Search result: GB/T 18336.3-2024 (GB/T 18336.3-2015 Older version)
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 18336.3-2024 | English | 3154 |
Add to Cart
|
14 days [Need to translate]
|
Cybersecurity technology - Evaluation criteria for IT security - Part 3: Security assurance components
| Valid |
GB/T 18336.3-2024
|
| GB/T 18336.3-2015 | English | 500 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 3: Security assurance components
| Obsolete |
GB/T 18336.3-2015
|
| GB/T 18336.3-2008 | English | RFQ |
ASK
|
9 days [Need to translate]
|
IT security technology information technology security evaluation criteria -- Part 3: Security assurance requirements
| Obsolete |
GB/T 18336.3-2008
|
| GB/T 18336.3-2001 | English | RFQ |
ASK
|
9 days [Need to translate]
|
Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 3: Security assurance requirements
| Obsolete |
GB/T 18336.3-2001
|
| Standard ID | GB/T 18336.3-2024 (GB/T18336.3-2024) | | Description (Translated English) | Cybersecurity technology - Evaluation criteria for IT security - Part 3: Security assurance components | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 158,168 | | Date of Issue | 2024-04-25 | | Date of Implementation | 2024-11-01 | | Older Standard (superseded by this standard) | GB/T 18336.3-2015 | | Issuing agency(ies) | State Administration for Market Regulation, National Standardization Administration |
GB/T 18336:3-2024: Cybersecurity technology Information technology security assessment criteria Part 3: Security assurance components
ICS 35:030
CCSL80
National Standards of People's Republic of China
Partially replaces GB/T 18336:3-2015
Cybersecurity Technology Information Technology Security Assessment Criteria
Part 3: Safety assurance components
Published on April 25, 2024, implemented on November 1, 2024
State Administration for Market Regulation
The National Standardization Administration issued
Table of Contents
Preface V
Introduction VII
1 Range 1
2 Normative references 1
3 Terms and Definitions 1
4 Overview 5
5 Safeguarding Paradigm 5
5:1 Overview 5
5:2 ISO /IEC 15408 Basic Method 5
5:3 Safeguard Methods 5
5:4 ISO /IEC 15408 Assessment Assurance Standards 7
6 Security Components 7
6:1 Overview 7
6:2 Security structure 7
6:3 Assurance Family Structure 9
6:4 Security component structure 9
6:5 Security elements 11
6:6 Component Classification 11
7 APE Category: Protection Profile Evaluation 11
7:1 Overview 11
7:2 PP Introduction (APE_INT) 12
7:3 Declaration of Conformity (APE_CCL) 12
7:4 Security Problem Definition (APE_SPD) 14
7:5 Security Objectives (APE_OBJ) 14
7:6 Extended Component Definition (APE_ECD) 15
7:7 Security Requirements (APE_REQ) 16
8 ACE Category: Protection Profile Configuration Assessment 18
8:1 Overview 18
8:2 PP-Module Introduction (ACE_INT) 19
8:3 PP-Module Declaration of Conformity (ACE_CCL) 19
8:4 PP-Module Security Problem Definition (ACE_SPD) 21
8:5 PP-Module Security Objective (ACE_OBJ) 21
8:6 PP-Module Extension Component Definition (ACE_ECD) 22
8:7 PP-Module Safety Requirements (ACE_REQ) 23
8:8 PP-Module Conformance (ACE_MCO) 25
8:9 PP-Configuration Consistency (ACE_CCO) 26
9 ASE Category: Safety Objective Assessment 28
9:1 Overview 28
9:2 Introduction to ST (ASE_INT) 29
9:3 Declaration of Conformity (ASE_CCL) 30
9:4 Security Problem Definition (ASE_SPD) 31
9:5 Security Objectives (ASE_OBJ) 32
9:6 Extended Component Definition (ASE_ECD) 33
9:7 Security Requirements (ASE_REQ) 34
9:8 TOE Summary Specification (ASE_TSS) 36
9:9 Composite Product Safety Objectives Conformance (ASE_COMP) 37
10 ADV category: Development 38
10:1 Rule 38
10:2 Security Architecture (ADV_ARC) 42
10:3 Functional Specification (ADV_FSP) 43
10:4 Implementation Representation (ADV_IMP) 50
10:5 TSF Internal (ADV_INT) 51
10:6 Security Policy Model (ADV_SPM) 54
10:7 TOE Design (ADV_TDS) 56
10:8 Composite Design Compliance (ADV_COMP) 61
11 AGD category: Guidance documents 63
11:1 Rule 63
11:2 Operation User Guide (AGD_OPE) 63
11:3 Preparation procedure (AGD_PRE) 64
12 ALC Class: Life Cycle Support 65
12:1 Rule 65
12:2 CM Capability (ALC_CMC) 66
12:3 CM Range (ALC_CMS) 72
12:4 Delivery (ALC_DEL) 75
12:5 Developer Environment Security (ALC_DVS) 76
12:6 Defect Correction (ALC_FLR) 77
12:7 Development Lifecycle Definition (ALC_LCD) 80
12:8 Development Components (ALC_TDA) 82
12:9 Tools and Techniques (ALC_TAT) 87
12:10 Composite Part Integration and Delivery Process Conformity Check (ALC_COMP) 89
13 ATE category: test 90
13:1 Rule 90
13:2 Coverage (ATE_COV) 91
13:3 Depth (ATE_DPT) 92
13:4 Functional Test (ATE_FUN) 95
13:5 Independent Test (ATE_IND) 97
13:6 Composite Function Test (ATE_COMP) 99
14 AVA category: vulnerability rating 100
14:1 Overview 100
14:2 Application Note 101
14:3 Vulnerability Analysis (AVA_VAN) 101
14:4 Composite Vulnerability Assessment (AVA_COMP) 105
15 ACO Class: Combination 106
15:1 Rule 106
15:2 Basic principles of combination (ACO_COR) 109
15:3 Development Evidence (ACO_DEV) 109
15:4 Dependencies of dependent components (ACO_REL) 112
