GB/T 18336.2-2024 (GB/T 18336.2-2015) PDF EnglishUS$500.00 · In stock · Download in 9 seconds
GB/T 18336.2-2015: Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional components Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Obsolete GB/T 18336.2: Historical versions
Similar standardsGB/T 18336.2-2015: Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional components---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT18336.2-2015 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 GB/T 18336.2-2015 / ISO/IEC 15408-2.2008 Replacing GB/T 18336.2-2008 Information technology - Security techniques - Evaluation criteria for IT security - Part 2. Security functional components (ISO/IEC 15408-2.2008, IDT) Issued on: MAY 15, 2015 Implemented on: JANUARY 01, 2016 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of China; Standardization Administration of the People’s Republic of China. Table of ContentsForeword... 6 Introduction... 8 1 Scope... 9 2 Normative references... 9 3 Terms and definitions... 9 4 Overview... 9 4.1 Organisation of this Part... 10 5 Functional requirements paradigm... 10 6 Security functional components... 15 6.1 Overview... 15 6.2 Component catalogue... 19 7 Class FAU. Security audit... 21 7.1 Security audit automatic response (FAU_ARP)... 21 7.2 Security audit data generation (FAU_GEN)... 22 7.3 Security audit analysis (FAU_SAA)... 23 7.4 Security audit review (FAU_SAR)... 27 7.5 Security audit event selection (FAU_SEL)... 29 7.6 Security audit event storage (FAU_STG)... 29 8 Class FCO. Communication... 32 8.1 Non-repudiation of origin (FCO_NRO)... 32 8.2 Non-repudiation of receipt (FCO_NRR)... 34 9 Class FCS. Cryptographic support... 36 9.1 Cryptographic key management (FCS_CKM)... 37 9.2 Cryptographic operation (FCS_COP)... 39 10 Class FDP. User data protection... 40 10.1 Access control policy (FDP_ACC)... 43 10.2 Access control functions (FDP_ACF)... 44 10.3 Data authentication (FDP_DAU)... 45 10.4 Export from the TOE (FDP_ETC)... 47 10.5 Information flow control policy (FDP_IFC)... 49 10.6 Information flow control functions (FDP_IFF)... 50 10.7 Import from outside of the TOE (FDP_ITC)... 55 10.8 Internal TOE transfer (FDP_ITT)... 57 10.9 Residual information protection (FDP_RIP)... 60 10.10 Rollback (FDP_ROL)... 61 10.11 Stored data integrity (FDP_SDI)... 62 10.12 Inter-TSF user data confidentiality transfer protection (FDP_UCT)... 64 11 Class FIA. Identification and authentication... 67 11.1 Authentication failures (FIA_AFL)... 68 11.2 User attribute definition (FIA_ATD)... 70 11.3 Specification of secrets (FIA_SOS)... 70 11.4 User authentication (FIA_UAU)... 72 11.5 User identification (FIA_UID)... 76 11.6 User-subject binding (FIA_USB)... 77 12 Class FMT. Security management... 78 12.1 Management of functions in TSF (FMT_MOF)... 80 12.2 Management of security attributes (FMT_MSA)... 80 12.3 Management of TSF data (FMT_MTD)... 83 12.4 Revocation (FMT_REV)... 85 12.5 Security attribute expiration (FMT_SAE)... 86 12.6 Specification of Management Functions (FMT_SMF)... 87 12.7 Security management roles (FMT_SMR)... 88 13 Class FPR. Privacy... 90 13.1 Anonymity (FPR_ANO)... 91 13.2 Pseudonymity (FPR_PSE)... 92 13.3 Unlinkability (FPR_UNL)... 94 13.4 Unobservability (FPR_UNO)... 95 14 Class FPT. Protection of the TSF... 97 14.1 Fail secure (FPT_FLS)... 99 14.2 Availability of exported TSF data (FPT_ITA)... 99 14.3 Confidentiality of exported TSF data (FPT_ITC)... 100 14.4 Integrity of exported TSF data (FPT_ITI)... 101 14.5 Internal TOE TSF data transfer (FPT_ITT)... 103 14.6 TSF physical protection (FPT_PHP)... 105 14.7 Trusted recovery (FPT_RCV)... 107 14.8 Replay detection (FPT_RPL)... 110 14.9 State synchrony protocol (FPT_SSP)... 111 14.10 Time stamps (FPT_STM)... 112 14.11 Inter-TSF TSF data consistency (FPT_TDC)... 113 14.12 Testing of external entities (FPT_TEE)... 114 14.13 Internal TOE TSF data replication consistency (FPT_TRC).. 115 14.14 TSF self test (FPT_TST)... 116 15 Class FRU. Resource utilisation... 117 15.1 Fault tolerance (FRU_FLT)... 118 15.2 Priority of service (FRU_PRS)... 119 15.3 Resource allocation (FRU_RSA)... 120 16 Class FTA. TOE access... 122 16.1 Limitation on scope of selectable attributes (FTA_LSA)... 122 16.2 Limitation on multiple concurrent sessions (FTA_MCS)... 123 16.3 Session locking and termination (FTA_SSL)... 125 16.4 TOE access banners (FTA_TAB)... 127 16.5 TOE access history (FTA_TAH)... 128 16.6 TOE session establishment (FTA_TSE)... 129 17 Class FTP. Trusted path/channels... 130 17.1 Inter-TSF trusted channel (FTP_ITC)... 131 17.2 Trusted path (FTP_TRP)... 132 Annex A (Normative) Security functional requirements application notes ... 134 Annex B (Normative) Functional classes, families, and components... 143 Annex C (Normative) Class FAU. Security audit... 144 Annex D (Normative) Class FCO. Communication... 