• Shopping Cart
    There are no items in your cart

PD CEN ISO/TS 17574:2017

Current

Current

The latest, up-to-date edition.

Electronic fee collection. Guidelines for security protection profiles

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

30-04-2017

€303.84
Excluding VAT

European foreword
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 EFC security architecture and protection profile processes
6 Outlines of Protection Profile
Annex A (informative) - Procedures for preparing
        documents
Annex B (informative) - Example of threat
        analysis evaluation method
Annex C (informative) - Relevant security standards
        in the context of the EFC
Annex D (informative) - Common Criteria Recognition
        Arrangement (CCRA)
Bibliography

Gives guidelines for preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in ISO/IEC 15408 (all parts) and in ISO/IEC TR 15446.

Committee
EPL/278
DevelopmentNote
Supersedes DD CEN ISO/TS 17574. (04/2017)
DocumentType
Standard
Pages
64
PublisherName
British Standards Institution
Status
Current
Supersedes
UnderRevision

This document provides guidelines for preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in ISO/IEC15408 ( allparts ) and in ISO/IECTR15446 . By Protection Profile (PP), it means a set of security requirements for a category of products or systems that meet specific needs. A typical example would be a PP for On-Board Equipment (OBE) to be used in an EFC system. However, the guidelines in this document are superseded if a Protection Profile already exists for the subsystem in consideration. The target of evaluation (TOE) for EFC is limited to EFC specific roles and interfaces as shown in Figure 1. Since the existing financial security standards and criteria are applicable to other external roles and interfaces, they are assumed to be outside the scope of TOE for EFC. Figure1 Scope of TOE for EFC The security evaluation is performed by assessing the security-related properties of roles, entities and interfaces defined in security targets (STs), as opposed to assessing complete processes which often are distributed over more entities and interfaces than those covered by the TOE of this document. NOTE Assessing security issues for complete processes is a complimentary approach, which may well be beneficial to apply when evaluating the security of a system.

Standards Relationship
ISO/TS 17574:2017 Identical
CEN ISO/TS 17574:2017 Identical

ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
ISO 17575-3:2016 Electronic fee collection Application interface definition for autonomous systems Part 3: Context data
ISO 17575-1:2016 Electronic fee collection Application interface definition for autonomous systems Part 1: Charging
ISO 17573:2010 Electronic fee collection Systems architecture for vehicle-related tolling
ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
CEN/TS 16702-1:2014 Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking
ISO/IEC 9798-4:1999 Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function
ISO 16609:2012 Financial services — Requirements for message authentication using symmetric techniques
ISO 14906:2011 Electronic fee collection Application interface definition for dedicated short-range communication
ISO/IEC TR 15446:2017 Information technology Security techniques Guidance for the production of protection profiles and security targets
ISO/IEC 9797-1:2011 Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher
ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
CEN/TS 16702-2:2015 Electronic fee collection - Secure monitoring for autonomous toll systems - Part 2: Trusted recorder
ISO/TS 19299:2015 Electronic fee collection Security framework
ISO 17575-2:2016 Electronic fee collection Application interface definition for autonomous systems Part 2: Communication and connection to the lower layers

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.