15:5 Combined TOE Test (ACO_CTT) 113
15:6 Combined Vulnerability Analysis (ACO_VUL) 115
Appendix A (Informative) Development (ADV) 118
A:1 ADV_ARC: Supplementary material for security architecture 118
A:2 ADV_FSP: Supplementary material for functional specifications 120
A:3 ADV_INT: TSF internal supplementary material 126
A:4 ADV_TDS: Subsystems and Modules 128
A:5 Supplementary Materials on Formal Methods 132
Appendix B (Informative) Combination (ACO) 135
B:1 Overview 135
B:2 The need for combined TOE evaluation 135
B:3 Performing security goal assessment of combined TOE 136
B:4 Interactions between combined IT entities 136
Appendix C (Informative) Cross-references to Component Dependencies 141
Appendix NA (Informative) Abbreviations 146
References 147
Preface
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for standardization work Part 1: Structure and drafting rules for standardization documents"
Drafting:
This document is part 3 of GB/T 18336 "Cybersecurity Technology Information Technology Security Assessment Criteria": GB/T 18336 has been
Post the following parts:
--- Part 1: Introduction and general model;
--- Part 2: Safety functional components;
--- Part 3: Safety assurance components;
--- Part 4: Normative framework for assessment methods and activities;
--- Part 5: Predefined security requirements package:
This document and GB/T 18336:4-2024 "Cybersecurity Technology Information Technology Security Assessment Criteria Part 4: Assessment Methods and
GB/T 18336:5-2024 "Cybersecurity Technology Information Technology Security Assessment Criteria Part 5: Predefined
The information technology security requirements package will replace GB/T 18336:3-2015 "Information Technology Security Technology Information Technology Security Evaluation Criteria Part 3"
Part: Security Assurance Components:
This document partially replaces GB/T 18336:3-2015 "Information Technology Security Technology Information Technology Security Assessment Criteria Part 3:
Compared with GB/T 18336:3-2015, in addition to structural adjustments and editorial changes, the main technical changes are as follows:
--- Changed the terminology (see Chapter 3, Chapter 3 of the:2015 edition);
--- Added precise compliance types (see 7:3:2, 8:3:2, 8:9:2 and 9:3:2);
--- Deleted the assessment assurance level and combined assurance package (see Chapter 7 and Chapter 8 of the:2015 edition);
--- Added the protection profile of the direct basic principle (see 7:7:3 and 9:7:3);
--- Added PP-modules and PP-configurations for modular evaluation (see Chapter 8);
--- Added multiple assurance level assessment (see 8:9:2, 9:2:2 and 9:7:3);
--- Added composite product assessment safety assurance components (see 9:9, 10:8, 12:10, 13:6 and 14:4):
This document is equivalent to ISO /IEC 15408-3:2022 "Information security, network security and privacy protection information technology security assessment standards"
Part 3: Security Assurance Components:
The following minimal editorial changes were made to this document:
--- In order to coordinate with the existing standards, the name of the standard will be changed to "Cybersecurity Technology Information Technology Security Assessment Criteria Part 3: Security
Full protection components";
--- Added informative Appendix NA "Abbreviations":
Please note that some of the contents of this document may involve patents: The issuing organization of this document does not assume the responsibility for identifying patents:
This document is proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260):
This document was drafted by: China Information Security Evaluation Center, China National Accreditation Service for Conformity Assessment, the Third Research Institute of the Ministry of Public Security, China Electronics
The 15th Research Institute of Zi Technology Group Corporation, Tsinghua University, Huawei Technologies Co:, Ltd:, Beijing Topsec Network Security Technology Co:, Ltd:, China
Institute of Information Engineering, Chinese Academy of Sciences, Fudan University, Wuhan University, Jishou University, Zhejiang Dahua Technology Co:, Ltd:, China Science and Technology Information Security Co:, Ltd:
National Engineering Research Center for Information Security Technology Co:, Ltd:, Jilin Information Security Evaluation Center, Shaanxi Network and Information Security Evaluation Center, Chengdu Virtual
Gu Weiye Technology Co:, Ltd:, Anhui Zhongke Guochuang High-Reliability Software Co:, Ltd:, Beijing Zhongce Anhua Technology Co:, Ltd:, Honor Terminal Co:, Ltd:
Company, Kelai Network Technology Co:, Ltd:, Yidu Cloud (Beijing) Technology Co:, Ltd:, Beijing CEC Huada Electronic Design Co:, Ltd:,
Hefei Tianwei Information Security Technology Co:, Ltd:, Beijing Shuanxing Technology Co:, Ltd:, and Jinzhuan Xinke Co:, Ltd:
The main drafters of this document are: Zhang Baofeng, Bi Haiying, Deng Hui, Gao Jinping, Yang Yongsheng, Shi Hongsong, Xie Shihua, Jia Wei, Xu Yuan, Li Fengjuan,
