ISO_IEC TR 15443-2-2005 信息技术.安全技术.IT安全保障框架.第2部分_保障方法.pdf

标准号：ISO/IEC TR 15443-2-2005
实施状态：作废
中文名称：信息技术.安全技术.IT安全保障框架.第2部分:保障方法
英文名称：Information technology - Security techniques - A framework for IT security assurance - Part 2: Assurance methods
发布日期：2005-09
被替代标准：ISO/IEC TR 15443-2-2012
采用标准：ANSI/INCITS/ISO/IEC TR 15443-2-2009,IDT;CAN/CSA-ISO/IEC TR 15443-2-06-2006,IDT
起草单位：ISO/IEC JTC 1/SC 27
标准简介：1.1 Purpose
This part of ISO/IEC TR 15443 provides a collection of assurance methods including those not unique to ICT
security as long as they contribute to overall ICT security. It gives an overview as to their aim and describes
their features, reference and standardization aspects.
In principle, the resultant ICT security assurance is the assurance of the product, system or service in
operation. The resultant assurance is therefore the sum of the assurance increments obtained by each of the
assurance methods applied to the product, system or service during its life cycle stages. The large number of
available assurance methods makes guidance necessary as to which method to apply to a given ICT field to
gain recognized assurance.
Each item of the collection presented in this part of ISO/IEC TR 15443 is classified in an overview fashion
using the basic assurance concepts and terms developed in ISO/IEC TR 15443-1.
Using this categorization, this part of ISO/IEC TR 15443 guides the ICT professional in the selection, and
possible combination, of the assurance method(s) suitable for a given ICT security product, system, or service
and its specific environment.
1.2 Field of Application
This part of ISO/IEC TR 15443 gives guidance in a summary and overview fashion. It is suitable to obtain from
the presented collection a reduced set of applicable methods to choose from, by way of exclusion of
inappropriate methods.
The summaries are informative to provide the basics to facilitate the understanding of the analysis without
requiring the source standards.
Intended users of this part of ISO/IEC TR 15443 include the following:
1. acquirer (an individual or organization that acquires or procures a system, software product or software
service from a supplier);
2. evaluator (an individual or organization that performs an evaluation; an evaluator may, for example, be a
testing laboratory, the quality department of a software development organization, a government
organization or a user);
3. developer (an individual or organization that performs development activities, including requirements
analysis, design, and testing through acceptance during the software life cycle process);
4. maintainer (an individual or organization that performs maintenance activities);
5. supplier (an individual or organization that enters into a contract with the acquirer for the supply of a
system, software product or software service under the terms of the contract) when validating software
quality at qualification test;
6. user (an individual or organization that uses the software product to perform a specific function) when
evaluating quality of software product at acceptance test;
7. security officer or department (an individual or organization that perform a systematic examination of the
software product or software services) when evaluating software quality at qualification test.
1.3 Limitations
This part of ISO/IEC TR 15443 gives guidance in an overview fashion only. ISO/IEC TR 15443-3 provides
guidance to refine this choice for better resolution of assurance requirements enabling a review of their
comparable and synergetic properties.
The regulatory infrastructure to support verification of an assurance approach and the personnel to perform
verification is outside the scope of this part of ISO/IEC TR 15443.
文件格式：PDF
文件大小：454.05KB
文件页数：74
（以上信息更新时间为：2019-11-22）



文档语言及版本参照下方封面截图：