Powered by Google www.ChineseStandard.net Database: 189759 (9 Jun 2024)

GB/T 18336.2-2015 PDF in English


GB/T 18336.2-2015 (GB/T18336.2-2015, GBT 18336.2-2015, GBT18336.2-2015)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 18336.2-2015English500 Add to Cart 0-9 seconds. Auto-delivery. Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional components Valid
GB/T 18336.2-2024EnglishRFQ ASK 3 days Cybersecurity technology -- Evaluation criteria for IT security -- Part 2: Security functional components Valid


Standards related to: GB/T 18336.2-2015

GB/T 18336.2-2015: PDF in English (GBT 18336.2-2015)

GB/T 18336.2-2015
Page 1 of 275
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 18336.2-2015 / ISO/IEC 15408-2:2008
Replacing GB/T 18336.2-2008
Information technology - Security techniques -
Evaluation criteria for IT security - Part 2:
Security functional components
(ISO/IEC 15408-2:2008, IDT)
ISSUED ON: MAY 15, 2015
IMPLEMENTED ON: JANUARY 01, 2016
Issued by: General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Page 2 of 275
Table of Contents
Foreword ... 6 
Introduction ... 8 
1 Scope ... 9 
2 Normative references ... 9 
3 Terms and definitions ... 9 
4 Overview ... 9 
4.1 Organisation of this Part ... 10 
5 Functional requirements paradigm ... 10 
6 Security functional components ... 15 
6.1 Overview ... 15 
6.2 Component catalogue ... 19 
7 Class FAU: Security audit ... 21 
7.1 Security audit automatic response (FAU_ARP) ... 21 
7.2 Security audit data generation (FAU_GEN) ... 22 
7.3 Security audit analysis (FAU_SAA) ... 23 
7.4 Security audit review (FAU_SAR) ... 27 
7.5 Security audit event selection (FAU_SEL) ... 29 
7.6 Security audit event storage (FAU_STG) ... 29 
8 Class FCO: Communication... 32 
8.1 Non-repudiation of origin (FCO_NRO) ... 32 
8.2 Non-repudiation of receipt (FCO_NRR) ... 34 
9 Class FCS: Cryptographic support ... 36 
9.1 Cryptographic key management (FCS_CKM) ... 37 
9.2 Cryptographic operation (FCS_COP) ... 39 
10 Class FDP: User data protection ... 40 
10.1 Access control policy (FDP_ACC) ... 43 
10.2 Access control functions (FDP_ACF) ... 44 
10.3 Data authentication (FDP_DAU) ... 45 
Page 3 of 275
10.4 Export from the TOE (FDP_ETC) ... 47 
10.5 Information flow control policy (FDP_IFC) ... 49 
10.6 Information flow control functions (FDP_IFF) ... 50 
10.7 Import from outside of the TOE (FDP_ITC) ... 55 
10.8 Internal TOE transfer (FDP_ITT) ... 57 
10.9 Residual information protection (FDP_RIP) ... 60 
10.10 Rollback (FDP_ROL) ... 61 
10.11 Stored data integrity (FDP_SDI) ... 62 
10.12 Inter-TSF user data confidentiality transfer protection
(FDP_UCT) ... 64 
11 Class FIA: Identification and authentication ... 67 
11.1 Authentication failures (FIA_AFL) ... 68 
11.2 User attribute definition (FIA_ATD) ... 70 
11.3 Specification of secrets (FIA_SOS) ... 70 
11.4 User authentication (FIA_UAU) ... 72 
11.5 User identification (FIA_UID) ... 76 
11.6 User-subject binding (FIA_USB) ... 77 
12 Class FMT: Security management ... 78 
12.1 Management of functions in TSF (FMT_MOF) ... 80 
12.2 Management of security attributes (FMT_MSA) ... 80 
12.3 Management of TSF data (FMT_MTD) ... 83 