Niu Xingrong, Li Hong, Meng Yahao, Wu Teng, Dong Jingjing, Ye Xiaojun, Yao Junning, Wang Yan, Liu Qixu, Feng Yun, Xu Zhipeng, Cheng Junjun, Yu Rongwei,
Li Zongshou, Ying Tianyuan, Guo Hao, Liu Zhanfeng, Hu Jianxun, Yan Yuyun, Ming Yuzhuo, Su Decai, Ji Jinlong, Huang Haijun, Chen Hongjin, Zuo Jian, Zhu Kelei,
Zhu Ruijin, Luo Yang, Mao Junjie, Wang Yuhang, Chen Jiazhe, Wei Wei, Liang Wentao, Liu Jian, Wu Jianshuang, Liu Yuhong, Xue Zhihui, Yi Pengda, Sun Ruigang,
Wu Yadi and Zhu Ye:
This document was first published in:2001 as GB/T 18336:3-2001, revised for the first time in:2008, and revised for the second time in:2015:
Third revision:
introduction
The safety assurance components defined in this document are defined in a safety assurance package, a protection profile (PP), a PP-module, a PP-configuration or a safety target (ST):
The basis for describing the security assurance requirements is described in :
These requirements establish a standard approach to describing assurance requirements for an Object of Evaluation (TOE): This document lists a set of assurance components, families, and
Class, also defines the criteria for evaluating PP, PP-configuration, PP-module and ST:
GB/T 18336 is proposed to consist of five parts:
--- Part 1: Introduction and general model: This aims to provide an overall overview of GB/T 18336 and define the basic principles of information technology security assessment:
It introduces general concepts and principles and gives a general model for evaluation:
--- Part 2: Safety functional components: Aims to establish a set of standardized templates for functional components that can be used to describe safety functional requirements:
These functional components are structured in the form of classes and families, and specific functions are constructed through component selection, refinement, and cutting:
safety functional requirements:
--- Part 3: Security assurance components: Aims to establish a set of standardized templates for security assurance components that can be used to describe security assurance requirements:
These security assurance components are structured in classes and families, defining the criteria for evaluation of PP, ST, and TOE:
Then, specific security requirements are constructed through component selection, refinement, and tailoring:
--- Part 4: Normative framework for evaluation methods and activities: Aims to provide a standardized framework for normative evaluation methods and activities:
These assessment methods and activities are included in the PP, ST and any supporting documents for assessors to use based on
The evaluation work is carried out based on the models described in other parts of GB/T 18336:
--- Part 5: Predefined security requirement packages: Aims to provide security assurance requirements and security functions commonly used by stakeholders
Required packages, examples of packages provided include Evaluation Assurance Level (EAL) and Combined Assurance Package (CAP):
The target readers of this document mainly include consumers, developers, technical working groups, evaluators, etc: of secure IT products: GB/T 18336:1-
Chapter 5 of 2024 provides additional information on the target readers of GB/T 18336 and how the target reader groups use GB/T 18336:
Information: These audience groups use this document as follows:
a) Consumers select components to describe the protection requirements to meet the security objectives set out in the PP or ST, thereby determining the required security protection:
This document can be used at any level of disability;
b) Developers, when constructing TOEs to respond to actual or anticipated consumer security requirements, may refer to this document to explain the safeguards
Requires a statement and identification of the TOE assurance approach;
c) Assessors, when determining the assurance level of the TOE and evaluating the PPs and STs, use the assurance requirements defined in this document as an assessment tool:
Mandatory statement of assessment criteria:
Note: This document uses bold and italic fonts in some cases to distinguish terms from the rest of the text:
For layered components, when a requirement is enhanced or modified beyond the requirements of the previous component,
When required, they are shown in bold: In addition, any new or enhanced allowed operations in addition to the previous components are also highlighted in bold:
Italics are used to indicate text with a precise meaning: For security assurance requirements, this convention also applies to special verbs related to assessment:
Cybersecurity Technology Information Technology Security Assessment Criteria
Part 3: Safety assurance components
1 Scope
This document defines the assurance requirements of ISO /IEC 15408, including the assessment assurance levels and other requirements included in ISO /IEC 15408-5:
The various assurance packages of other packages, as well as the evaluation criteria for PP, PP-configuration, PP-module and ST:
2 Normative references
The contents of the following documents constitute the essential clauses of this document through normative references in this document:
