2006/6/16 2006/9/1 2007/11/9 () 2011/4/21 2005 2006 3 (2005 12 ())2005 12 13 2011 4 21 2011 4 ii

Similar documents
内閣官房情報セキュリティセンター(NISC)

橡セキュリティポリシー雛形策定に関する調査報告書

untitled




V ERP Standard Edition 1 ST ST TOE TOE TOE TOE TOE TOE // TOE

CIA+

AccessflÌfl—−ÇŠš1

ii


2

untitled

i

情報セキュリティの現状と課題

HITACHI 液晶プロジェクター CP-AX3505J/CP-AW3005J 取扱説明書 -詳細版- 【技術情報編】

i


Wide Scanner TWAIN Source ユーザーズガイド

取扱説明書 -詳細版- 液晶プロジェクター CP-AW3019WNJ


kokudenntsushi52

入門ガイド

<4D F736F F F696E74202D C835B B E B8CDD8AB B83685D>

SC-85X2取説


untitled

活用ガイド (ソフトウェア編)

B. 41 II: 2 ;; 4 B [ ] S 1 S 2 S 1 S O S 1 S P 2 3 P P : 2.13:

HITACHI 液晶プロジェクター CP-EX301NJ/CP-EW301NJ 取扱説明書 -詳細版- 【技術情報編】 日本語

パソコン機能ガイド

パソコン機能ガイド

A(6, 13) B(1, 1) 65 y C 2 A(2, 1) B( 3, 2) C 66 x + 2y 1 = 0 2 A(1, 1) B(3, 0) P 67 3 A(3, 3) B(1, 2) C(4, 0) (1) ABC G (2) 3 A B C P 6


II

これわかWord2010_第1部_ indd

パワポカバー入稿用.indd

これでわかるAccess2010


平成18年版 男女共同参画白書

生活設計レジメ

44 4 I (1) ( ) (10 15 ) ( 17 ) ( 3 1 ) (2)

I II III 28 29

178 5 I 1 ( ) ( ) ( ) ( ) (1) ( 2 )


Taro10-名張1審無罪判決.PDF

untitled


Web STEPS Web Web Form Cookie HTTP STEPS Web

活用ガイド (ハードウェア編)

『引越れんらく帳』説明資料

エクセルカバー入稿用.indd


今企業が取るべきセキュリティ対策とは策

Cisco® ASA シリーズルーター向けDigiCert® 統合ガイド

01_.g.r..


untitled

FirePass Edge Client TM Edge Client LAN Edge Client 7.0 Edge Client Edge Client Edge Client Edge Client Edge Client Edge Client LAN Edge Client VPN Wi

IPA

活用ガイド (ソフトウェア編)

/07/ /10/12 I

困ったときのQ&A

困ったときのQ&A

補足情報

Transcription:

2011 4

2006/6/16 2006/9/1 2007/11/9 () 2011/4/21 2005 2006 3 (2005 12 ())2005 12 13 2011 4 21 2011 4 ii

1 2 A 3 B C IT NISD-K304-101 NISD-K305-101 iii

ST ST DM6-08-101 2011 4 ST ST NISD-K304-101 NISD-K305-101 2011 4 21 NISD-K303-101C 2011 4 21 NISD-K303-101C 2011 4 21 2011 3 SBD: Security By Design iv

(CIO)2006 ( 18 )3 31 ISO/IEC 15408: 2005 Information technology Security techniques- Evaluation criteria for IT security -- Part1, 2, 3 ISO/IEC 15408 IT IPA ISO/IEC 15408 IPA http://www.ipa.go.jp/security/jisec/index.html 2011 4 IT v

1.... 1 1.1.... 1 1.2.... 1 1.3.... 3 1.4.... 3 1.5.... 4 1.5.1.... 4 1.5.2.... 6 1.5.3.... 6 2.... 8 2.1.... 8 2.2.... 9 2.2.1.... 10 2.2.2.... 18 2.2.3.... 22 2.2.4.... 25 3.... 27 3.1.... 27 3.2.... 28 3.2.1.... 28 3.2.2.... 29 3.2.3.... 29 3.2.4.... 30 3.2.5.... 30 3.3.... 33 3.3.1.... 33 3.4.... 35 4.... 36... 38 A... 39 B... 41 C IT... 43 1. IT JISEC... 43 2.... 43 3. EAL... 43 4.... 44 5.... 45 5.1.... 45 5.2.... 46 vi

