• There are no items in your cart

PD ISO/IEC TR 19791:2006

Current

Current

The latest, up-to-date edition.

Information technology. Security techniques. Security assessment of operational systems

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

30-06-2006

€399.66
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Structure of this Technical Report
6 Technical approach
  6.1 The nature of operational systems
  6.2 Establishing operational system security
  6.3 Security in the operational system life cycle
  6.4 Relationship to other systems
7 Extending ISO/IEC 15408 evaluation concepts to operational
  systems
  7.1 Overview
  7.2 General philosophy
  7.3 Operational system assurance
  7.4 Composite operational systems
  7.5 Types of security controls
  7.6 System security functionality
  7.7 Timing of evaluation
  7.8 Use of evaluated products
  7.9 Documentation requirements
  7.10 Testing activities
  7.11 Configuration management
8 Relationship to existing security standards
  8.1 Overview
  8.2 Relationship to ISO/IEC 15408
  8.3 Relationship to non-evaluation standards
  8.4 Relationship to Common Criteria development
9 Evaluation of operational systems
  9.1 Introduction
  9.2 Evaluation roles and responsibilities
  9.3 Risk assessment and determination of unacceptable
       risks
  9.4 Security problem definition
  9.5 Security objectives
  9.6 Security requirements
  9.7 The system security target (SST)
  9.8 Periodic reassessment
Annex A (normative) Operational system Protection Profiles
        and Security Targets
        A.1 Specification of System Security Targets
        A.2 Specification of System Protection Profiles
Annex B (normative) Operational system functional control
        requirements
        B.1 Introduction
        B.2 Class FOD: Administration
        B.3 Class FOS: IT systems
        B.4 Class FOA: User Assets
        B.5 Class FOB: Business
        B.6 Class FOP: Facility and Equipment
        B.7 Class FOT: Third parties
        B.8 Class FOM: Management
Annex C (normative) Operational system assurance requirements
        C.1 Introduction
        C.2 Class ASP: System Protection Profile evaluation
        C.3 Class ASS: System Security Target evaluation
        C.4 Class AOD: Operational system guidance document
        C.5 Class ASD: Operational System Architecture,
             Design and Configuration Documentation
        C.6 Class AOC: Operational System Configuration
             Management
        C.7 Class AOT: Operational System Test
        C.8 Class AOV: Operational System Vulnerability
             Analysis
        C.9 Class AOL: Operational system life cycle support
        C.10 Class ASI: System security installation and
             delivery
        C.11 Class ASO: Records on operational system
Annex D (informative) Relationship to Common Criteria
        development
Bibliography

Gives guidance and criteria for the security evaluation of operational systems. It also provides an extension to the scope of ISO/IEC 15408, by taking into account a number of critical aspects of operational systems not addressed in ISO/IEC 15408 evaluation.

Committee
IST/33/3
DevelopmentNote
Supersedes 04/30091043 DC. (06/2006)
DocumentType
Standard
Pages
174
PublisherName
British Standards Institution
Status
Current
SupersededBy
Supersedes

Standards Relationship
ISO/IEC TR 19791:2010 Identical
ISO/IEC TR 19791:2006 Identical

ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
ISO/IEC 21827:2008 Information technology Security techniques Systems Security Engineering Capability Maturity Model (SSE-CMM)
ISO/IEC 17799:2005 Information technology Security techniques Code of practice for information security management
ISO/IEC TR 15446:2017 Information technology Security techniques Guidance for the production of protection profiles and security targets
ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.