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document:
GB/T 30270-2024 Cybersecurity technology Information technology security assessment method (ISO /IEC 18045:2022, IDT)
ISO /IEC 15408-1 Information security, network security and privacy protection Information technology security evaluation criteria Part 1: Introduction and
Note: GB/T 18336:1-2024 Cybersecurity technology Information technology security assessment criteria Part 1: Introduction and general model (ISO /IEC 15408-
1:2022,IDT)
ISO /IEC 15408-2 Information security, network security and privacy protection Information technology security evaluation criteria Part 2: Security functions
Note: GB/T 18336:2-2024 Cybersecurity technology Information technology security evaluation criteria Part 2: Security functional components (ISO /IEC 15408-
2:2022,IDT)
ISO /IEC 15408-4 Information security, network security and privacy protection Information technology security evaluation criteria Part 4: Evaluation criteria
Note: GB/T 18336:4-2024 Cybersecurity technology Information technology security assessment criteria Part 4: Normative framework for assessment methods and activities
(ISO /IEC 15408-4:2022, IDT)
ISO /IEC 15408-5 Information security, network security and privacy protection Information technology security evaluation criteria Part 5: Predefined
Note: GB/T 18336:5-2024 Cybersecurity technology Information technology security assessment criteria Part 5: Predefined security requirements package (ISO /
IEC 1540-5:2022, IDT)
3 Terms and definitions
ISO /IEC 15408-1, ISO /IEC 15408-2, ISO /IEC 15408-4, ISO /IEC 15408-5, ISO /IEC 18045 and
For this document, the terms and definitions defined in ISO /IEC IEEE 24765 and the following apply:
......
GB/T 18336.3-2015
Page 1 of 223
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 18336.3-2015 / ISO/IEC 15408-3:2008
Replacing GB/T 18336.3-2008
Information technology - Security techniques -
Evaluation criteria for IT security –
Part 3: Security assurance components
(ISO/IEC 15408-3:2008, IDT)
ISSUED ON: MAY 15, 2015
IMPLEMENTED ON: JANUARY 01, 2016
Issued by: General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Page 2 of 223
Table of Contents
Foreword ... 6
Introduction ... 9
1 Scope ... 10
2 Normative references ... 10
3 Terms and definitions ... 10
4 Overview ... 10
4.1 Organisation of this Part ... 10
5 Assurance paradigm ... 11
5.1 ISO/IEC 15408 philosophy ... 11
5.2 Assurance approach ... 11
5.3 ISO/IEC 15408 evaluation assurance scale ... 13
6 Security assurance components ... 13
6.1 Security assurance classes, families and components structure
... 13
6.2 EAL structure ... 19
6.3 CAP structure ... 21
7 Evaluation assurance levels ... 24
7.1 Evaluation assurance level (EAL) overview ... 24
7.2 Evaluation assurance level details ... 26
7.3 Evaluation assurance level 1 (EAL1) - functionally tested ... 26
7.4 Evaluation assurance level 2 (EAL2) - structurally tested ... 27
7.5 Evaluation assurance level 3 (EAL3) - methodically tested and
checked ... 28
7.6 Evaluation assurance level 4 (EAL4) - methodically designed,
tested, and reviewed ... 29
7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and
tested ... 31
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified
design and tested ... 32
7.9 Evaluation assurance level 7 (EAL7) - formally verified design
and tested ... 34
Page 3 of 223
8 Composed assurance packages ... 35
8.1 Composed assurance package (CAP) overview ... 36
8.2 Composed assurance package details ... 37
8.3 Composition assurance level A (CAP-A) - Structurally composed
... 37
8.4 Composition assurance level B (CAP-B) - Methodically
composed ... 38
8.5 Composition assurance level C (CAP-C) - Methodically
composed, tested and reviewed ... 39
9 Class APE: Protection Profile evaluation ... 40
9.1 PP introduction (APE_INT) ... 41
9.2 Conformance claims (APE_CCL) ... 42
9.3 Security problem definition (APE_SPD) ... 44
9.4 Security objectives (APE_OBJ) ... 45
9.5 Extended components definition (APE_ECD) ... 47
9.6 Security requirements (APE_REQ) ... 48
10 Class ASE: Security Target evaluation ... 51
10.1 ST introduction (ASE_INT) ... 51
10.2 Conformance claims (ASE_CCL) ... 53
10.3 Security problem definition (ASE_SPD) ... 54
10.4 Security objectives (ASE_OBJ) ... 55
10.5 Extended components definition (ASE_ECD) ... 57
10.6 Security requirements (ASE_REQ) ... 59
10.7 TOE summary specification (ASE_TSS) ... 61
11 Class ADV: Development ... 63
11.1 Security Architecture (ADV_ARC) ... 69
11.2 Functional specification (ADV_FSP) ... 71
11.3 Implementation representation (ADV_IMP) ... 83
11.4 TSF internals (ADV_INT) ... 86
11.5 Security policy modelling (ADV_SPM) ... 91
11.6 TOE design (ADV_TDS) ... 93
Page 4 of 223
12 Class AGD: Guidance documents ... 104
12.1 Operational user guidance (AGD_OPE) ... 105
12.2 Preparative procedures (AGD_PRE) ... 107
13 Class ALC: Life-cycle support ... 109
13.1 CM capabilities (ALC_CMC) ... 110
13.2 CM scope (ALC_CMS) ... 120