12.4 Revocation (FMT_REV) ... 85 
12.5 Security attribute expiration (FMT_SAE) ... 86 
12.6 Specification of Management Functions (FMT_SMF) ... 87 
12.7 Security management roles (FMT_SMR) ... 88 
13 Class FPR: Privacy ... 90 
13.1 Anonymity (FPR_ANO) ... 91 
13.2 Pseudonymity (FPR_PSE) ... 92 
13.3 Unlinkability (FPR_UNL) ... 94 
13.4 Unobservability (FPR_UNO) ... 95 
Page 4 of 275
14 Class FPT: Protection of the TSF ... 97 
14.1 Fail secure (FPT_FLS) ... 99 
14.2 Availability of exported TSF data (FPT_ITA) ... 99 
14.3 Confidentiality of exported TSF data (FPT_ITC) ... 100 
14.4 Integrity of exported TSF data (FPT_ITI) ... 101 
14.5 Internal TOE TSF data transfer (FPT_ITT) ... 103 
14.6 TSF physical protection (FPT_PHP) ... 105 
14.7 Trusted recovery (FPT_RCV) ... 107 
14.8 Replay detection (FPT_RPL) ... 110 
14.9 State synchrony protocol (FPT_SSP) ... 111 
14.10 Time stamps (FPT_STM) ... 112 
14.11 Inter-TSF TSF data consistency (FPT_TDC) ... 113 
14.12 Testing of external entities (FPT_TEE) ... 114 
14.13 Internal TOE TSF data replication consistency (FPT_TRC) .. 115 
14.14 TSF self test (FPT_TST) ... 116 
15 Class FRU: Resource utilisation ... 117 
15.1 Fault tolerance (FRU_FLT) ... 118 
15.2 Priority of service (FRU_PRS) ... 119 
15.3 Resource allocation (FRU_RSA) ... 120 
16 Class FTA: TOE access ... 122 
16.1 Limitation on scope of selectable attributes (FTA_LSA) ... 122 
16.2 Limitation on multiple concurrent sessions (FTA_MCS) ... 123 
16.3 Session locking and termination (FTA_SSL) ... 125 
16.4 TOE access banners (FTA_TAB) ... 127 
16.5 TOE access history (FTA_TAH) ... 128 
16.6 TOE session establishment (FTA_TSE) ... 129 
17 Class FTP: Trusted path/channels ... 130 
17.1 Inter-TSF trusted channel (FTP_ITC) ... 131 
17.2 Trusted path (FTP_TRP) ... 132 
Annex A (Normative) Security functional requirements application notes
Page 5 of 275
... 134 
Annex B (Normative) Functional classes, families, and components ... 143 
Annex C (Normative) Class FAU: Security audit ... 144 
Annex D (Normative) Class FCO: Communication ... 159 
Annex E (Normative) Class FCS: Cryptographic support ... 165 
Annex F (Normative) Class FDP: User data protection ... 171 
Annex G (Normative) Class FIA: Identification and authentication ... 203 
Annex H (Normative) Class FMT: Security management ... 214 
Annex I (Normative) Class FPR: Privacy ... 225 
Annex J (Normative) Class FPT: Protection of the TSF ... 239 
Annex K (Normative) Class FRU: Resource utilisation ... 260 
Annex L (Normative) Class FTA: TOE access ... 266 
Annex M (Normative) Class FTP: Trusted path/channels ... 273 
Page 6 of 275
Foreword
GB/T 18336 “Information technology - Security techniques - Evaluation criteria for IT
security” includes the following 3 parts:
-- Part 1: Introduction and general model;
-- Part 2: Security functional components;
-- Part 3: Security assurance components.
This Part is part 2 of GB/T 18336.
This Part is drafted in accordance with specifications in GB/T1.1-2009.
This Part shall replace GB/T 18336.2-2008 “Information technology - Security techniques
- Evaluation criteria for IT security - Part 2: Security functional components”.
