 6.5.1 Aim |
| 20 | 6.5.2 Evaluation method 6.5.3 Evaluator qualification 6.5.4 Work units 6.5.4.1 Work unit 1 6.6 Evaluation of TOE Installation 6.6.1 Aim 6.6.2 Evaluation method 6.6.3 Evaluator qualification 6.6.4 Evaluator work units 6.6.4.1 Work unit 1 |
| 21 | 6.6.4.2 Work unit 2 6.6.4.3 Work unit 3 6.7 Conformance testing 6.7.1 Aim 6.7.2 Evaluation method 6.7.3 Evaluator qualification |
| 22 | 6.7.4 Evaluator work units 6.7.4.1 Work unit 1 6.7.4.2 Work unit 2 |
| 23 | 6.7.4.3 Work unit 3 6.8 Vulnerability review 6.8.1 Aim 6.8.2 Evaluation method 6.8.3 Evaluator qualification 6.8.4 Evaluator work units 6.8.4.1 Work unit 1 |
| 24 | 6.8.4.2 Work unit 2 6.9 Vulnerability testing 6.9.1 Aim 6.9.2 Evaluation method 6.9.3 Evaluator qualification |
| 25 | 6.9.4 Evaluator work units 6.9.4.1 Work unit 1 6.9.4.2 Work unit 2 6.9.4.3 Work unit 3 |
| 26 | 6.9.4.4 Work unit 4 6.9.4.5 Work unit 5 6.10 Penetration testing 6.10.1 Aim 6.10.2 Evaluation method 6.10.2.1 General |
| 27 | 6.10.2.2 Flaw Hypothesis Methodology 6.10.3 Evaluator qualification |
| 28 | 6.10.4 Evaluator work units 6.10.4.1 Work unit 1 6.10.4.2 Work unit 2 6.11 Basic crypto analysis 6.11.1 Aim 6.11.2 Evaluation method |
| 29 | 6.11.3 Evaluator qualification 6.11.4 Evaluator work units 6.11.4.1 Work unit 1 |
| 30 | 6.12 Extended crypto analysis 6.12.1 Aim 6.12.2 Evaluation method 6.12.3 Evaluator qualification 6.12.4 Evaluator work units 6.12.4.1 Work unit 1 |
| 31 | 6.12.4.2 Work unit 2 |
| 33 | Annex A (informative)Example for a structure of a Security Target A.1 General A.2 Example structure |
| 34 | A.3 Typical content of an ST |
| 35 | Annex B (normative)The concept of a Protection Profile B.1 General B.2 Aim and basic principles of a Protection Profile (PP) B.3 Guidance for schemes to implement the PP concept |
| 36 | Annex C (informative)Acceptance Criteria C.1 Introduction C.2 Identification, Authentication Control, and Access Control |
| 39 | C.3 Secure Boot |
| 40 | C.4 Cryptography |
| 41 | C.5 Secure State After Failure |
| 42 | C.6 Least Functionality |
| 43 | C.7 Update Mechanism |
| 44 | Annex D (informative)Guidance for integrating the methodology into a scheme D.1 General D.1.1 Introduction D.1.2 Perform a risk assessment, reviewing the vertical domain under consideration D.1.3 Assign the attack potential to the CSA levels D.1.4 Select the evaluation tasks required for this level D.1.5 Review and set the parameters for the tasks |
| 45 | D.1.6 Possible selection of additional or higher tasks D.1.7 Review and set the parameters for the additional tasks D.1.8 Set up and maintain further scheme requirements and guidelines |
| 46 | D.2 Example |
| 49 | Annex E (informative)Parameters of the methodology and the evaluation tasks E.1 General E.2 Parameters of the methodology E.3 Parameters of the evaluation tasks E.3.1 Parameters for 6.1 “Completeness check” E.3.2 Parameters for 6.2 “Protection Profile Evaluation” E.3.3 Parameters for 6.3 “Security Target Evaluation” E.3.4 Parameters for 6.4 “Review of security functionalities” E.3.5 Parameters for 6.5 “Development documentation” E.3.6 Parameters for 6.6 “Evaluation of TOE Installation” |
| 50 | E.3.7 Parameters for 6.7 “Conformance testing” E.3.8 Parameters for 6.8 “Vulnerability review” E.3.9 Parameters for 6.9 “Vulnerability testing” E.3.10 Parameters for 6.10 “Penetration testing” E.3.11 Parameters for 6.11 “Basic crypto analysis” E.3.12 Parameters for 6.12 “Extended crypto analysis” |
| 51 | Annex F (normative)Calculating the Attack Potential F.1 General F.2 Factors for Attack Potential F.3 Numerical factors for attack potential |
| 52 | F.3.1 Default rating table |
| 53 | F.3.2 Adaptation of the rating table |
| 56 | Annex G (normative)Reporting the results of an evaluation G.1 General G.2 Written reporting G.3 Oral defence of the results obtained |
Related products
-
BSI 21/30432278 DC:2021 Edition
BS ISO 16478. Thermal insulation products. Vacuum insulation panels (VIPs). Specification Published By Publication Date…
-
BSI 21/30430569 DC:2021 Edition
BS EN 16602-70-80. Space product assurance. Processing and quality assurance requirements for metallic powder bed…
-
BSI 21/30430873 DC:2021 Edition
BS EN 17644. Foodstuffs. Detection of food allergens by liquid chromatography. Mass spectrometry (LC-MS) methods.…
-
BSI 21/30430876 DC:2021 Edition
BS EN 16603-50-16. Space engineering. Time triggered Ethernet Published By Publication Date Number of Pages…
-
BSI 21/30430279 DC:2021 Edition
BS ISO 10231. Motorcycle tyres. Test methods for verifying tyre capabilities Published By Publication Date…
-
BSI 21/30433573 DC:2021 Edition
BS EN IEC 60626-1. Combined flexible materials for electrical insulation – Part 1. Definitions and…
