Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1
ISO/IEC 15408 ISO/IEC 15408 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 2
ISO/IEC 15408 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 3
PC IC Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 4
ISO/IEC 15408 ( ) ISO/IEC 21857(SSE-CMM) ISO/IEC TR 15504 CMMI ISO 9000 ISO/IEC 15408(CC) ISO/IEC 17799 BS 7799 ISO/IEC TR13335(GMITS) ISO/IEC 21857(SSE-CMM) ISMS PKI Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 5
ISO/IEC 15408 * (ISO/IEC ISO/IEC 15408 ) * ( ) EAL1 EAL4 EAL7 * EAL Evaluation Assurance Level Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 6
ISO/IEC 15408 ISO/IEC 15408 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 7
ISO/IEC Guide 58 ISO/IEC Guide 65 Validation/Certification Accreditation Evaluation CCRA ) CCRA CC Common Criteria CEMCommon Evaluation Methodology ISO/IEC Guide 58 : Calibration and testing laboratories accreditation systems General requirements for operation and recognition ISO/IEC Guide 65 : General requirements for bodies operating product certification systems ISO/IEC 17025 : General requirements for the competence of testing and calibration laboratories Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 8
ISO/IEC 15408 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 9
ISO/IEC 15408 Part 1 STSecurity Target PPProtection Profile Part 2 Part 3 EAL1EAL7 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 10
(ST) Security Target Part 2 Part 3 (*) TOE Target Of Evaluation Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 11
(PP) ISO/IEC 15408Part 1 Security Target Protection Profile TOE (*) TOE TOE Part 2 Part 3 DBMSPP IC PP PKIPP BankingPP Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 12
ST PP (ST) TOE Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 13
Security functional requirements ISO/IEC 15408Part 2 (Security audit FAU) (Communication FCO) (Cryptographic support FCS) (User data protection FDP) (Identification and authentication FIA) (Security management FMT) (Privacy FPR) TOE (TSF) (Protection of the TSF FPT) (Resource utilisation FRU) TOE (TOE access FTA) (Trusted path/channels FTP) Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 14
(Security assurance requirements) ISO/IEC 15408Part 3 PP (PP evaluationape) ST (ST evaluationase) (Configuration managementacm) (Delivery and operationado) (DevelopmentADV) (Guidance documentsagd) (Life cycle supportalc) (TestsATE) (Vulnerability assessmentava) (Maintenance of assuranceama) Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 15
EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 (EAL Evaluation Assurance Level) EAL EAL7 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 16
Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 17 TSF ADV_INT ALC_FLR AVA_MSU TOE CM CM CM EAL3 AVA_VLA AVA_SOF AVA_CCA ATE_IND ATE_FUN ATE_DPT ATE_COV ALC_TAT ALC_LCD ALC_DVS AGD_USR AGD_ADM ADV_SPM ADV_RCR ADV_LLD ADV_IMP ADV_HLD ADV_FSP ADO_IGS ADO_DEL ACM_SCP 1 ACM_CAP 1 ACM_AUT EAL4 EAL2 EAL1
CEM CC PPST EAL1EAL4 CC 19998 (TR) 200111 TR X 0049:2001 ISO/IEC SC27 WG3 CEMTR Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 18
No new versions until April 2003 (at the earliest) Modifications to the CC & CEM Interpretations (implicit modification) Revised Assurance Components (APE/ASE, AVA- VLA) Unbuckling of Assurance Components Additions/replacements to the CC & CEM Assurance Maintenance (AMA) Flaw Remediation (FLR) Definition of EAL 5 From Future Direction of CC & CEM, Dr. Stuart Karzke, NIST2002-03-29 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 19
Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 20
1983 TCSEC (Orange Book) ITSEC 1991 CC (Common Criteria) V1.0 1996 V2.0 1998V2.1 1999 (ISO/IEC JTC 1SC 27WG 3 ) ISO/IEC 15408 1999 6 (IS) 12 ITSEC Information Technology Security Evaluation Criteria TCSEC Trusted Computer System Evaluation Criteria CC Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 21
RA Common Criteria Recognition Arrangement CC 199810 Canada FranceGermanyUKUSA5 MRA 199910 20005 ICCC(International Common Criteria Conference Baltimore authorize Certificate Authorizing Participant Certificate Consuming Participant Finland, Greece, Italy, Netherlands, Norway, Spain Certificate Consuming Participant 200011 Certificate Consuming Participant 20022 Certificate Consuming Participant Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 22
CCRA Common Criteria Recognition Arrangement CCRA 20022 (Evaluation) (Validation Certification) CCRA (Accreditation) Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 23
* CCRA 200110 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 24
Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 25
http://www.ipa.go.jp/security/ Common Criteria Project http://www.commoncriteria.org/ Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 26