标准编号:ISO/IEC TS 19608:2018
中文名称:基于ISO/IEC 15408开发安全和隐私功能需求指南
英文名称:Guidance for developing security and privacy functional requirements based on ISO/IEC 15408
发布日期:2018-10
标准范围
This document provides guidance for:
— selecting and specifying security functional requirements (SFRs) from ISO/IEC 15408-2 to protect
Personally Identifiable Information (PII);
— the procedure to define both privacy and security functional requirements in a coordinated
manner; and
— developing privacy functional requirements as extended components based on the privacy principles
defined in ISO/IEC 29100 through the paradigm described in ISO/IEC 15408-2.
The intended audience for this document are:
— developers who implement products or systems that deal with PII and want to undergo a security
evaluation of those products using ISO/IEC 15408. They will get guidance how to select security
functional requirements for the Security Target of their product or system that map to the privacy
principles defined in ISO/IEC 29100;
— authors of Protection Profiles that address the protection of PII; and
— evaluators that use ISO/IEC 15408 and ISO/IEC 18045 for a security evaluation.
This document is intended to be fully consistent with ISO/IEC 15408; however, in the event of any
inconsistency between this document and ISO/IEC 15408, the latter, as a normative standard, takes
precedence.
立即下载标准文件