-
BSI 21/30405786 DC:2021 Edition
BS ISO 24417. Surface chemical analysis. Analysis of metallic nanolayers on iron based substrates by…
-
BSI 21/30432478 DC:2021 Edition
BS EN 12201-1. Plastics piping systems for water supply, and for drainage and sewerage under…
-
BSI 21/30439574 DC:2021 Edition
BS EN 302-1. Adhesives for load-bearing timber structures. Test methods – Part 1. Determination of…
-
BSI 21/30430328 DC:2021 Edition
BS EN ISO 7278-2. Petroleum measurement systems – Part 2. Pipe prover design, calibration and…
-
BSI 21/30430526 DC:2021 Edition
BS EN 60335-1 AMD16. Household and similar electrical appliances. Safety – Part 1. General requirements…
-
BSI 21/30437878 DC:2021 Edition
BS EN IEC 62208. Empty enclosures for low-voltage switchgear and controlgear assemblies. General requirements Published…
-
BSI 21/30439057 DC:2021 Edition
BS EN IEC 61591. Cooking fume extractors. Methods for measuring performance Published By Publication Date…
-
BSI 21/30430498 DC:2021 Edition
BS EN ISO 306. Plastics. Thermoplastic materials. Determination of Vicat softening temperature (VST) Published By…
-
BSI 21/30435780 DC:2021 Edition
BS ISO/IEC 23003-4 AMD1. Information technology. MPEG audio technologies – Part 4. Dynamic range control…
-
BSI 21/30403058 DC:2021 Edition
BS ISO 21629-2. Bamboo floorings – Part 2. Outdoor use Published By Publication Date Number…
-
BSI 21/30430546 DC:2021 Edition
BS EN 1335-1 AMD1. Office furniture. Office work chair – Part 1. Dimensions. Determination of…
-
BSI 21/30437057 DC:2021 Edition
BS ISO 11171. Hydraulic fluid power. Calibration of automatic particle counters for liquids Published By…
-
BSI 21/30435079 DC:2021 Edition
BS EN 60601-2-6 AMD2. Medical electrical equipment – Part 2-6. Particular requirements for the basic…
-
BSI 21/30430540 DC:2021 Edition
BS EN 415-4. Safety of packaging machines – Part 4. Palletizers and depalletizers and associated…
-
BSI 21/30430248 DC:2021 Edition
BS EN ISO 23611-4. Soil quality. Sampling of soil invertebrates – Part 4. Sampling, extraction…
-
BSI 21/30430257 DC:2021 Edition
BS ISO 17506. Industrial automation systems and integration. COLLADA digital asset schema specification for 3D…
-
BSI 21/30435587 DC:2021 Edition
BS EN IEC 60793-2-10 AMD1. Optical fibres – Part 2-10. Product specifications. Sectional specification for…
-
BSI 21/30430372 DC:2021 Edition
BS ISO/IEC 23090-20. Information technology. Coded representation of immersive media – Part 20. Conformance for…
-
BSI 21/30435579 DC:2021 Edition
BS EN 60749-10. Semiconductor devices. Mechanical and climatic test methods – Part 10. Mechanical shock.…
-
BSI 21/30439577 DC:2021 Edition
BS EN 302-2. Adhesives for load-bearing timber structures. Test methods – Part 2. Determination of…
-
BSI 21/30430566 DC:2021 Edition
BS EN 15941. Sustainability of construction works. Data quality for environmental assessment of products and…
-
BSI 21/30450078 DC:2022 Edition
BS EN 10025-6:2019 AMD1. Hot rolled products of structural steels – Part 6. Technical delivery…
-
BSI 21/30430957 DC:2021 Edition
BS ISO 18951-1. Imaging materials. Scratch resistance of photographic prints – Part 1. General test…
-
BSI 21/30434576 DC:2021 Edition
BS EN ISO 21606. Dentistry. Elastomeric auxiliaries for use in orthodontics Published By Publication Date…
-
BSI 21/30435071 DC:2021 Edition
BS EN IEC 62561-2. Lightning protection system components (LPSC) – Part 2. Requirements for conductors…
-
BSI 21/30439538 DC:2021 Edition
BS EN 589 AMD1. Automotive fuels. LPG. Requirements and test methods Published By Publication Date…
-
BSI 21/30436978 DC:2021 Edition
BS EN 60255-1. Measuring relays and protection equipment – Part 1. Common requirements Published By…
-
BSI 21/30430590 DC:2021 Edition
BS EN 61951-1 AMD1. Secondary cells and batteries containing alkaline or other non-acid electrolytes. Secondary…
-
BSI 21/30435075 DC:2021 Edition
BS EN IEC 60601-2-3 AMD2. Medical electrical equipment – Part 2-3. Particular requirements for the…
-
BSI 21/30433978 DC:2021 Edition
BS EN 15714-3. Industrial valves. Actuators – Part 3. Pneumatic part-turn actuators for industrial valves.…
-
BSI 21/30430563 DC:2021 Edition
BS EN 17406 AMD1. Classification for bicycles usage Published By Publication Date Number of Pages…
-
BSI 21/30405789 DC:2021 Edition
BS EN ISO 16486-4. Plastics piping systems for the supply of gaseous fuels. Unplasticized polyamide…
-
BSI 21/30431579 DC:2021 Edition
BS EN 63281-0. Personal e-Transporters. Terminology and classification Published By Publication Date Number of Pages…
-
BSI 21/30435508 DC:2021 Edition
BS EN 10357. Austenitic, austenitic-ferritic and ferritic longitudinally welded stainless steel tubes for the food…
