| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 1 Scope 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 4 Abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 5 Overview 5.1 General 5.2 ISO\/IEC 15408 series description 5.2.1 General <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 5.2.2 Audience <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 5.3 Target of evaluation (TOE) 5.3.1 General 5.3.2 TOE boundaries <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 5.3.3 Different representations of the TOE 5.3.4 Different configurations of the TOE 5.3.5 Operational environment of the TOE <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 5.4 Presentation of material in this document 6 General model 6.1 Background 6.2 Assets and security controls <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 6.3 Core constructs of the paradigm of the ISO\/IEC 15408 series 6.3.1 General 6.3.2 Conformance types 6.3.3 Communicating security requirements <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 6.3.4 Meeting the needs of consumers (risk owners) <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 7 Specifying security requirements 7.1 Security problem definition (SPD) 7.1.1 General 7.1.2 Threats <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 7.1.3 Organizational security policies (OSPs) 7.1.4 Assumptions <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 7.2 Security objectives 7.2.1 General 7.2.2 Security objectives for the TOE 7.2.3 Security objectives for the operational environment <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 7.2.4 Relation between security objectives and the SPD 7.2.5 Tracing between security objectives and the SPD <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | 7.2.6 Providing a justification for the tracing 7.2.7 On countering threats 7.2.8 Security objectives: conclusion 7.3 Security requirements 7.3.1 General <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | 7.3.2 Security Functional Requirements (SFRs) <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 7.3.3 Security assurance requirements (SARs) <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 7.3.4 Security requirements: conclusion <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | 8 Security components 8.1 Hierarchical structure of security components 8.1.1 General 8.1.2 Class <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | 8.1.3 Family 8.1.4 Component 8.1.5 Element 8.2 Operations 8.2.1 General <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | 8.2.2 Iteration 8.2.3 Assignment <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | 8.2.4 Selection <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | 8.2.5 Refinement <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | 8.3 Dependencies between components 8.4 Extended components 8.4.1 General <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | 8.4.2 Defining extended components 9 Packages 9.1 General <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | 9.2 Package types 9.2.1 General 9.2.2 Assurance packages <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | 9.2.3 Functional packages 9.3 Package dependencies 9.4 Evaluation method(s) and activities <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | 10 Protection Profiles (PPs) 10.1 General 10.2 PP introduction 10.3 Conformance claims and conformance statements <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | 10.4 Security assurance requirements (SARs) 10.5 Additional requirements common to strict and demonstrable conformance 10.5.1 Conformance claims and conformance statements 10.5.2 Security problem definition (SPD) <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | 10.5.3 Security objectives 10.6 Additional requirements specific to strict conformance 10.6.1 Requirements for the security problem definition (SPD) 10.6.2 Requirements for the security objectives 10.6.3 Requirements for the security requirements <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | 10.7 Additional requirements specific to demonstrable conformance 10.8 Additional requirements specific to exact conformance 10.8.1 General 10.8.2 Conformance claims and statements <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | 10.9 Using PPs 10.10 Conformance statements and claims in the case of multiple PPs 10.10.1 General 10.10.2 Where strict or demonstrable conformance is specified 10.10.3 Where exact conformance is specified 11 Modular requirements construction 11.1 General <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | 11.2 PP-Modules 11.2.1 General 11.2.2 PP-Module Base 11.2.3 Requirements for PP-Modules <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | 11.3 PP-Configurations 11.3.1 General 11.3.2 Requirements for PP-Configurations <\/td>\n<\/tr>\n | ||||||
| 77<\/td>\n | 11.3.3 Usage of PP-Configurations <\/td>\n<\/tr>\n | ||||||
| 80<\/td>\n | 12 Security Targets (STs) 12.1 General 12.2 Conformance claims and statements <\/td>\n<\/tr>\n | ||||||
| 83<\/td>\n | 12.3 Assurance requirements 12.4 Additional requirements in the exact conformance case 12.4.1 Additional requirements for the conformance claim 12.4.2 Additional requirements for the SPD <\/td>\n<\/tr>\n | ||||||
| 84<\/td>\n | 12.4.3 Additional requirements for the security objectives 12.4.4 Additional requirements for the security requirements 12.5 Additional requirements in the multi-assurance case <\/td>\n<\/tr>\n | ||||||
| 86<\/td>\n | 13 Evaluation and evaluation results 13.1 General <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | 13.2 Evaluation context <\/td>\n<\/tr>\n | ||||||
| 89<\/td>\n | 13.3 Evaluation of PPs and PP-Configurations 13.4 Evaluation of STs 13.5 Evaluation of TOEs <\/td>\n<\/tr>\n | ||||||
| 90<\/td>\n | 13.6 Evaluation methods and evaluation activities 13.7 Evaluation results 13.7.1 Results of a PP evaluation 13.7.2 Results of a PP-Configuration evaluation 13.7.3 Results of a ST\/TOE evaluation <\/td>\n<\/tr>\n | ||||||
| 91<\/td>\n | 13.8 Multi-assurance evaluation <\/td>\n<\/tr>\n | ||||||
| 92<\/td>\n | 14 Composition of assurance 14.1 General <\/td>\n<\/tr>\n | ||||||
| 93<\/td>\n | 14.2 Composition models 14.2.1 Layered composition model <\/td>\n<\/tr>\n | ||||||
| 94<\/td>\n | 14.2.2 Network or bi-directional composition model 14.2.3 Embedded composition model <\/td>\n<\/tr>\n | ||||||
| 95<\/td>\n | 14.3 Evaluation techniques for providing assurance in composition models 14.3.1 General 14.3.2 ACO class for composed TOEs <\/td>\n<\/tr>\n | ||||||
| 96<\/td>\n | 14.3.3 Composite evaluation for composite products <\/td>\n<\/tr>\n | ||||||
| 107<\/td>\n | 14.4 Requirements for evaluations using composition techniques 14.4.1 Re-use of evaluation results <\/td>\n<\/tr>\n | ||||||
| 108<\/td>\n | 14.4.2 Composition evaluation issues <\/td>\n<\/tr>\n | ||||||
| 109<\/td>\n | 14.5 Evaluation by composition and multi-assurance <\/td>\n<\/tr>\n | ||||||
| 110<\/td>\n | Annex A (normative) Specification of packages <\/td>\n<\/tr>\n | ||||||
| 114<\/td>\n | Annex B (normative) Specification of Protection Profiles (PPs) <\/td>\n<\/tr>\n | ||||||
| 124<\/td>\n | Annex C (normative) Specification of PP-Modules and PP-Configurations <\/td>\n<\/tr>\n | ||||||
| 137<\/td>\n | Annex D (normative) Specification of Security Targets (STs) and Direct Rationale STs <\/td>\n<\/tr>\n | ||||||
| 148<\/td>\n | Annex E (normative) PP\/PP-Configuration conformance <\/td>\n<\/tr>\n | ||||||
| 153<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Information security, cybersecurity and privacy protection \u2014 Evaluation criteria for IT security – Part 1: Introduction and general model<\/b><\/p>\n |