Electronic fee collection. Guidelines for security protection profiles

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

04-30-2017

Publisher

British Standards Institution

European foreword
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 EFC security architecture and protection profile processes
6 Outlines of Protection Profile
Annex A (informative) - Procedures for preparing
        documents
Annex B (informative) - Example of threat
        analysis evaluation method
Annex C (informative) - Relevant security standards
        in the context of the EFC
Annex D (informative) - Common Criteria Recognition
        Arrangement (CCRA)
Bibliography

Gives guidelines for preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in ISO/IEC 15408 (all parts) and in ISO/IEC TR 15446.

This document provides guidelines for preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in ISO/IEC15408 ( allparts ) and in ISO/IECTR15446 . By Protection Profile (PP), it means a set of security requirements for a category of products or systems that meet specific needs. A typical example would be a PP for On-Board Equipment (OBE) to be used in an EFC system. However, the guidelines in this document are superseded if a Protection Profile already exists for the subsystem in consideration. The target of evaluation (TOE) for EFC is limited to EFC specific roles and interfaces as shown in Figure 1. Since the existing financial security standards and criteria are applicable to other external roles and interfaces, they are assumed to be outside the scope of TOE for EFC. Figure1 Scope of TOE for EFC The security evaluation is performed by assessing the security-related properties of roles, entities and interfaces defined in security targets (STs), as opposed to assessing complete processes which often are distributed over more entities and interfaces than those covered by the TOE of this document. NOTE Assessing security issues for complete processes is a complimentary approach, which may well be beneficial to apply when evaluating the security of a system.

Committee	EPL/278
DevelopmentNote	Supersedes DD CEN ISO/TS 17574. (04/2017)
DocumentType	Standard
Pages	64
PublisherName	British Standards Institution
Status	Current
Supersedes	DD CEN ISO/TS 17574:2009
UnderRevision	DD CEN ISO/TS 17574:2009

Standards	Relationship
ISO/TS 17574:2017	Identical
CEN ISO/TS 17574:2017	Identical

ISO/IEC 15408-2:2008	Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
ISO 17575-3:2016	Electronic fee collection Application interface definition for autonomous systems Part 3: Context data
ISO 17575-1:2016	Electronic fee collection Application interface definition for autonomous systems Part 1: Charging
ISO 17573:2010	Electronic fee collection Systems architecture for vehicle-related tolling
ISO/IEC 15408-3:2008	Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
CEN/TS 16702-1:2014	Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking
ISO/IEC 9798-4:1999	Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function
ISO 16609:2012	Financial services — Requirements for message authentication using symmetric techniques
ISO 14906:2011	Electronic fee collection Application interface definition for dedicated short-range communication
ISO/IEC TR 15446:2017	Information technology Security techniques Guidance for the production of protection profiles and security targets
ISO/IEC 9797-1:2011	Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher
ISO/IEC 15408-1:2009	Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
CEN/TS 16702-2:2015	Electronic fee collection - Secure monitoring for autonomous toll systems - Part 2: Trusted recorder
ISO/TS 19299:2015	Electronic fee collection Security framework
ISO 17575-2:2016	Electronic fee collection Application interface definition for autonomous systems Part 2: Communication and connection to the lower layers

View more information

US$311.44

Excluding Tax where applicable

Product format

I agree to the DRM document license rules apply against the PDF selection made.

Please confirm that you agree to the document license rules for this document.

I agree to the document license rules .

Please confirm that you agree to the document license rules for this document.

Access your standards online with a subscription

Features

Simple online access to standards, technical information and regulations.
Critical updates of standards and customisable alerts and notifications.
Multi-user online standards collection: secure, flexible and cost effective.

Learn more on subscription solutions

Get in touch with us

Log into your Account

PD CEN ISO/TS 17574:2017

Current

Table of Contents

Abstract

Scope

General Product Information

International Equivalents

Standards Referencing This Book

Category

Subcategory

Access your standards online with a subscription