SANS 15446-2009 Information technology - Security techniques - Guide for the production of Protection Profiles and Security Targets《信息技术 安全技术 保障轮廓和安全目标用指南》.pdf

1、 Collection of SANS standards in electronic format (PDF) 1. Copyright This standard is available to staff members of companies that have subscribed to the complete collection of SANS standards in accordance with a formal copyright agreement. This document may reside on a CENTRAL FILE SERVER or INTRA

2、NET SYSTEM only. Unless specific permission has been granted, this document MAY NOT be sent or given to staff members from other companies or organizations. Doing so would constitute a VIOLATION of SABS copyright rules. 2. Indemnity The South African Bureau of Standards accepts no liability for any

3、damage whatsoever than may result from the use of this material or the information contain therein, irrespective of the cause and quantum thereof. ISBN 978-0-626-23168-2 SANS 15446:2009 Edition 2 ISO/IEC TR 15446:2009 Edition 2 SOUTH AFRICAN NATIONAL STANDARD Information technology Security techniqu

4、es Guide for the production of Protection Profiles and Security Targets This national standard is the identical implementation of ISO/IEC TR 15446:2009 and is adopted with the permission of the International Electrotechnical Commission. Published by SABS Standards Division 1 Dr Lategan Road Groenklo

5、of envelopeback Private Bag X191 Pretoria 0001 Tel: +27 12 428 7911 Fax: +27 12 344 1568 www.sabs.co.za SABS SANS 15446:2009 Edition 2 ISO/IEC TR 15446:2009 Edition 2 Table of changes Change No. Date Scope National foreword This South African standard was approved by National Committee SABS SC 71F,

6、Information technology Information security, in accordance with procedures of the SABS Standards Division, in compliance with annex 3 of the WTO/TBT agreement. This SANS document was published in December 2009. This SANS document supersedes SANS 15446:2005 (edition 1). Reference numberISO/IEC TR 154

7、46:2009(E)ISO/IEC 2009TECHNICAL REPORT ISO/IECTR15446Second edition2009-03-01Information technology Security techniques Guide for the production of Protection Profiles and Security Targets Technologies de linformation Techniques de scurit Guide pour la production de profils de protection et de cible

8、s de scurit SANS 15446:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC TR 15446:2009(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed bu

9、t shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this

10、area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for us

11、e by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2009 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized

12、 in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41

13、 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2009 All rights reservedSANS 15446:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS . ISO 2009 All rights reserved iiiContents Page Foreword .vii Intr

14、oductionviii 1 Scope1 2 Normative references1 3 Terms and definitions .1 4 Abbreviations.1 5 Purpose and structure of this technical report 2 6 An overview of PPs and STs 3 6.1 Introduction3 6.2 Audience 3 6.3 The use of PPs and STs3 6.3.1 Introduction3 6.3.2 Specification-based purchasing processes

15、 .4 6.3.3 Selection-based purchasing processes7 6.3.4 Other uses of PPs8 6.4 The PP/ST development process.9 6.5 Reading and understanding PPs and STs9 6.5.1 Introduction9 6.5.2 Reading the TOE overview .10 6.5.3 Reading the TOE description .11 6.5.4 Security objectives for the operational environme

16、nt 12 6.5.5 Reading the conformance claim12 6.5.6 Conformance to Protection Profiles13 ISO/IEC TR 15446:2009(E) SANS 15446:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .iv ISO 2009 All rights reserved6.5.7 EALs and other assurance issue

17、s .13 6.5.8 Summary.14 6.5.9 Further reading 15 7 Specifying the PP/ST introduction.15 8 Specifying conformance claims.15 9 Specifying the security problem definition.16 9.1 Introduction16 9.2 Identifying the informal security requirement 18 9.2.1 Introduction18 9.2.2 Sources of information .18 9.2.

18、3 Documenting the informal requirement 20 9.3 How to identify and specify threats .21 9.3.1 Introduction21 9.3.2 Deciding on a threat analysis methodology .21 9.3.3 Identifying participants .22 9.3.4 Applying the chosen threat analysis methodology .26 9.3.5 Practical advice27 9.4 How to identify and

19、 specify policies28 9.5 How to identify and specify assumptions.29 9.6 Finalising the security problem definition 31 10 Specifying the security objectives.32 10.1 Introduction32 10.2 Structuring the threats, policies and assumptions34 10.3 Identifying the non-IT operational environment objectives 34

20、 10.4 Identifying the IT operational environment objectives 35 10.5 Identifying the TOE objectives .36 10.6 Producing the objectives rationale39 ISO/IEC TR 15446:2009(E) SANS 15446:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS . ISO 2009

21、 All rights reserved v11 Specifying extended component definitions40 12 Specifying the security requirements .43 12.1 Introduction43 12.2 The security paradigms in ISO/IEC 15408 45 12.2.1 Explanation of the security paradigms and their usage for modelling the security functionality .45 12.2.2 Contro

22、lling access to and use of resources and objects .45 12.2.3 User management .49 12.2.4 TOE self protection .50 12.2.5 Securing communication .51 12.2.6 Security audit.52 12.2.7 Architectural requirements 53 12.3 How to specify security functional requirements in a PP or ST.54 12.3.1 How should secur

23、ity functional requirements be selected? 54 12.3.2 Selecting SFRs from ISO/IEC 15408-2.57 12.3.3 How to perform operations on security functional requirements59 12.3.4 How should the audit requirements be specified?61 12.3.5 How should management requirements be specified?.62 12.3.6 How should SFRs

