• Shopping Cart
    There are no items in your cart

INCITS/ISO/IEC 18045 : 2008(R2018)

Superseded

Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by

INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - METHODOLOGY FOR IT SECURITY EVALUATION

Available format(s)

Hardcopy , PDF

Superseded date

26-12-2023

Language(s)

English

Published date

01-01-2008

€99.06
Excluding VAT

1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Overview
   5.1 Organisation of this International Standard
6 Document Conventions
   6.1 Terminology
   6.2 Verb usage
   6.3 General evaluation guidance
   6.4 Relationship between ISO/IEC 15408 and ISO/IEC 18045
        structures
7 Evaluation process and related tasks
   7.1 Introduction
   7.2 Evaluation process overview
   7.3 Evaluation input task
   7.4 Evaluation sub-activities
   7.5 Evaluation output task
8 Class APE: Protection Profile evaluation
   8.1 Introduction
   8.2 Application notes
   8.3 PP introduction (APE_INT)
   8.4 Conformance claims (APE_CCL)
   8.5 Security problem definition (APE_SPD)
   8.6 Security objectives (APE_OBJ)
   8.7 Extended components definition (APE_ECD)
   8.8 Security requirements (APE_REQ)
9 Class ASE: Security Target evaluation
   9.1 Introduction
   9.2 Application notes
   9.3 ST introduction (ASE_INT)
   9.4 Conformance claims (ASE_CCL)
   9.5 Security problem definition (ASE_SPD)
   9.6 Security objectives (ASE_OBJ)
   9.7 Extended components definition (ASE_ECD)
   9.8 Security requirements (ASE_REQ)
   9.9 TOE summary specification (ASE_TSS)
10 Class ADV: Development
   10.1 Introduction
   10.2 Application notes
   10.3 Security Architecture (ADV_ARC)
   10.4 Functional specification (ADV_FSP)
   10.5 Implementation representation (ADV_IMP)
   10.6 TSF internals (ADV_INT)
   10.7 Security policy modelling (ADV_SPM)
   10.8 TOE design (ADV_TDS)
11 Class AGD: Guidance documents
   11.1 Introduction
   11.2 Application notes
   11.3 Operational user guidance (AGD_OPE)
   11.4 Preparative procedures (AGD_PRE)
12 Class ALC: Life-cycle support
   12.1 Introduction
   12.2 CM capabilities (ALC_CMC)
   12.3 CM scope (ALC_CMS)
   12.4 Delivery (ALC_DEL)
   12.5 Development security (ALC_DVS)
   12.6 Flaw remediation (ALC_FLR)
   12.7 Life-cycle definition (ALC_LCD)
   12.8 Tools and techniques (ALC_TAT)
13 Class ATE: Tests
   13.1 Introduction
   13.2 Application notes
   13.3 Coverage (ATE_COV)
   13.4 Depth (ATE_DPT)
   13.5 Functional tests (ATE_FUN)
   13.6 Independent testing (ATE_IND)
14 Class AVA: Vulnerability assessment
   14.1 Introduction
   14.2 Vulnerability analysis (AVA_VAN)
15 Class ACO: Composition
   15.1 Introduction
   15.2 Application notes
   15.3 Composition rationale (ACO_COR)
   15.4 Development evidence (ACO_DEV)
   15.5 Reliance of dependent component (ACO_REL)
   15.6 Composed TOE testing (ACO_CTT)
   15.7 Composition vulnerability analysis (ACO_VUL)
Annex A (informative) General evaluation guidance
      A.1 Objectives
      A.2 Sampling
      A.3 Dependencies
      A.4 Site Visits
      A.5 Scheme Responsibilities
Annex B (informative) Vulnerability Assessment (AVA)
      B.1 What is Vulnerability Analysis
      B.2 Evaluator construction of a Vulnerability Analysis
      B.3 When attack potential is used
      B.4 Calculating attack potential
      B.5 Example calculation for direct attack

This International Standard is a companion document to the evaluation criteria for IT security defined in ISO/IEC 15408.

Committee
ISO/IEC JTC 1
DocumentType
Revision
Pages
294
PublisherName
Information Technology Industry Council
Status
Superseded
SupersededBy

Standards Relationship
ISO/IEC 18045:2008 Identical

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.