159 Annex E (Normative) Class FCS. Cryptographic support... 165 Annex F (Normative) Class FDP. User data protection... 171 Annex G (Normative) Class FIA. Identification and authentication... 203 Annex H (Normative) Class FMT. Security management... 214 Annex I (Normative) Class FPR. Privacy... 225 Annex J (Normative) Class FPT. Protection of the TSF... 239 Annex K (Normative) Class FRU. Resource utilisation... 260 Annex L (Normative) Class FTA. TOE access... 266 Annex M (Normative) Class FTP. Trusted path/channels... 273ForewordGB/T 18336 “Information technology - Security techniques - Evaluation criteria for IT security” includes the following 3 parts. -- Part 1.Introduction and general model; -- Part 2.Security functional components; -- Part 3.Security assurance components. This Part is part 2 of GB/T 18336. This Part is drafted in accordance with specifications in GB/T1.1-2009. This Part shall replace GB/T 18336.2-2008 “Information technology - Security techniques - Evaluation criteria for IT security - Part 2.Security functional components”. The main differences between this Part and GB/T 18336.2-2008 are as follows. — “assurance” is replaced by “assurance” [Translator note. This is mainly adjustment on Chinese. In English, the same word “assurance” should remain the most appropriate, given that “Assurance” is still used in the corresponding ISO/IEC 15408-2.2008.This translation still uses the term “Assurance”]; — “10.4 Export outside TSF control (FDP_ETC)” is amended as “10.4 Export from TOE (FDP_ETC)”; — “10.7 Import from outside TSF control(FDP_ITC)” is amended as” 10.7 Import from outside TOE (FDP_ITC)”; — “14.1 Bottom abstract machine test (FPT_AMT)”, “14.10 Referring to arbitration (FTP_RVM)” and “14.11 Domain separation” in “14 FPT class. TSF protection” are deleted; — “14.12 Test of external entity(FPT_TEE)” is added in “14 FPT class. TSF protection”; — "16.3 Session lock (FTA_SSL)" is amended as "16.3 Session lock and termination(FTA_SSL)"; — “threshold value” is replace by “critical value” [Translator note. As the corresponding ISO/IEC 15408-2.2008 still uses term “Threshold value”, this translation follows the term “Threshold value”, given that “This Part uses translation method to equivalently adopt the international standard ISO/IEC 15408-2.2008”]; — “mediate” is replaced by “promote” [Translator note. This is mainly adjustment on Chinese. In English, the same word “mediate” should remain the most appropriate, given that “Mediate” is still used in the corresponding ISO/IEC 15408-2.2008.This translation still uses the term “Mediate”]; This Part uses translation method to equivalently adopt the international standard ISO/IEC 15408-1.2008 “Information technology - Security techniques - Evaluation criteria for IT security – Part 2.Security functional components”. The domestic documents that are consistently corresponding to the normative international references in this Part are as follows. — GB/T 18336.1 “Information technology - Security techniques - Evaluation criteria for IT security Part 1.Introduction and general model”. (GB/T 18336.1-2015, ISO/IEC 15408-1.2009, IDT)” This Part has the following editorial amendments. — There is editorial error in the original text of sub-clause 4.1; it is now amended as “Those who author PP or ST should refer to clause 3 and relevant annexes of ISO/IEC 15408-1 for relevant structures, rules, and guidance”. This Part was proposed by and shall be under the jurisdiction of China Information Security Standardization Technical Committee (SAC/TC 260). The main drafting organizations of this Part. China Information Technology Security Evaluation Centre, Information Technology Security Test and Evaluation Centre, The Third Research Institute of Ministry of Public Security AND China Information Technology Security Evaluation Centre Jilin Centre. The main drafters of this Part. Zhang Chongbin, Guo Ying, Shi Hongsong, Bi Haiying, Zhang Baofeng, Gao Jinping, Wang Feng, Yang Yongsheng, Li Guojun, Dong Jingjing, Xie Di, Wang Hongxian, Zhang Yi, Gu Jian, Qiu Zihua, Song Haohao, Chen Yan, Yang Yuanyuan, Li Fengjuan, Pangbo, Zhang Xiao, Liu Yuhan, Wang Shuyi, Zhou Boyang, Tang Xiqing, Jiang Xianlan and Zhang Shuangshuang. The previous editions replaced by this Part are as follows. -- GB/T 18336.2-2001; -- GB/T 18336.2-2008.IntroductionSecurity functional components, as defined in this Part, are the basis for the security functional requirements expressed in a Protection Profile (PP) or a Security Target (ST). These requirements describe the desired security behaviour expected of a Target of Evaluation (TOE) and are intended to meet the security objectives as stated in a PP or an ST. These requirements describe security properties that users can detect by direct interaction (i.e. inputs, outputs) with the IT or by the IT response to stimulus. Security functional components