GOST R 54582-2011 Information technology Security techniques Aframework for IT security assurance Part 2 Assurance methods《信息技术 安全技术 IT安全保障框架 第2部分 保障方法》.pdf

1、 545822011/ISO/IEC/TR15443-2:2005 2 ISO/IEC TR 15443-2:2005Information technology Security techniques A framework for IT securityassurance Part 2: Assurance methods(IDT) 27 2002 . 184- , 1.02004 . 1 - - ( ),()-,42 -12011.690-3 ISO/IECR15443-2:2005-. 2. (ISO/IEC TR 15443-2:2005 Information technology

2、 Securitytechniques AframeworkforITsecurityassurance Part2:Assurancemethods)-,4 ,-.().-, ,2013 , -II 545822011/ISO/IEC/TR 15443-2:20051 .11.1 11.2 11.3 .22 23 , 44 45 .45.1 .45.2 55.3 55.4 .55.5 .76 .76.1 / 15408 c20776.2 TCSEC c207 86.3 ITSEC/ITSEM -c207.106.4 c207116.5 KISEC/KISEM -c207 .126.6 RAM

3、P c207 136.7 R ( c207).136.8 c207146.9 c207156.10 (RUP) 156.11 / 15288 .166.12 / 12207 .176.13 V- 186.14 / 14598 196.15 X/Openc207.206.16 SCT 216.17 / 21827 (SSE-CMM) .226.18 c207.236.19 CMMI 246.20 / 15504 .256.21 ( ) .256.22 SE-CMM 266.23 TSDM .27III 545822011/ISO/IEC/TR 15443-2:20056.24 SdoC .286

4、.25 S-CMM . . 286.26 9000 .296.27 13407 (HCD) 306.28 ( ) 316.29 / 17025 .326.30 / 13335 336.31 BS 7799-2 . - c207346.32 / 17799 c207 346.33 FR ( ) 356.34 c207 366.35 c207 376.36 ( ).386.37 ( )c207.39 () - 4143IV 545822011/ISO/IEC/TR 15443-2:2005 , - (), - , , , , 545812011/ISO/IEC/TR 15443-1:2005. ,

5、 , . - . , , 545812011/ISO/IEC/TR 15443-1:2005., , , - . , - . , , , , , . . , , , , . 545812011/ISO/IEC/TR 15443-1:2005. , ; , , -.,- (, CASCO) (/ 2); , , , .V 545822011/ISO/IEC/TR 15443-2:2005 2 Information technology. Security techniques. A framework for IT security assurance. Part 2. Assurance m

6、ethods 201212011 1.1 ,-, (), . - , , . , . , , , , . , . , -, , / 15443-1. , - , .1.2 . - , , . , - . :1) ( , , - );2) ( , ; - , , (), );3) ( , , , );1 545822011/ISO/IEC/TR 15443-2:2005 4) ( , );5) ( , , );6) ( , ) - - ;7) ( , - ) .1.3 ./15443-3 , - . - .2 . ( ). 9000 . (ISO 9000, Qualitymanagement

7、systems Fundamentals and vocabulary) 9001 . (ISO 9001, Quality managementsystems Requirements)/ 9126-11). . 1. (ISO/IEC 9126-1, Software engineering Product quality Part 1: Quality model)/ 122072) . (ISO/IEC 12207, Information technology Software life cycle processes)/ 13335-13) . -. . 1. - (ISO/IEC

8、 13335-1, information technology Security techniques Management of information andcommunications technology security Part 1: Concepts and models for information and communicationstechnology security management)/ 13335-24) . o - . 2. - (ISO/IEC TR 13335-2, Information technology Guidelines for the ma

9、nagement of ITSecurity Part 2: Managing and planning IT Security)/ 13335-35) . -.3.- (ISO/IEC TR 13335-3, Information technology Guidelines for the management of ITSecurity Part 3: Techniques for the management of IT Security)1) / 250102011 . (SQuaRE). - (ISO/IEC 25010 Systems and software engineeri

10、ng Systems and software QualityRequirements and Evaluation (SQuaRE) System and software quality models).2) / 12207 . (ISO/IEC 12207, Systems and software engineering Software life cycle processes).3).4).5) / 27005 . -. (ISO/IEC 27005 Information technology Securitytechniques Information security risk management).2 545822011/ISO/IEC/TR 15443-2:2005/ 13335-41)