13.3 Delivery (ALC_DEL) ... 126
13.4 Development security (ALC_DVS)... 127
13.5 Flaw remediation (ALC_FLR) ... 129
13.6 Life-cycle definition (ALC_LCD) ... 134
13.7 Tools and techniques (ALC_TAT) ... 137
14 Class ATE: Tests ... 141
14.1 Coverage (ATE_COV) ... 142
14.2 Depth (ATE_DPT) ... 145
14.3 Functional tests (ATE_FUN) ... 149
14.4 Independent testing (ATE_IND) ... 152
15 Class AVA: Vulnerability assessment ... 157
15.1 Application notes ... 157
15.2 Vulnerability analysis (AVA_VAN) ... 158
16 Class ACO: Composition ... 164
16.1 Composition rationale (ACO_COR) ... 167
16.2 Development evidence (ACO_DEV) ... 168
16.3 Reliance of dependent component (ACO_REL) ... 172
16.4 Composed TOE testing (ACO_CTT) ... 175
16.5 Composition vulnerability analysis (ACO_VUL) ... 178
Annex A (Informative) Development (ADV) ... 183
Annex B (Informative) Composition (ACO) ... 206
Annex C (Informative) Cross reference of assurance component
dependencies ... 216
Annex D (Informative) Cross reference of PPs and assurance
components ... 221
Page 5 of 223
Annex E (Informative) Cross reference of EALs and assurance
components ... 222
Annex F (Informative) Cross reference of CAPs and assurance
components ... 223
Page 6 of 223
Foreword
GB/T 18336 “Information technology - Security techniques - Evaluation criteria for IT
security” includes the following 3 parts:
— Part 1: Introduction and general model;
— Part 2: Security functional components;
— Part 3: Security assurance components.
This Part is part 3 of GB/T 18336.
This Part is drafted in accordance with specifications in GB/T1.1-2009.
This Part replaces GB/T 18336.3-2008 “Information technology - Security techniques -
Evaluation criteria for IT security - Part 3: Security assurance components”.
The main differences between this Part and GB/T 18336.3-2008 are as follows:
— “assurance” is replaced by “guarantee” [Translator note: This is mainly adjustment
on Chinese. In English, the same word “assurance” should remain the most
appropriate, given that “Assurance” is still used in the corresponding ISO/IEC
15408-3:2008. This translation still uses the term “Assurance”];
— "6 Security assurance requirements" is replaced by "6 Security assurance
components";
— "6.3 Protection profile and security target evaluation criteria class structure”, “6.4
Usage of terms in this Part", "6.5 Assurance classification" and “6.6 General
situation of assurance classes and families” are deleted;
— "6.1.5 EAL structure" is re-edited as "6.2 Evaluation assurance levels structure" in
this Part;
— “6.3 Combination assurance package structure” is added;
— "7 Protection profile and security target evaluation criteria" and "11 assurance
classes, families and components" are deleted;
— "8 Combination assurance package" is added;
— "8.1 TOE description" is deleted;
— "9.2 Conformance declaration" is added;
— "8.2 Security environment" and "8.6 Clearly stated IT security requirements" are
amended as "9.3 Security problem definition" and "9.5 Extended components
definition" respectively;
Page 7 of 223
— "9.1 TOE description" and "9.5 PP declaration" are deleted;
— "10.2 Conformance declaration" is added;
— "9.2 Security environment" and “9.7 Clearly stated IT security requirements" are
amended as “10.3 Security problem definition" and "10.5 Extended components
definition" respectively;
— "High level design (ADV_HLD)", "Low level design(ADV_LLD)" and "Representing
corresponding relationship (ADV_RCR)" in "ADV class: development" are deleted;
— "Security architecture (ADV_ARC)" and "TOE design (ADV_TDS)" are added in
"ADV class: development";
— "Administrator guidelines (AGD_ADM)" and "User guidelines (AGD_USR)" of
AGD class are amended as "Operator guidelines(AGD_OPE)" and "Preparation
(AGD_PRE)" respectively;
— "CM capability (ACM_CAP)" and "CM scope (ACM_SCP)" in ACM class as well as
"delivery (ADO_DEL)" in ADO class are combined into ALC class;
— "CM automation (ACM_AUT)" in "ACM class: configuration management" is
deleted;
— "Installation, generation and starting (ADO_IGS) in "ADO class: delivery and
operation" is deleted;
— "Test cover (ATE_COV)" is amended as "Cover (ATE_COV)" while "Test depth
(ATE_DPT)" is amended as "Depth (ATE_DPT)”;
— "Concealed channel analysis (AVA_CCA)", "Misusing (AVA_MSU)" and "TOE
strength of function (AVA_SOF)" in "AVA class: vulnerability evaluation" are
deleted;
— "Vulnerability analysis (AVA_VLA)" is amended as "Vulnerability analysis
(AVA_VAN)";
— "16 ACO class: combination" is added;
— "Annex A development (ADV)", "Annex B combination (ACO)" and "Annex D
cross-reference between PP and assurance components" and "Annex F
Cross-reference between CAP and assurance components" are added;
— “Annex A Cross-reference of dependency relationship of assurance components”
is amended as “Annex C Cross-reference of dependency relationship of
assurance components”. “Annex B Cross-reference between EAL and assurance
components” is amended as “Annex E Cross-reference between EAL and
assurance components”.
