DIN ISO/IEC 15408-1:2007-11

Nationales Vorwort
Nationaler Anhang NA (informativ) Begriffe
Nationaler Anhang NB (informativ) Symbole und Abkürzungen
Nationaler Anhang NC (informativ) Literaturhinweise
Introduction
1 Scope
2 Terms and definitions
3 Symbols and abbreviated terms
4 Overview
  4.1 Introduction
      4.1.1 Target audience of ISO/IEC 15408
  4.2 Evaluation context
  4.3 Organisation of ISO/IEC 15408
5 General model
  5.1 Security context
      5.1.1 General security context
      5.1.2 Information technology security context
  5.2 ISO/IEC 15408 approach
      5.2.1 Development
      5.2.2 TOE evaluation
      5.2.3 Operation
  5.3 Security concepts
      5.3.1 Security environment
      5.3.2 Security objectives
      5.3.3 IT security requirements
      5.3.4 TOE summary specification
      5.3.5 TOE implementation
  5.4 ISO/IEC 15408 descriptive material
      5.4.1 Expression of security requirements
      5.4.2 Types of evaluation
6 ISO/IEC 15408 requirements and evaluation results
  6.1 Introduction
  6.2 Requirements in PPs and STs
      6.2.1 PP evaluation results
  6.3 Requirements in TOE
      6.3.1 TOE evaluation results
  6.4 Conformance results
  6.5 Use of TOE evaluation results
Annex A (normative) Specification of Protection Profiles
                      A.1 Overview
                      A.2 Content of Protection Profile
                          A.2.1 Content and presentation
                          A.2.2 PP introduction
                          A.2.3 TOE description
                          A.2.4 TOE security environment
                          A.2.5 Security objectives
                          A.2.6 IT security requirements
                          A.2.7 Application notes
                          A.2.8 Rationale
Annex B (normative) Specification of Security Targets
                      B.1 Overview
                      B.2 Content of Security Target
                          B.2.1 Content and presentation
                          B.2.2 ST introduction
                          B.2.3 TOE description
                          B.2.4 TOE security environment
                          B.2.5 Security objectives
                          B.2.6 IT security requirements
                          B.2.7 TOE summary specification
                          B.2.8 PP claims
                          B.2.9 Application Notes
                          B.2.10 Rationale
Annex C (informative) Bibliography

Diese mehrteilige Internationale Norm ISO/IEC 15408 definiert Kriterien, die aus historischen Gründen und um die Kontinuität zu wahren hier als Gemeinsame Kriterien (Common Criteria, CC) referenziert werden. Sie sollen als Grundlage für die Prüfung und bewertung der Sicherheitseigenschaften von Produkten und Systemen der Informationstechnik (IT) dienen. ISO/IEC 15408 Teil 1 beschreibt ein allgemeines Konzept der Evaluationskriterien. Grundlegende Begriffe wie Verauenswürdigkeitsstufe (Evaluation Assurance Level, EAL), Schutzprofil (Protection Profile, PP), Sicherheitsvorgaben (Security Target, ST), und Evaluationsgegenstand (Target of Evaluation, TOE) werden festgelegt.