express security requirements intended to counter threats in the assumed operating environment of the TOE and/or cover any identified organisational security policies and assumptions. The audience for this Part includes consumers, developers, and evaluators of secure IT products. ISO/IEC 15408-1 Clause 5 provides additional information on the target audience of ISO/IEC 15408, and on the use of ISO/IEC 15408 by the groups that comprise the target audience. These groups may use this Part as follows. a) Consumers, who use this Part when selecting components to express functional requirements to satisfy the security objectives expressed in a PP or ST. ISO/IEC 15408-1 provides more detailed information on the relationship between security objectives and security requirements. b) Developers, who respond to actual or perceived consumer security requirements in constructing a TOE, may find a standardised method to understand those requirements in this Part. They can also use the contents of this Part as a basis for further defining the TOE security functionality and mechanisms that comply with those requirements. c) Evaluators, who use the functional requirements defined in this Part in verifying that the TOE functional requirements expressed in the PP or ST satisfy the IT security objectives and that all dependencies are accounted for and shown to be satisfied. Evaluators also should use this Part to assist in determining whether a given TOE satisfies stated requirements. Information technology - Security techniques - Evaluation criteria for IT security - Part 2.Security functional components1 ScopeThis Part of GB/T 18336 defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that will meet the common security functionality requirements of many IT products.2 Normative referencesThe articles contained in the following documents have become part of this document when they are quoted herein. For the dated documents so quoted, all the modifications (including all corrections) or revisions made thereafter shall be applicable to this document. ISO/IEC 15408-1, Information technology - Security techniques - Evaluation criteria for IT security - Part 1.Introduction and general model3 Terms and definitionsFor the purposes of this document, the following terms and definitions given in ISO/IEC 15408-1 apply.4 OverviewISO/IEC 15408 and the associated security functional requirements described herein are not meant to be a definitive answer to all the problems of IT security. Rather, this standard offers a set of well understood security functional requirements that can be used to create trusted products reflecting the needs of the market. These security functional requirements are presented as the current state of the art in requirements specification and evaluation. This Part does not presume to include all possible security functional requirements but rather contains those that are known and agreed to be of value by this Part’s authors at the time of release. Since the understanding and needs of consumers may change, the functional requirements in this Part will need to be maintained. It is envisioned that some PP/ST authors may have security needs not (yet) covered by the functional requirement This component should be used when a trusted communication channel between the TSF and another trusted IT product is required. M.1.2.2 Operations M.1.2.2.1 Selection In FTP_ITC.1.2, the PP/ST author must specify whether the local TSF, another trusted IT product, or both shall have the capability to initiate the trusted channel. M.1.2.2.2 Assignment In FTP_ITC.1.3, the PP/ST author should specify the functions for which a trusted channel is required. Examples of these functions may include transfer of user, subject, and/or object security attributes and ensuring consistency of TSF data. M.2 Trusted path (FTP_TRP) M.2.1 User notes This family defines the requirements to establish and maintain trusted communication to or from users and the TSF. A trusted path may be required for any security-relevant interaction. Trusted path exchanges may be initiated by a user during an interaction with the TSF, or the TSF may establish communication with the user via a trusted path. M.2.2 FTP_TRP.1 Trusted path M.2.2.1 User application notes This component should be used when trusted communication between a user and the TSF is required, either for initial authentication purposes only or for additional specified user operations. M.2.2.2 Operations M.2.2.2.1 Selection In FTP_TRP.1.1, the PP/ST author should specify whether the trusted path must be extended to remote and/or local users. In FTP_TRP.1.1, the PP/ST author should specify whether the trusted path shall protect the data from modification, disclosure, and/or other types of integrity or confidentiality violation. M.2.2.2.2 Assignment ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. |