Page 8 of 223
This Part uses translation method to equivalently adopt the international standard ISO/IEC
15408-2:2008 “Information technology - Security techniques - Evaluation criteria for IT
security -Part 3: Security assurance components”.
The domestic documents that are consistently corresponding to the normative
international references in this Part are as follows:
-- GB/T 18336.1 Information technology - Security techniques - Evaluation criteria for
IT security – Part 1: Introduction and general mode (GB/T 18336.1-2015, ISO/IEC
15408--1:2009, IDT)
-- GB/T 18336.2 Information technology - Security techniques - Evaluation criteria for
IT security - Part 2: Security functional components (GB/T 18336.2-2015, ISO/IEC
15408-2:2008, IDT).
This Part was proposed by and shall be under jurisdiction of China Information Security
Standardization Technical Committee (SAC/TC 260).
The main drafting organizations of this Part: China Information Technology Security
Evaluation Centre, Information Technology Security Test and Evaluation Centre AND The
Third Research Institute of Ministry of Public Security.
The main drafters of this Part: Zhang Chongbin, Guo Ying, Shi Hongsong, Bi Haiying,
Zhang Baofeng, Gao Jinping, Wang Feng, Yang Yongsheng, Li Guojun, Dong Jingjing,
Xie Di, Wang Hongxian, Zhang Yi, Gu Jian, Qiu Zihua, Song Haohao, Chen Yan, Yang
Yuanyuan, Xu Yuan, Rao Huayi, Wu Yushu and Mao Junjie.
The previous editions replaced by this Part are as follows:
-- GB/T 18336.3-2001;
-- GB/T 18336.3-2008.
Page 10 of 223
Information technology - Security techniques -
Evaluation criteria for IT security –
Part 3: Security assurance components
1 Scope
This Part of GB/T 18336 defines the assurance requirements. It includes the evaluation
assurance levels (EALs) that define a scale for measuring assurance for component
TOEs, the composed assurance packages (CAPs) that define a scale for measuring
assurance for composed TOEs, the individual assurance components from which the
assurance levels and packages are composed, and the criteria for evaluation of PPs and
STs.
2 Normative references
The articles contained in the following documents have become part of this document
when they are quoted herein. For the dated documents so quoted, all the modifications
(including all corrections) or revisions made thereafter shall be applicable to this
document.
ISO/IEC 15408-1, Information technology - Security techniques - Evaluation criteria for
IT security - Part 1: Introduction and general model
ISO/IEC 15408-2, Information technology - Security techniques - Evaluation criteria for
IT security - Part 2: Security functional components
3 Terms and definitions
For the purposes of this document, the terms, definitions, symbols and abbreviated terms
given in ISO/IEC 15408-1 apply.
4 Overview
4.1 Organisation of this Part
Clause 5 describes the paradigm used in the security assurance requirements of this Part.
Clause 6 describes the presentation structure of the assurance classes, families,
components, evaluation assurance levels along with their relationships, and the structure
of the composed assurance packages. It also characterises the assurance classes and
families found in Clauses 9 through 16.
Clause 7 provides detailed definitions of the EALs.
......