24、taken from a PP be specified? .63 12.3.7 How should SFRs not in a PP be specified? 63 12.3.8 How should SFRs not included in Part 2 of ISO/IEC 15408 be specified? 64 12.3.9 How should the SFRs be presented?64 12.3.10 How to develop the security requirements rationale.65 12.4 How to specify assurance

25、 requirements in a PP or ST.66 12.4.1 How should security assurance requirements be selected? .66 12.4.2 How to perform operations on security assurance requirements .67 12.4.3 How should SARs not included in Part 3 of ISO/IEC 15408 be specified in a PP or ST? 67 12.4.4 Security assurance requiremen

26、ts rationale .68 13 The TOE summary specification68 ISO/IEC TR 15446:2009(E) SANS 15446:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .vi ISO 2009 All rights reserved14 Specifying PP/STs for composed and component TOEs69 14.1 Composed TO

27、Es69 14.2 Component TOEs 72 15 Special cases .72 15.1 Low assurance Protection Profiles and Security Targets.72 15.2 Conforming to national interpretations.73 15.3 Functional and assurance packages.73 16 Use of automated tools.73 Annex A (informative) Example for the definition of an extended compon

28、ent.75 Bibliography78 Index .79 ISO/IEC TR 15446:2009(E) SANS 15446:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS . ISO 2009 All rights reserved viiForeword ISO (the International Organization for Standardization) and IEC (the Internatio

29、nal Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields

30、of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a join

31、t technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee

32、 are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. In exceptional circumstances, the joint technical committee may propose the publication of a Technical Report of one of the following type

33、s: type 1, when the required support cannot be obtained for the publication of an International Standard, despite repeated efforts; type 2, when the subject is still under technical development or where for any other reason there is the future but not immediate possibility of an agreement on an Inte

34、rnational Standard; type 3, when the joint technical committee has collected data of a different kind from that which is normally published as an International Standard (“state of the art”, for example). Technical Reports of types 1 and 2 are subject to review within three years of publication, to d

35、ecide whether they can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to be reviewed until the data they provide are considered to be no longer valid or useful. Attention is drawn to the possibility that some of the elements of this document may be t

36、he subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC TR 15446, which is a Technical Report of type 3, was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques.

37、This second edition cancels and replaces the first edition (ISO/IEC TR 15446:2004), which has been technically revised. ISO/IEC TR 15446:2009(E) SANS 15446:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .viii ISO 2009 All rights reservedI

38、ntroduction This Technical Report is an adjunct to ISO/IEC 15408 Information technology Security techniques Evaluation criteria for IT security. ISO/IEC 15408 introduces the concepts of Protection Profiles (PPs) and Security Targets (STs). A Protection Profile is an implementation-independent statem

39、ent of security needs for a type of IT product that can then be evaluated against ISO/IEC 15408, whereas a Security Target is a statement of security needs for a specific ISO/IEC 15408 target of evaluation (TOE). Unlike previous editions, the third edition of ISO/IEC 15408 provides a comprehensive e

40、xplanation of what needs to go into a PP or ST. However, the third edition of ISO/IEC 15408 still does not provide any explanation or guidance of how to go about creating a PP or ST, or how to use a PP or ST in practice when specifying, designing or implementing secure systems. This Technical Report

41、 is intended to fill that gap. It represents the collective experience over many years from leading experts in ISO/IEC 15408 evaluation and the development of secure IT products. ISO/IEC TR 15446:2009(E) SANS 15446:2009This s tandard may only be used and printed by approved subscription and freemail

42、ing clients of the SABS .TECHNICAL REPORT ISO/IEC TR 15446:2009(E) ISO 2009 All rights reserved 11 Scope This Technical Report provides guidance relating to the construction of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with the third edition of ISO/IEC 15

43、408. It is also applicable to PPs and STs compliant with Common Criteria Version 3.1 1, a technically identical standard published by the Common Criteria Management Board, a consortium of governmental organizations involved in IT security evaluation and certification. This Technical Report is not in

44、tended as an introduction to evaluation using ISO/IEC 15408. Readers who seek such an introduction should read Part 1 of ISO/IEC 15408. This Technical Report does not deal with associated tasks beyond PP and ST specifications such as PP registration and the handling of protected intellectual propert

45、y. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 15408-2:2008, I

46、nformation technology Security techniques Evaluation criteria for IT security Part 2: Security functional components ISO/IEC 15408-3:2008, Information technology Security techniques Evaluation criteria for IT security Part 3: Security assurance components ISO/IEC 18045:2008, Information technology S

47、ecurity techniques Methodology for IT security evaluation 3 Terms and definitions 4 Abbreviations For the purposes of this document, the abbreviations given in ISO/IEC 15408-1:1)and the following apply. COTS Commercial Off The Shelf Information technology Security techniques Guide for the production

48、 of Protection Profiles and Security Targets ISO/IEC 15408-1:1), Information technology Security techniques Evaluation criteria for IT security Part 1: Introduction and general model For the purposes of this document, the terms and definitions given in ISO/IEC 15408-1:1)apply. 1) To be published. Te

49、chnical revision of ISO/IEC 15408-1:2005. SANS 15446:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .2 ISO 2009 All rights reservedCRL Certificate Revocation List LDAP Lightweight Directory Access Protocol SPD Security Problem Definition SSL Secure Sockets Layer TLS Transport Layer Security 5 Purpose and structure of this technical report This Technical Report is intended to help people who have to prepare Protection Profiles (