ECMA 205 : 1ED 93
Current
The latest, up-to-date edition.
COMMERCIALLY ORIENTED FUNCTIONALITY CLASS FOR SECURITY EVALUATION (COFC)
12-01-2013
1 Scope
2 Conformance
3 References
4 Definitions
4.1 Terms defined in this document
4.1.1 Access right
4.1.2 Administration
4.1.3 Customer-specifiable
4.1.4 Identification
4.1.5 User identifier
4.2 Terms defined in other documents
5 Acronyms
6 Specification of security enforcing functions
6.1 Identification and Authentication
6.1.1 Unique Identification and Authentication
6.1.2 Identification and Authentication prior to all
other interactions
6.1.3 Associate information to users
6.1.4 Logon message
6.1.5 Number of logon trials
6.1.6 Expiration of unused user identifiers
6.1.7 Disable users temporarily
6.1.8 User status information
6.1.9 Authentication information protection
6.1.10 Authentication information independence
6.1.11 Authentication information aging
6.2 Access Control
6.2.1 Authenticated user identification
6.2.2 Individual user
6.2.3 User groups
6.2.4 Objects
6.2.5 Types of access rights
6.2.6 Default access rights
6.2.7 Precedence of access rights
6.2.8 Date of modification
6.2.9 Verification of rights
6.2.10 Application controlled access rights
6.3 Accountability and audit
6.3.1 Associate actions and users
6.3.2 Logging
6.3.4 Copy audit trails
6.3.5 Alarm if unable to record
6.3.6 Select users
6.3.7 Dynamic control
6.4 Object Reuse
6.5 Accuracy
6.5.1 TOE software integrity
6.5.2 Data integrity
6.5.3 Security parameters status report
6.6 Reliability of service
6.6.1 Recovery
6.6.2 Data backup
7 Password specific requirements
7.1 User-changeable password
7.2 Password aging
7.3 Password expiration notification
7.4 Password reuse
7.5 Password complexity
7.6 Password logging
7.7 Default passwords
Annex A (informative) Access control model
Annex B (informative) Terms defined in other documents
Describes widely accepted basic security functionality class for the commercial market. Covers multi-user, stand-alone IT systems without considering networking or remote access.
| DocumentType |
Standard
|
| PublisherName |
European Computer Manufacturers Association
|
| Status |
Current
|
| ECMA 271 : 2ED 1999 | EXTENDED COMMERCIALLY ORIENTED FUNCTIONALITY CLASS FOR SECURITY EVALUATION (E - COFC) |
| EN 12251:2004 | Health informatics - Secure User Identification for Health Care - Management and Security of Authentication by Passwords |
| ECMA/TR 64 : 1ED 93 | SECURE INFORMATION PROCESSING VERSUS THE CONCEPT OF PRODUCT EVALUATION |
| BS EN 12251:2004 | Health informatics. Secure user identification for health care. Management and security of authentication by passwords |
| I.S. EN 12251:2004 | HEALTH INFORMATICS - SECURE USER IDENTIFICATION FOR HEALTH CARE - MANAGEMENT AND SECURITY OF AUTHENTICATION BY PASSWORDS |
| ECMA/TR 46 : 1ED 88 | SECURITY IN OPEN SYSTEMS - A SECURITY FRAMEWORK |
| ECMA 138 : 1989 | SECURITY IN OPEN SYSTEMS - DATA ELEMENTS AND SERVICE DEFINITIONS |
| ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
| ECMA 206 : 1ED 93 | ASSOCIATION CONTEXT MANAGEMENT INCLUDING SECURITY CONTEXT MANAGEMENT |
| ECMA/TR 64 : 1ED 93 | SECURE INFORMATION PROCESSING VERSUS THE CONCEPT OF PRODUCT EVALUATION |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.