您的位置: 标准下载 » 国际标准 » BS 英国标准 »

BS ISO/IEC 15408-1-1999 信息技术.安全技术.IT安全性评价准则.介绍和一般模式

时间:2024-03-29 23:55:01 来源: 标准资料网 作者:标准资料网 阅读:8266
下载地址: 点击此处下载
【英文标准名称】:Informationtechnology-Securitytechniques-EvaluationcriteriaforITsecurity-Introductionandgeneralmodel
【原文标准名称】:信息技术.安全技术.IT安全性评价准则.介绍和一般模式
【标准号】:BSISO/IEC15408-1-1999
【标准状态】:作废
【国别】:英国
【发布日期】:2000-02-15
【实施或试行日期】:2000-02-15
【发布单位】:英国标准学会(GB-BSI)
【起草单位】:BSI
【标准类型】:()
【标准水平】:()
【中文主题词】:消费者;验收(鉴定);数据存储保护;信息交流;质量保证;资产;选择;数据处理;数据安全
【英文主题词】:definitions;informationexchange;datasecurity;definition;informationtechnology;dataprotection;datatransmission;models;confidenceintervals;dataprocessing;levelofconfidence;safety;informationinterchange
【摘要】:ThismultipartstandardISO/IEC15408definescriteria,whichforhistoricalandcontinuitypurposesarereferredtohereinastheCommonCriteria(CC),tobeusedasthebasisforevaluationofsecuritypropertiesofITproductsandsystems.Byestablishingsuchacommoncriteriabase,theresultsofanITsecurityevaluationwillbemeaningfultoawideraudience.TheCCwillpermitcomparabilitybetweentheresultsofindependentsecurityevaluations.ItdoessobyprovidingacommonsetofrequirementsforthesecurityfunctionsofITproductsandsystemsandforassurancemeasuresappliedtothemduringasecurityevaluation.Theevaluationprocessestablishesalevelofconfidencethatthesecurityfunctionsofsuchproductsandsystemsandtheassurancemeasuresappliedtothemmeettheserequirements.TheevaluationresultsmayhelpconsumerstodeterminewhethertheITproductorsystemissecureenoughfortheirintendedapplicationandwhetherthesecurityrisksimplicitinitsusearetolerable.TheCCisusefulasaguideforthedevelopmentofproductsorsystemswithITsecurityfunctionsandfortheprocurementofcommercialproductsandsystemswithsuchfunctions.Duringevaluation,suchanITproductorsystemisknownasaTargetofEvaluation(TOE).SuchTOEsinclude,forexample,operatingsystems,computernetworks,distributedsystems,andapplications.TheCCaddressesprotectionofinformationfromunauthoriseddisclosure,modification,orlossofuse.Thecategoriesofprotectionrelatingtothesethreetypesoffailureofsecurityarecommonlycalledconfidentiality,integrity,andavailability,respectively.TheCCmayalsobeapplicabletoaspectsofITsecurityoutsideofthesethree.TheCCconcentratesonthreatstothatinformationarisingfromhumanactivities,whethermaliciousorotherwise,butmaybeapplicabletosomenon-humanthreatsaswell.Inaddition,theCCmaybeappliedinotherareasofIT,butmakesnoclaimofcompetenceoutsidethestrictdomainofITsecurity.TheCCisapplicabletoITsecuritymeasuresimplementedinhardware,firmwareorsoftware.Whereparticularaspectsofevaluationareintendedonlytoapplytocertainmethodsofimplementation,thiswillbeindicatedwithintherelevantcriteriastatements.Certaintopics,becausetheyinvolvespecialisedtechniquesorbecausetheyaresomewhatperipheraltoITsecurity,areconsideredtobeoutsidethescopeoftheCC.Someoftheseareidentifiedbelow.a)TheCCdoesnotcontainsecurityevaluationcriteriapertainingtoadministrativesecuritymeasuresnotrelateddirectlytotheITsecuritymeasures.However,itisrecognisedthatasignificantpartofthesecurityofaTOEcanoftenbeachievedthroughadministrativemeasuressuchasorganisational,personnel,physical,andproceduralcontrols.AdministrativesecuritymeasuresintheoperatingenvironmentoftheTOEaretreatedassecureusageassumptionswherethesehaveanimpactontheabilityoftheITsecuritymeasurestocountertheidentifiedthreats.b)TheevaluationoftechnicalphysicalaspectsofITsecuritysuchaselectromagneticemanationcontrolisnotspecificallycovered,althoughmanyoftheconceptsaddressedwillbeapplicabletothatarea.Inparticular,theCCaddressessomeaspectsofphysicalprotectionoftheTOE.c)TheCCaddressesneithertheevaluationmethodologynortheadministrativeandlegalframeworkunderwhichthecriteriamaybeappliedbyevaluationauthorities.However,itisexpectedthattheCCwillbeusedforevaluationpurposesinthecontextofsuchaframeworkandsuchamethodology.d)TheproceduresforuseofevaluationresultsinproductorsystemaccreditationareoutsidethescopeoftheCC.ProductorsystemaccreditationistheadministrativeprocesswherebyauthorityisgrantedfortheoperationofanITproductorsysteminitsfulloperationalenvironment.EvaluationfocusesontheITsecurityparts
【中国标准分类号】:L70
【国际标准分类号】:35_040
【页数】:64P.;A4
【正文语种】:英语


基本信息
标准名称:焊接性试验 搭接接头(CTS)焊接裂纹试验方法
英文名称:Weldability testing;Method of controlled thermal severity cracking test
中标分类: 机械 >> 加工工艺 >> 焊接与切割
ICS分类: 机械制造 >> 焊接、钎焊和低温焊 >> 焊接接头
发布部门:国家标准局
发布日期:1984-07-28
实施日期:1985-05-01
首发日期:1984-07-28
作废日期:2005-10-14
主管部门:国家标准化管理委员会
归口单位:全国焊接标准化技术委员会
起草单位:哈尔滨焊接所
出版日期:1900-01-01
页数:6页
适用范围

本标准适用于低合金钢和碳素钢搭接接头焊接裂纹试验。

前言

没有内容

目录

没有内容

引用标准

没有内容

所属分类: 机械 加工工艺 焊接与切割 机械制造 焊接 钎焊和低温焊 焊接接头
基本信息
标准名称:地下水质检验方法 温度的测定
中标分类: 矿业 >> 地质矿产勘察与开发 >> 水文地质勘察
发布日期:
实施日期:1993-10-01
首发日期:
作废日期:
出版日期:
页数:1页
适用范围

没有内容

前言

没有内容

目录

没有内容

引用标准

没有内容

所属分类: 矿业 地质矿产勘察与开发 水文地质勘察