GB/T 18336.3-2008
IT security technology information technology security evaluation criteria - Part 3. Security assurance requirements
ICS 35.040
L80
National Standards of People's Republic of China
GB/T 18336.3-2008/ISO /IEC 15408-3.2005
Replacing GB/T 18336.3-2001
Information technology - Security techniques
IT security evaluation criteria
Part 3. Security assurance requirements
(ISO /IEC 15408-3.2005, IDT)
Posted 2008-11-01 2008-06-26 implementation
Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
Standardization Administration of China released
Table of Contents
Introduction Ⅴ
Introduction Ⅵ
1 Scope 1
2 Normative references 1
3 Terms, Definitions and Abbreviations 1
Overview 4 1
Structure 4.1 Part 1
5 GB/T 18336 assurance paradigm 1
5.1 GB/T 18336 Basic Principles 1
5.2 assurance methods 2
5.3 GB/T 18336 Evaluation Assurance Scale 3
6 Security assurance requirements 3
3 6.1 Structure
6.2 Component taxonomy 7
6.3 Protection Profile and Security Target evaluation criteria class structure 7
6.4 Use of terms in section 7
6.5 assurance Category 10
6.6 ensure class and family overview 11
7 Protection Profile and Security Target evaluation criteria 14
7.1 Overview 14
7.2 Protection Profile criteria overview 14
7.3 Security Target criteria overview 15
Class 8 APE. Protection Profile Assessment 16
8.1 TOE description (APE_DES) 16
8.2 Security Environment (APE_ENV) 17
8.3 PP introduction (APE_INT) 17
8.4 security purposes (APE_OBJ) 18
8.5 IT security requirements (APE_REQ) 18
8.6 explicitly stated IT security requirements (APE_SRE) 20
Class 9 ASE. Security Target 21 Assessment
9.1 TOE description (ASE_DES) 22
9.2 Security Environment (ASE_ENV) 22
9.3 ST introduction (ASE_INT) 23
9.4 security purposes (ASE_OBJ) 23
9.5 PP declaration (ASE_PPC) 24
9.6 IT security requirements (ASE_REQ) 25
9.7 explicitly stated IT security requirements (ASE_SRE) 26
GB/T 18336.3-2008/ISO /IEC 15408-3.2005
9.8 TOE Summary Specification (ASE_TSS) 27
10 Evaluation Assurance Level 28
10.1 Evaluation Assurance Level (EAL) overview 28
10.2 Evaluation Assurance Level 30 details
10.3 Evaluation Assurance Level 1 (EAL1) --- Functional Test 30
10.4 Evaluation Assurance Level 2 (EAL2) --- structural testing 30
10.5 Evaluation Assurance Level 3 (EAL3) --- system testing and inspection 31
10.6 Evaluation Assurance Level 4 (EAL4) --- system design, test and review 32
10.7 Evaluation Assurance Level 5 (EAL5) --- semi-formal design and testing 33
10.8 Evaluation Assurance Level 6 (EAL6) --- semi-formal verification of design and testing 34
10.9 Evaluation Assurance Level 7 (EAL7) --- formal verification of design and testing 36
11 assurance classes, families, and components 37
12 ACM class. Configuration Management 37
12.1 CM automation (ACM_AUT) 37
12.2 CM capability (ACM_CAP) 39
12.3 CM scope (ACM_SCP) 45
Class 13 ADO. Delivery and operation 46
13.1 Delivery (ADO_DEL) 46
13.2 installation, generation and start (ADO_IGS) 48
Class 14 ADV. Development 49
14.1 functional specification (ADV_FSP) 52
14.2 high-level design (ADV_HLD) 55
Realization represents 14.3 (ADV_IMP) 59
14.4 TSF internal (ADV_INT) 62
14.5 lower-level design (ADV_LLD) 65
14.6 represents correspondence (ADV_RCR) 67
14.7 Security Policy Model (ADV_SPM) 69
Class 15 AGD. Guidance Document 71
15.1 Administrator's Guide (AGD_ADM) 72
15.2 User Guide (AGD_USR) 73
Class 16 ALC. Life-cycle support 73
16.1 Development security (ALC_DVS) 74
16.2 Rectification of defects (ALC_FLR) 75
16.3 lifecycle definition (ALC_LCD) 78
16.4 Tools and techniques (ALC_TAT) 80
17 ATE class. 81 Test
17.1 test coverage (ATE_COV) 82
17.2 test depth (ATE_DPT) 84
17.3 Functional Test (ATE_FUN) 86
17.4 Independent testing (ATE_IND) 88
Class 18 AVA. Vulnerability assessment 90
GB/T 18336.3-2008/ISO /IEC 15408-3.2005
18.1 covert channel analysis (AVA_CCA) 91
18.2 Misuse (AVA_MSU) 93
18.3 TOE security functional strength (AVA_SOF) 96
18.4 Vulnerability analysis (AVA_VLA) 97
Appendix A (informative) to ensure that cross-reference component dependencies 102
Annex B (informative) Cross references to ensure that components and EAL 106
GB/T 18336.3-2008/ISO /IEC 15408-3.2005
Foreword
GB/T 18336, under the general title "Information technology - Security techniques - Evaluation criteria for IT security", consists of the following
composition.
--- Part 1. Introduction and general model
--- Part 2. Security functional requirements
--- Part 3. Security assurance requirements
This section is GB/T Part of 318,336.
This section identical with the international standard ISO /IEC 15408-3.2005 "Information technology - Security techniques - Information Technology Security Evaluation Associate
- Part 3. Security requirements ", only editorial changes.
