BS EN ISO/IEC 15408-1:2023

$215.11

Information security, cybersecurity and privacy protection. Evaluation criteria for IT security – Introduction and general model

Published By	Publication Date	Number of Pages
BSI	2023	156

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

PDF Catalog

PDF Pages	PDF Title
2	undefined
27	5.1 General 5.2 ISO/IEC 15408 series description 5.2.1 General
28	5.2.2 Audience
31	5.3 Target of evaluation (TOE) 5.3.1 General 5.3.2 TOE boundaries
32	5.3.3 Different representations of the TOE 5.3.4 Different configurations of the TOE 5.3.5 Operational environment of the TOE
33	5.4 Presentation of material in this document 6.1 Background 6.2 Assets and security controls
36	6.3 Core constructs of the paradigm of the ISO/IEC 15408 series 6.3.1 General 6.3.2 Conformance types 6.3.3 Communicating security requirements
39	6.3.4 Meeting the needs of consumers (risk owners)
41	7.1 Security problem definition (SPD) 7.1.1 General 7.1.2 Threats
42	7.1.3 Organizational security policies (OSPs) 7.1.4 Assumptions
43	7.2 Security objectives 7.2.1 General 7.2.2 Security objectives for the TOE 7.2.3 Security objectives for the operational environment
44	7.2.4 Relation between security objectives and the SPD 7.2.5 Tracing between security objectives and the SPD
45	7.2.6 Providing a justification for the tracing 7.2.7 On countering threats 7.2.8 Security objectives: conclusion 7.3 Security requirements 7.3.1 General
46	7.3.2 Security Functional Requirements (SFRs)
48	7.3.3 Security assurance requirements (SARs)
49	7.3.4 Security requirements: conclusion
50	8.1 Hierarchical structure of security components 8.1.1 General 8.1.2 Class
51	8.1.3 Family 8.1.4 Component 8.1.5 Element 8.2 Operations 8.2.1 General
52	8.2.2 Iteration 8.2.3 Assignment
53	8.2.4 Selection
55	8.2.5 Refinement
56	8.3 Dependencies between components 8.4 Extended components 8.4.1 General
57	8.4.2 Defining extended components 9.1 General
58	9.2 Package types 9.2.1 General 9.2.2 Assurance packages
59	9.2.3 Functional packages 9.3 Package dependencies 9.4 Evaluation method(s) and activities
60	10.1 General 10.2 PP introduction 10.3 Conformance claims and conformance statements
63	10.4 Security assurance requirements (SARs) 10.5 Additional requirements common to strict and demonstrable conformance 10.5.1 Conformance claims and conformance statements 10.5.2 Security problem definition (SPD)
64	10.5.3 Security objectives 10.6 Additional requirements specific to strict conformance 10.6.1 Requirements for the security problem definition (SPD) 10.6.2 Requirements for the security objectives 10.6.3 Requirements for the security requirements
65	10.7 Additional requirements specific to demonstrable conformance 10.8 Additional requirements specific to exact conformance 10.8.1 General 10.8.2 Conformance claims and statements
66	10.9 Using PPs 10.10 Conformance statements and claims in the case of multiple PPs 10.10.1 General 10.10.2 Where strict or demonstrable conformance is specified 10.10.3 Where exact conformance is specified 11.1 General
67	11.2 PP-Modules 11.2.1 General 11.2.2 PP-Module Base 11.2.3 Requirements for PP-Modules
71	11.3 PP-Configurations 11.3.1 General 11.3.2 Requirements for PP-Configurations
77	11.3.3 Usage of PP-Configurations
80	12.1 General 12.2 Conformance claims and statements
83	12.3 Assurance requirements 12.4 Additional requirements in the exact conformance case 12.4.1 Additional requirements for the conformance claim 12.4.2 Additional requirements for the SPD
84	12.4.3 Additional requirements for the security objectives 12.4.4 Additional requirements for the security requirements 12.5 Additional requirements in the multi-assurance case
86	13.1 General
88	13.2 Evaluation context
89	13.3 Evaluation of PPs and PP-Configurations 13.4 Evaluation of STs 13.5 Evaluation of TOEs
90	13.6 Evaluation methods and evaluation activities 13.7 Evaluation results 13.7.1 Results of a PP evaluation 13.7.2 Results of a PP-Configuration evaluation 13.7.3 Results of a ST/TOE evaluation
91	13.8 Multi-assurance evaluation
92	14.1 General
93	14.2 Composition models 14.2.1 Layered composition model
94	14.2.2 Network or bi-directional composition model 14.2.3 Embedded composition model
95	14.3 Evaluation techniques for providing assurance in composition models 14.3.1 General 14.3.2 ACO class for composed TOEs
96	14.3.3 Composite evaluation for composite products
107	14.4 Requirements for evaluations using composition techniques 14.4.1 Re-use of evaluation results
108	14.4.2 Composition evaluation issues
109	14.5 Evaluation by composition and multi-assurance

Additional information

Status	Definitive
Title	Information security, cybersecurity and privacy protection. Evaluation criteria for IT security – Introduction and general model
Corrects	BS ISO/IEC 15408-1:2022
Replaces	BS EN ISO/IEC 15408-1:2020
Publisher	BSI
Committee	IST/33
Pages	156
Publication Date	2023-12-19
ISBN	978 0 539 28228 3
Standard Number	BS EN ISO/IEC 15408-1:2023
Identical National Standard Of	ISO/IEC 15408-1:2022, EN ISO /IEC 15408-1:2023
Descriptors	Consumers, Acceptance (approval), Information exchange, Quality assurance, Selection, Estimation, Data processing, Data security, Data storage protection, Assets
ICS Codes	35.030 - IT Security

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN ISO/IEC 15408-1:2023

PDF Catalog

Related products