The main differences between this Part and GB/T 18336.2-2008 are as follows:
— “assurance” is replaced by “assurance” [Translator note: This is mainly adjustment
on Chinese. In English, the same word “assurance” should remain the most
appropriate, given that “Assurance” is still used in the corresponding ISO/IEC
15408-2:2008. This translation still uses the term “Assurance”];
— “10.4 Export outside TSF control (FDP_ETC)” is amended as “10.4 Export from
TOE (FDP_ETC)”;
— “10.7 Import from outside TSF control(FDP_ITC)” is amended as” 10.7 Import from
outside TOE (FDP_ITC)”;
— “14.1 Bottom abstract machine test (FPT_AMT)”, “14.10 Referring to arbitration
(FTP_RVM)” and “14.11 Domain separation” in “14 FPT class: TSF protection” are
deleted;
— “14.12 Test of external entity(FPT_TEE)” is added in “14 FPT class: TSF
protection”;
— "16.3 Session lock (FTA_SSL)" is amended as "16.3 Session lock and
termination(FTA_SSL)";
— “threshold value” is replace by “critical value” [Translator note: As the corresponding
ISO/IEC 15408-2:2008 still uses term “Threshold value”, this translation follows the
term “Threshold value”, given that “This Part uses translation method to equivalently
adopt the international standard ISO/IEC 15408-2:2008”];
— “mediate” is replaced by “promote” [Translator note: This is mainly adjustment on
Chinese. In English, the same word “mediate” should remain the most appropriate,
given that “Mediate” is still used in the corresponding ISO/IEC 15408-2:2008. This
Page 7 of 275
translation still uses the term “Mediate”];
This Part uses translation method to equivalently adopt the international standard ISO/IEC
15408-1:2008 “Information technology - Security techniques - Evaluation criteria for IT
security – Part 2: Security functional components”.
The domestic documents that are consistently corresponding to the normative
international references in this Part are as follows:
— GB/T 18336.1 “Information technology - Security techniques - Evaluation criteria
for IT security Part 1: Introduction and general model”. (GB/T 18336.1-2015,
ISO/IEC 15408-1:2009, IDT)”
This Part has the following editorial amendments:
— There is editorial error in the original text of sub-clause 4.1; it is now amended as
“Those who author PP or ST should refer to clause 3 and relevant annexes of
ISO/IEC 15408-1 for relevant structures, rules, and guidance”.
This Part was proposed by and shall be under the jurisdiction of
China Information Security Standardization Technical Committee (SAC/TC 260).
The main drafting organizations of this Part: China Information Technology Security
Evaluation Centre, Information Technology Security Test and Evaluation Centre, The
Third Research Institute of Ministry of Public Security AND China Information Technology
Security Evaluation Centre Jilin Centre.
The main drafters of this Part: Zhang Chongbin, Guo Ying, Shi Hongsong, Bi Haiying,
Zhang Baofeng, Gao Jinping, Wang Feng, Yang Yongsheng, Li Guojun, Dong Jingjing,
Xie Di, Wang Hongxian, Zhang Yi, Gu Jian, Qiu Zihua, Song Haohao, Chen Yan, Yang
Yuanyuan, Li Fengjuan, Pangbo, Zhang Xiao, Liu Yuhan, Wang Shuyi, Zhou Boyang,
Tang Xiqing, Jiang Xianlan and Zhang Shuangshuang.
The previous editions replaced by this Part are as follows:
-- GB/T 18336.2-2001;
-- GB/T 18336.2-2008.
Page 8 of 275
Introduction
Security functional components, as defined in this Part, are the basis for the security
functional requirements expressed in a Protection Profile (PP) or a Security Target (ST).
These requirements describe the desired security behaviour expected of a Target of
Evaluation (TOE) and are intended to meet the security objectives as stated in a PP or an
ST. These requirements describe security properties that users can detect by direct
interaction (i.e. inputs, outputs) with the IT or by the IT response to stimulus.
Security functional components express security requirements intended to counter threats
in the assumed operating environment of the TOE and/or cover any identified
organisational security policies and assumptions.
