INCITS/ISO/IEC 18045 : 2008(R2018)
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - METHODOLOGY FOR IT SECURITY EVALUATION
Hardcopy , PDF
26-12-2023
English
01-01-2008
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Overview
5.1 Organisation of this International Standard
6 Document Conventions
6.1 Terminology
6.2 Verb usage
6.3 General evaluation guidance
6.4 Relationship between ISO/IEC 15408 and ISO/IEC 18045
structures
7 Evaluation process and related tasks
7.1 Introduction
7.2 Evaluation process overview
7.3 Evaluation input task
7.4 Evaluation sub-activities
7.5 Evaluation output task
8 Class APE: Protection Profile evaluation
8.1 Introduction
8.2 Application notes
8.3 PP introduction (APE_INT)
8.4 Conformance claims (APE_CCL)
8.5 Security problem definition (APE_SPD)
8.6 Security objectives (APE_OBJ)
8.7 Extended components definition (APE_ECD)
8.8 Security requirements (APE_REQ)
9 Class ASE: Security Target evaluation
9.1 Introduction
9.2 Application notes
9.3 ST introduction (ASE_INT)
9.4 Conformance claims (ASE_CCL)
9.5 Security problem definition (ASE_SPD)
9.6 Security objectives (ASE_OBJ)
9.7 Extended components definition (ASE_ECD)
9.8 Security requirements (ASE_REQ)
9.9 TOE summary specification (ASE_TSS)
10 Class ADV: Development
10.1 Introduction
10.2 Application notes
10.3 Security Architecture (ADV_ARC)
10.4 Functional specification (ADV_FSP)
10.5 Implementation representation (ADV_IMP)
10.6 TSF internals (ADV_INT)
10.7 Security policy modelling (ADV_SPM)
10.8 TOE design (ADV_TDS)
11 Class AGD: Guidance documents
11.1 Introduction
11.2 Application notes
11.3 Operational user guidance (AGD_OPE)
11.4 Preparative procedures (AGD_PRE)
12 Class ALC: Life-cycle support
12.1 Introduction
12.2 CM capabilities (ALC_CMC)
12.3 CM scope (ALC_CMS)
12.4 Delivery (ALC_DEL)
12.5 Development security (ALC_DVS)
12.6 Flaw remediation (ALC_FLR)
12.7 Life-cycle definition (ALC_LCD)
12.8 Tools and techniques (ALC_TAT)
13 Class ATE: Tests
13.1 Introduction
13.2 Application notes
13.3 Coverage (ATE_COV)
13.4 Depth (ATE_DPT)
13.5 Functional tests (ATE_FUN)
13.6 Independent testing (ATE_IND)
14 Class AVA: Vulnerability assessment
14.1 Introduction
14.2 Vulnerability analysis (AVA_VAN)
15 Class ACO: Composition
15.1 Introduction
15.2 Application notes
15.3 Composition rationale (ACO_COR)
15.4 Development evidence (ACO_DEV)
15.5 Reliance of dependent component (ACO_REL)
15.6 Composed TOE testing (ACO_CTT)
15.7 Composition vulnerability analysis (ACO_VUL)
Annex A (informative) General evaluation guidance
A.1 Objectives
A.2 Sampling
A.3 Dependencies
A.4 Site Visits
A.5 Scheme Responsibilities
Annex B (informative) Vulnerability Assessment (AVA)
B.1 What is Vulnerability Analysis
B.2 Evaluator construction of a Vulnerability Analysis
B.3 When attack potential is used
B.4 Calculating attack potential
B.5 Example calculation for direct attack
Important note : All end users must be registered with an Account prior to user licenses being assigned.Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.