This Part replaces GB/T 18336.3-2001 "Information technology - Security techniques - Evaluation criteria for IT security - Part 3.
Safety and security requirements. "
This section GB/T 18336.3-2001 main differences are as follows.
1. Remove the GB/T 18336.3-2001 of "ISO /IEC Foreword";
2. Increase the "Introduction";
3. Reduce the "AMA. ensure maintenance" category;
4. Of GB/T 18336.3-2001 tables in Appendix A. A 1 have been adjusted.
This section of the Appendices A and B are informative appendices.
This part of the National Security Standardization Technical Committee proposed and centralized.
This section of the main drafting unit. China Information Security Evaluation Center.
The main drafters of this section. Wu Shizhong, Lishou Peng, Wang Gui Si, Huangyuan Fei, Chen Xiaohua, Liu Hui, Liu Chunming, Li Bin, Peng Yong, Fu Min, Liu Nan,
Xu long awake, Jane Yuliang, Zhang Li.
GB/T 18336.3-2008/ISO /IEC 15408-3.2005
introduction
This section defines the security assurance components in a Protection Profile (PP) or security target (ST) as expressed in the underlying security assurance requirements.
These requirements establish a representation to assess the object (TOE) to ensure that the requirements of the standard method. This section lists a set of assurance components, families,
And classes. This section also defines the PP and ST evaluation criteria proposed definition of TOE assurance level predefined GB/T 18336
Some Evaluation Assurance Level scale, known as the "Evaluation Assurance Level" (EAL).
The main target audience for this part of the security of IT systems and products to customers, developers, evaluators. GB/T 18336.1 Chapter 4
It provides additional information about GB/T 18336 target audience, as well as additional information GB/T 18336 How to use the target audience group.
Readers of these groups can use this section as follows.
A) The customer, selecting components to express assurance requirements to satisfy the security objectives proposed by a PP or ST, the use of this section.
GB/T 18336.1 of 5.4 provides more detailed information on the relationship between security objectives and security requirements;
b) developers, construction TOE in response to actual or predicted customer security requirements, explain the statement and assurance requirements of the TOE
Reference in this section to ensure the method;
c) the assessor in determining the TOE assurance and assessment PP and ST, the use of this part of the defined assurance requirements as prospective assessment
The mandatory statements.
GB/T 18336.3-2008/ISO /IEC 15408-3.2005
Information technology - Security techniques
IT security evaluation criteria
Part 3. Security assurance requirements
1 Scope
This section defines the GB/T 18336 assurance requirements, including a measure to ensure that the scale of evaluation assurance level (EAL), consisting of a single guarantee level
Components and ensure a PP and ST evaluation criteria.
2 Normative references
The following documents contain provisions which, through reference GB/T 18336 in this section constitute provisions of this section. For dated reference documents
Member, all subsequent amendments (not including errata content) or revisions do not apply to this section, however, encouraged to reach under this section
Parties to research agreement to use the latest versions of these documents. For undated reference documents, the latest versions apply to this
section.
GB/T 18336.1-2008 Information technology - Security techniques - Evaluation criteria for IT security - Part 1. Introduction and general
Model (ISO /IEC 15408-1.2005, IDT)
GB/T 18336.2-2008 Information technology - Security techniques - Evaluation criteria for IT security - Part 2. Security functional to
Demand (ISO /IEC 15408-2.2005, IDT)
3 Terms, definitions and abbreviations
Terminology GB/T 18336.1 given, definitions and abbreviations apply to this section.
4 Overview
Structure 4.1 parts
Chapter 5 describes the paradigm in the security assurance requirements in this section used.
Chapter 6 describes the assurance class that represents the family structure, components, and evaluation assurance level, and the relationship between them. It also depicts the first
Chapter 12 to Chapter 18 can be found to ensure that classes and ethnic characteristics.
Chapter 7, Chapter 8 and Chapter 9, first for PP and ST evaluation criteria for a brief introduction, and then to be used in the assessment of the family and group
Member has done a detailed explanation.
Chapter 10 gives the Evaluation Assurance Level (EAL) detailed definition.
Chapter 11 to ensure that the class gave a brief introduction, followed by Chapter 12 to Chapter 18 gives a detailed definition of these classes.
Appendix A shows the dependencies between the assurance components summary.
Appendix B shows the cross-references Evaluation Assurance Level (EAL) and assurance components.
5 GB/T 18336 assurance paradigm
This chapter is intended to set forth the basic principles of support GB/T 18336 assurance method. By understanding this chapter will enable readers to understand implied in this
Part of the basic principles of assurance requirements.
5.1 GB/T 18336 Basic Principles
GB/T 15408 is the basic principle of security threats and organizational security policy commitments should be clearly and unambiguously expressed, as well as the safety of the proposed
Measures proved sufficient to achieve the desired security purposes.
GB/T 18336.3-2008/ISO /IEC 15408-3.2005
......
|