The audience for this Part includes consumers, developers, and evaluators of secure IT
products. ISO/IEC 15408-1 Clause 5 provides additional information on the target
audience of ISO/IEC 15408, and on the use of ISO/IEC 15408 by the groups that
comprise the target audience. These groups may use this Part as follows:
a) Consumers, who use this Part when selecting components to express functional
requirements to satisfy the security objectives expressed in a PP or ST. ISO/IEC
15408-1 provides more detailed information on the relationship between security
objectives and security requirements.
b) Developers, who respond to actual or perceived consumer security requirements in
constructing a TOE, may find a standardised method to understand those
requirements in this Part. They can also use the contents of this Part as a basis for
further defining the TOE security functionality and mechanisms that comply with
those requirements.
c) Evaluators, who use the functional requirements defined in this Part in verifying that
the TOE functional requirements expressed in the PP or ST satisfy the IT security
objectives and that all dependencies are accounted for and shown to be satisfied.
Evaluators also should use this Part to assist in determining whether a given TOE
satisfies stated requirements.
Page 9 of 275
Information technology - Security techniques -
Evaluation criteria for IT security - Part 2: Security
functional components
1 Scope
This Part of GB/T 18336 defines the required structure and content of security functional
components for the purpose of security evaluation. It includes a catalogue of functional
components that will meet the common security functionality requirements of many IT
products.
2 Normative references
The articles contained in the following documents have become part of this document
when they are quoted herein. For the dated documents so quoted, all the modifications
(including all corrections) or revisions made thereafter shall be applicable to this
document.
ISO/IEC 15408-1, Information technology - Security techniques - Evaluation criteria for
IT security - Part 1: Introduction and general model
3 Terms and definitions
For the purposes of this document, the following terms and definitions given in ISO/IEC
15408-1 apply.
4 Overview
ISO/IEC 15408 and the associated security functional requirements described herein are
not meant to be a definitive answer to all the problems of IT security. Rather, this standard
offers a set of well understood security functional requirements that can be used to create
trusted products reflecting the needs of the market. These security functional
requirements are presented as the current state of the art in requirements specification
and evaluation.
This Part does not presume to include all possible security functional requirements but
rather contains those that are known and agreed to be of value by this Part’s authors at
the time of release.
Since the understanding and needs of consumers may change, the functional
requirements in this Part will need to be maintained. It is envisioned that some PP/ST
authors may have security needs not (yet) covered by the functional requirement
Page 274 of 275
This component should be used when a trusted communication channel between the TSF
and another trusted IT product is required.
M.1.2.2 Operations
M.1.2.2.1 Selection
In FTP_ITC.1.2, the PP/ST author must specify whether the local TSF, another trusted IT
product, or both shall have the capability to initiate the trusted channel.
M.1.2.2.2 Assignment
In FTP_ITC.1.3, the PP/ST author should specify the functions for which a trusted channel
is required. Examples of these functions may include transfer of user, subject, and/or
object security attributes and ensuring consistency of TSF data.
M.2 Trusted path (FTP_TRP)
M.2.1 User notes
This family defines the requirements to establish and maintain trusted communication to
or from users and the TSF. A trusted path may be required for any security-relevant
interaction. Trusted path exchanges may be initiated by a user during an interaction with
the TSF, or the TSF may establish communication with the user via a trusted path.
M.2.2 FTP_TRP.1 Trusted path
M.2.2.1 User application notes
This component should be used when trusted communication between a user and the
TSF is required, either for initial authentication purposes only or for additional specified
user operations.
M.2.2.2 Operations
M.2.2.2.1 Selection
In FTP_TRP.1.1, the PP/ST author should specify whether the trusted path must be
extended to remote and/or local users.
In FTP_TRP.1.1, the PP/ST author should specify whether the trusted path shall protect
the data from modification, disclosure, and/or other types of integrity or confidentiality
violation.
M.2.2.2.2 Assignment
......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.