Rechercher

This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that meets the common security functionality requirements of many IT products.

This document provides packages of security assurance and security functional requirements that have been identified as useful in support of common usage by stakeholders. EXAMPLE        Examples of provided packages include the evaluation assurance levels (EAL) and the composed assurance packages (CAPs). This document presents: —    evaluation assurance level (EAL) family of packages that specify…

This document establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is meant to be used as the basis for evaluation of security properties of IT products. This document provides an overview of all parts of the ISO/IEC 15408 series. It describes the various parts of the…

This document: ·       defines terms for identity management and specifies core concepts of identity and identity management, and their relationships, ·       is applicable to any information system where information relating to identity is processed or stored, ·       has been given the status of a horizontal document, as it applies concepts such as distinguishing the term “identity” from the…

This document defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC 15408 series.

This document provides an approach that support stakeholders in a supply chain to accomplish a chain of trust regarding properties of identifiable material goods along a supply chain. This document gives guidance on the identification of trust domains and their corresponding trustworthiness attributes, and the measures to achieve the targeted trustworthiness attributes. As a supply chain…

This document: •       provides guidelines for the implementation of systems for the management of identity information, and •       specifies requirements for the implementation and operation of a framework for identity management. This document is applicable to any information system where information relating to identity is processed or stored." to “This document: ·       provides…

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006. It is primarily intended to support the accreditation of certification bodies providing PIMS certification. The…

ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing: - additional implementation guidance for relevant controls specified in ISO/IEC 27002; - additional controls with implementation guidance that specifically relate to cloud services. This Recommendation | International Standard provides controls and…