5.3.... 47 6.... 49 6.1.... 50 6.2.... 51... 52 WEB vii

1. 1.1. 1.2. 1.1.1.5 1

- [ 1] [] [] - [ 2] [] [] - [ 3] [] - [ 4] [] 1-1 2

1.3. 1-2 1-2 1.4. 3

ST ST ST ISO/IEC 15408 ST ST ST ST 1.5.2.3(1)(a)() ST ST ST ST 2011 4 1.5. 1.5.1. 1-3 4

5 1-3

1.5.2. 1-4 1-4 2 A 3 B 1.5.3. 6

1 1 7

2. 2.1. 2 (2) 1.3.1.1(2) 4.1 4.2 5 3 2 3 8

2.2. A B 2-1 2-1 14 A 9

2.2.1. 2-2 2-2 2.2.1.1. 10

2.2.1.2. 2.2.1.3. 2.2.1.4. 2004 16 9 15 CIO http://www.kantei.go.jp/jp/singi/it2/cio/dai11/11siryou2.pdf 11

1.1 N 2 1.2 12

1.2 1.1 3 8 99.5 WAN LAN WAN DMZ WAN DMZ 3 2 RAID5 13

WAN DMZ IP WAN DMZ WAN DMZ WAN DMZ DMZ WAN DMZ 14

15

16

1.1 Web Web 17

2.2.2. 1.3.1.1(2) 2-3 2-3 2.2.2.1. 2-4 18

2-4 1.1.1.5 2-5 19

2-5 2.2.2.2. 20

() 21

2.2.3. 2-6 2-6 2.3 2.3.1 2.3.2 2.3.3 2.3.4 2-6 22

IT 2.2.3.1. 2.3.1 2.3.4 1.2 1.3 1.4 23

2.2.3.2. -1 JEITA3 IT-1002 WAN LAN -1 WAN LAN WAN LAN -1-2 24

2.2.4. 2-7 2-7 4.2 2.2.4.1. 25

2.2.2 2.2.4.2. No / -1 DB DB -2 26

3. 3.1 3.2 3.3 3.4 3.1. 4 4 27

3.2 3.2. 3.2.1. -1-2 ID IC SSL 2.2.1.1 2.3.1 2.2.1 2.2.2 2.3 28

鍵 3.2.2. -1 3.2.3. -1 29

3.2.4. 5-1 IT CCRA 6 1.5.1.1(1)(f) 1.5.2.2(1)(b) 2.2.1.5 1.5.1 1.5.2.3 3.2.5. 5 2.2.1 2.2.1.5 C 3 EALISO/IEC 15408 6 CCRA C 30

3-1 No -1-1, -2 2.2.1.1(1)(a)-(b) -2-3 2.2.1.1(1)(c)2.3.4.1(1)(f) -3-1, -4, -5 2.2.1.1(1)(c)- (f)() -1-1 2.3.1.1(1)(a) -2-2, -1 2.3.1.1(3)(a)-(e) -1-6 -1 1.2.2.1(1)(a)-(i)1.2.2.1(2)(a)-(c) -1-7 -2 1.2.5.1(4)(a)-(e)1.2.5.1(5)(a)-(c) 3-2 No -1-1, -2 2.2.1.1(1)(a)-(b) -2-3 2.2.1.1(1)(c)2.3.4.1(1)(f) -3-1, -4, 2.2.1.1(1)(c)- (f)() -5-1 -1 2.3.1.1(1)(a) -2-2, 2.3.1.1(3)(a)-(e) -1-1 -6-1 1.2.2.1(1)(a)-( i), 1.2.2.1(2)(a)-(c) -1-7 -2 1.2.5.1(4)(a)-(e) 1.2.5.1(5)(a)-(c) 31

32

3.3. IT ISO/IEC 15408 CCRA ISO/IEC 15408 1.5.1.1 (1)(d) IT 1.5.2.2 (1)(b) IT 3.3.1. IT ISO/IEC 15408 33

3-3 / IC IC A a B b C c 7 3-4 TOE Target Of Evaluation TOE TOE EAL ST TOE: Target Of Evaluation 7 CC 6. 34

3.4. 35

4. http://www.nisc.go.jp/active/general/pdf/k304-101.pdf http://www.nisc.go.jp/active/general/pdf/k304-102.pdf http://www.nisc.go.jp/active/general/pdf/k304-101c.pdf http://www.nisc.go.jp/active/general/pdf/k304-102c.pdf 2006 18 3 31 http://www.kantei.go.jp/jp/singi/it2/cio/dai19/19siryou13_01.pdf ISO/IEC 15408:2005 Information Technology Security Techniques Evaluation Criteria for IT Security http://www.ipa.go.jp/security/jisec/cc/prevcc.html 2004 16 9 15 http://www.kantei.go.jp/jp/singi/it2/cio/dai11/11siryou2.pdf http://www.meti.go.jp/policy/it_policy/shiryoteikyo/setumeikai.htm JEITA3 IT-1002 http://www.jeita.or.jp/japanese/standard/list/list.asp?cateid=8&subcateid=44 CCRA Web http://www.commoncriteriaportal.org/ IT JISEC Web http://www.ipa.go.jp/security/jisec/index.html http://www.kantei.go.jp/jp/singi/it2/cio/dai15/15siryou1-2.pdf http://www.soumu.go.jp/denshijiti/denshi_kentoukai.html#a http://www.soumu.go.jp/denshijiti/pdf/060322_s10.pdf 36

http://www.kantei.go.jp/jp/singi/it2/cio/dai15/15siryou1-2.pdf 16 9 14 http://www.soumu.go.jp/gyoukan/kanri/040914_1.html IT ISO/IEC 15408 http://www.ipa.go.jp/security/jisec/index.html - http://www.ipa.go.jp/security/jisec/spd_package.html - ISO/IEC TR15446 B6. http://www.ipa.go.jp/security/ccj/documents/pp-st_guiden3374.pdf http://www.e-gov.go.jp/doc/scheme.html OS http://www.nisc.go.jp/inquiry/index.html 37

A B CIT 38

A 2.2.1 2.2.2 2.2.3 2.2.4 ST ST ST ST ST 39 DM6-07-061

ST ST 1.5.2.5(1)(a) IT 1.5.1.1(1)(f) 40 DM6-07-061

B 41

IT ST ST ST ST ST ST 42

C IT 1. IT JISEC ISO/IEC 15408 2. Common Criteria Recognition ArrangementCCRA Certificate Authorizing ParticipantsCertificate Consuming Participants ISO/IEC 15408 2006 3 10 12 22 3. EAL EALEvaluation Assurance Level EAL17 7 CCRA EAL4 43

3-1 EAL1 EAL2 EAL3 EAL4 ST EAL1, EAL2 EAL3 () ISO/IEC 15408 ISO/IEC 15408 EAL1EAL7 ISO/IEC 15408 EAL1EAL7 EAL EAL2+ 4. IT ST ST ST ST 44

5. OS DBMS 5.1. Operating System OS OS OS DAC: Discretionary Access ControlOS OS OS MACMandatory Access Control OS OS OS OS OS http://www.nisc.go.jp/inquiry/index.html 45

5.2. LAN 2 OSIOpen Systems Interconnection 46

5.3. DBMS: Database Management System DBMS DBMS DBMS 47

48

6. CCRA ISO/IEC 15408 IT Web CCRA Web The official website of the Common Criteria Project CC Web CC IT 2011 4 / / / IC/ IC IC 鍵 OCSP 49

/ IPSec VPN UNIXLinux OS OSPC / 6.1. ISO/IEC 15408 Web CC PP EAL PPProtection Profile ISO/IEC 15408 PP pdf STST pdf pdf 50

CC CC Web http://www.commoncriteriaportal.org/ CC Web Consumers Developers Experts List of Evaluated Products Web Consumers Developers Experts List of CCRA Members 6.2. ST TOE ST 6 ST 3 4 8 ST EAL 51

Web 52

Web Web Web Web - 1

1. 1.1. 1.1.1. Web PC Web Web Web 1.1 / 1.1-2

1.1.2. 1.1.2.1. Web 1.2 Web 1.2 Web 1.1.2.2. - 3

1-1 Web DMZ IP Web Web Web 2 Web Web Web Web 1.1.2.3. Web 1-2 - 4

1-2 Web LAN Web LAN Web Web - 5

1.1.3. 1.1.3.1. Web Web 1-3 Web 1-3 Web Web Web Web 1-4 FAX Web Web Web - 6

1-4 1-4 Web Web Web 1.1.3.2. Web Web 1.3 1.3 Web Web Web Web Web Web Web Web Web - 7

Web Web 1.3 Web - 8

1.1.4. Web 1-5 Web Web Web Web Web Web Web Web Web Web - 9

Web Web Web Web Web Web Web Web - 10

1.2. (NISD-K304-101 NISD-K305-101 1-6 1-6 1 2 3 4 5 6 7 Web 1-7 - 11

1-7 1 2 2 Web Web Web 3 2 2 Web Web Web 2.3.3.2(1)(b) - 12

2 2 1 Web Web 2 2 1 Web Web Web - 13

3 2 1 Web - 14

1.3. Web Web 1.3.1. JEITA3 IT-1002 16 9 14 1-8 -1 / Web 1.2 1.3.2. 2.3.4-15

1-9 -1-2 / Web Web 1.3.3. 1-10 -1-2 / Web - 16

1.4. Web 1-11 1-11 / -1 / -2 Web Web - 17

/ -3 Web Web / -4 Web Web - 18

/ -5 Web Web Web Web -2 Web Web / -6 Web Web HTML Web Web - 19

/ -7 DoS Web / -8 Web Web - 20

2. Web IT 2.1 IT 2.2 3.3 3.1 3.4 2.1. Web - 21

2.1.1. Web -1 Web ID Web Web Web Web ID IC -2 Web SSL/TLS Web Web -6 SSL/TLS SSL/TLS - 22

-3 Web OS Web Web OS Web 5-4 Web Web - 23

-5 Web SSL/TLS Web Web 鍵 Web 鍵 鍵 Web IP-VPN SSL/TLS / -6 Web Web Web Web - 24

-7 Web Web Web -8 Web Web 2.1.2. Web -1 Web Web Web - 25

2.1.3. Web -1 Web -2 Web Web -3 Web - 26

-4 Web -5 2.1.1-4 Web -6 Web -7 2.1.1-7 Web - 27

-8 Web Web Web Web -9-10 Web Web - 28

-11 Web 2.1.4. Web -1 2.2-29

2.1.5. -1-3,4,5 2.2.1.1(1)(a) -.(f)() -2-6 -3-3,4,5-1,2 2.2.1.2(1)(a) -4-3,4,5,7,8 2.2.1.4(1)(a)- (c) -5-1 2.2.1.6(1)(a) 2.3.4.1(1)(c) -6-2 2.2.2.2(1)(a) -7-3,7-8 -2,3,4,5,8-1 -1 2.3.1.1(1)(a) -1-8 1.2.2.1(1)(a)-(i), -1 (2)(a)-(d) -2-2 -3-2,3,4,5,8 2.2.1.5(1)(a) 2.3.2.3(2)(b) -4-3,4,5-1,2 2.2.1.3(1)(a) -5-3,4,5,7,8-6 -2 2.2.2.2(2)(a), (b) -7-3,7-8 -3 1.5.2.1(1)(a)(), () 2.2.2.1(1)(a) -(g) 2.3.2.3(1)(b)-(d) -9-7 2.2.2.3(1)(a)-(g),(2)(a), 2.3.2.3(2)(e) -10-8 -11-8 - 30

2.2. IT 3.3 C IT Web - 31

- 1

1. 1.1. 1.1.1. -2

- Web - - - DB -3

1.1.2. Web 1.1.2.1. IDS WWW DB AP RA -4

1.1.2.2. IP IDS WWW DB AP RA CA CA 1.1.2.3. 鍵 CRL 鍵 CA -5

1.1.3. 1.1.3.1. 1.1.4. -6

-7

1.2. -8

Web 鍵 鍵 1.2.1-9

1.3. 1.3.1 1.3.3 1.3.1. 1.3.2. -10

1.3.3. -11

1.4. 1.4.1. No ()-T1 ()-T2 ()-T3 ()-T4 ()-T5 ()-T6 Web -12

-13 Web ()-T7 ()-T8 ()-T9 ()-T10 ()-T11 ()-T12 ()-T13 ()-T14 ()-T11,T12,T13,T14 ( )-T11,T12,T13,T14

1.4.2. No ()-T1 ()-T2 ()-T3 ()-T4 ()-T5 ()-T6 ()-T7 ()-T8 ( )-T5,T6,T7,T8 ( )-T5,T6,T7,T8-14

2. IT 2.1 IT 2.2 3.3 3.1 3.4 2.1. 2.2.1. -15

2.1.1. No -1-2 -3-4 -5-6 ID ID SSL IDC VPN -16

2.1.2. No -1-2 -3 - - UPS - - - - - - - - - BIOS - 2.1.3. No -1-2 -3-17

-4-5 -18

2.1.4. 2.1.4.1. (NISD-K304-101 NISD-K305-101 No -1 ()-T1 ()-T3 ()-T8-2 ()-T4 ()-T5-3 ()-T6 ()-T7 ()-T10-19 2.2.2.3(1)(a) 2.3.2.3(1)(c) 1.5.2.1(1)(a)()2.2.4.1(1)(b)-(f) 2.3.4.2(1)(a) 2.3.4.3(1)(a)-(b) 2.2.1.1(1)(a)- (c) 2.2.1.2(1)(a)-(c),(2)(a) 2.2.1.3(1)(a)- (b) -2 2.3.2.3(2)(a)-(c) -3 2.3.1.1(1)(a)-(c) -1-2 ()-T5 ()-T7 ()-T10 ()-T6 2.2.1.4(1)(a)- (c) -4 ()-T7 ()-T10-1 -5 ()-T2 2.3.4.1(1)(f) ()-T9-6 ()-T3-1 1.5.2.8(1)(a), () -1-1 -13 -T11T14 1.2.2.1(1)(a)- (j),(2)(a)-(d) 2.2.1.4(2)(a)-(c) 2.2.2.2(2)(a)- (b) 2.2.2.3(2)(a) 1.5.2.1(1)(a)()- (b) 1.2.2.1(1)(a)-(d),(2)(a)-(b) -3 ()-T10 2.3.2.3(2)(b)-(c)

-4 ()-T1 ()-T3 1.5.2.1(1)(a)(),() 2.2.2.1(1)(a)- (g) -5 2.1.4.2. No -1 ()-T1 2.2.2.3(1)(a) 2.3.2.3(1)(c) 2.3.4.1(1)(d)-(f) 2.3.4.2(1)(a) 2.3.4.3(1)(a)-(b) -2 ()-T2 2.2.1.1(1)(a)-(c) -3 ()-T3 ()-T4-4 ()-T3 ()-T4 2.2.1.2(1)(a)-(c),(2)(a) 2.2.1.3(1)(a)-(c) 2.2.1.4(1)(a)-(c) -5 2.3.4.1(1)(f) -6 ()-T1 1.5.2.8(1)(a),(a) () -1-2 2.3.2.3(2)(a)-(c) -3 2.3.1.1(1)(a)-(c) -1-2 ()-T2 ()-T3 ()-T4 1.2.2.1(1)(a)- (j),(2)(a)-(d) 2.2.1.4(2)(a)-(c) 2.2.2.2(2)(a)- (b) 2.2.2.3(2)(a) 1.5.2.1(1)(a)()- (b) 1.2.2.1(1)(a)-(d),(2)(a)-(b) -3 ()-T4 2.3.2.3(2)(b)-(c) -4 ()-T1 1.5.2.1(1)(a)(),()4.2.1(2)(b)-(g) -5-20

-21

2.2. IT 3.3 C IT 2.1.1. -1 2.2.1. TCP/IP IP -22

(IP ) IP SNMP IP c) - -23

-24

- 1 DM6-07-1

1. 1.1. 1.1.1. PC 1.1 1.1-2 DM6-07-1

1.1.2. 1.1.2.1. (1) (1) (n) (n) 1.2 1.1.2.2. 1-1 () LAN IP LAN - 3 DM6-07-1

1.1.2.3. 1.3 1.1.3. 1-2 - 4 DM6-07-1

1.1.4. 1-3 1.2. 1.2.1. 1.2.2. - 5 DM6-07-1

1.3. 1.3.1. -1 / (NISD-K304-101 NISD-K305-101 1.3.2. -1 / WAN LAN 1.3.3. -1-2 / - 6 DM6-07-1

1.4. / -1-2 - 7 DM6-07-1

2. IT 2.1 IT 2.2 3.3 3.1 3.4 2.1. 2.1.1. -1-2 - 8 DM6-07-1

2.1.2. -1-1 2.1.3. -1-2 -3-1-1-2 - 9 DM6-07-1

2.1.4. -1 IT 2.1.5. -1-1 2.3.1.1(1)(a) -1-1 2.3.4.3(2)(a)-(b) -1-2 -2-3 -1-1 -2-2 2.2. IT - 10 DM6-07-1

3.3 C IT 2.2.1. -1-1 IT 2.2.2. -2-2 IT - 11 DM6-07-1

2026 © docsplayer.net プライバシー | 利用規約 | フィードバック