Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1

Size: px

Start display at page:

ぜんすけこうい
5 years ago
Views:

5 ISO/IEC ( ) ISO/IEC 21857(SSE-CMM) ISO/IEC TR CMMI ISO 9000 ISO/IEC 15408(CC) ISO/IEC BS 7799 ISO/IEC TR13335(GMITS) ISO/IEC 21857(SSE-CMM) ISMS PKI Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 5

8 ISO/IEC Guide 58 ISO/IEC Guide 65 Validation/Certification Accreditation Evaluation CCRA ) CCRA CC Common Criteria CEMCommon Evaluation Methodology ISO/IEC Guide 58 : Calibration and testing laboratories accreditation systems General requirements for operation and recognition ISO/IEC Guide 65 : General requirements for bodies operating product certification systems ISO/IEC : General requirements for the competence of testing and calibration laboratories Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 8

12 (PP) ISO/IEC 15408Part 1 Security Target Protection Profile TOE (*) TOE TOE Part 2 Part 3 DBMSPP IC PP PKIPP BankingPP Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 12

14 Security functional requirements ISO/IEC 15408Part 2 (Security audit FAU) (Communication FCO) (Cryptographic support FCS) (User data protection FDP) (Identification and authentication FIA) (Security management FMT) (Privacy FPR) TOE (TSF) (Protection of the TSF FPT) (Resource utilisation FRU) TOE (TOE access FTA) (Trusted path/channels FTP) Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 14

15 (Security assurance requirements) ISO/IEC 15408Part 3 PP (PP evaluationape) ST (ST evaluationase) (Configuration managementacm) (Delivery and operationado) (DevelopmentADV) (Guidance documentsagd) (Life cycle supportalc) (TestsATE) (Vulnerability assessmentava) (Maintenance of assuranceama) Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 15

17 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 17 TSF ADV_INT ALC_FLR AVA_MSU TOE CM CM CM EAL3 AVA_VLA AVA_SOF AVA_CCA ATE_IND ATE_FUN ATE_DPT ATE_COV ALC_TAT ALC_LCD ALC_DVS AGD_USR AGD_ADM ADV_SPM ADV_RCR ADV_LLD ADV_IMP ADV_HLD ADV_FSP ADO_IGS ADO_DEL ACM_SCP 1 ACM_CAP 1 ACM_AUT EAL4 EAL2 EAL1

19 No new versions until April 2003 (at the earliest) Modifications to the CC & CEM Interpretations (implicit modification) Revised Assurance Components (APE/ASE, AVA- VLA) Unbuckling of Assurance Components Additions/replacements to the CC & CEM Assurance Maintenance (AMA) Flaw Remediation (FLR) Definition of EAL 5 From Future Direction of CC & CEM, Dr. Stuart Karzke, NIST Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 19

21 1983 TCSEC (Orange Book) ITSEC 1991 CC (Common Criteria) V V V (ISO/IEC JTC 1SC 27WG 3 ) ISO/IEC (IS) 12 ITSEC Information Technology Security Evaluation Criteria TCSEC Trusted Computer System Evaluation Criteria CC Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 21

22 RA Common Criteria Recognition Arrangement CC Canada FranceGermanyUKUSA5 MRA ICCC(International Common Criteria Conference Baltimore authorize Certificate Authorizing Participant Certificate Consuming Participant Finland, Greece, Italy, Netherlands, Norway, Spain Certificate Consuming Participant Certificate Consuming Participant Certificate Consuming Participant Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 22

CCRA Common Criteria Recognition Arrangement CCRA 20022 (Evaluation) (Validation Certification) CCRA

23 CCRA Common Criteria Recognition Arrangement CCRA (Evaluation) (Validation Certification) CCRA (Accreditation) Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 23

Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1

Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1 ISO/IEC 15408 ISO/IEC 15408 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved.