Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components

ISO/IEC 15408-2:2008 defines the content and presentation of the security functional requirements to be assessed in a security evaluation using ISO/IEC 15408. It contains a comprehensive catalogue of predefined security functional components that will meet most common security needs of the marketplace. These are organized using a hierarchical structure of classes, families and components, and supported by comprehensive user notes. ISO/IEC 15408-2:2008 also provides guidance on the specification of customized security requirements where no suitable predefined security functional components exist.

Technologies de l'information — Techniques de sécurité — Critères d'évaluation pour la sécurité TI — Partie 2: Composants fonctionnels de sécurité

Cette partie de l'ISO/IEC 15408 définit la structure requise et le contenu des composants fonctionnels de sécurité dans l'intérêt d'une évaluation de sécurité. Elle comporte un catalogue des composants fonctionnels qui répondront aux exigences fonctionnelles de sécurité communes à de nombreux produits TI.

General Information

Status
Withdrawn
Publication Date
18-Aug-2008
Current Stage
9599 - Withdrawal of International Standard
Completion Date
09-Aug-2022
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 15408-2:2008 - Information technology -- Security techniques -- Evaluation criteria for IT security
English language
218 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ISO/IEC 15408-2:2008 - Information technology -- Security techniques -- Evaluation criteria for IT security
English language
218 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ISO/IEC 15408-2:2008 - Technologies de l'information -- Techniques de sécurité -- Critères d'évaluation pour la sécurité TI
French language
235 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 15408-2
Third edition
2008-08-15
Corrected version
2011-06-01


Information technology — Security
techniques — Evaluation criteria for IT
security —
Part 2:
Security functional components
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 2: Composants fonctionnels de sécurité



Reference number
ISO/IEC 15408-2:2008(E)
©
ISO/IEC 2008

---------------------- Page: 1 ----------------------
ISO/IEC 15408-2:2008(E)

COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2008 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 15408-2:2008(E)
Contents Page
Foreword .xviii
Introduction.xx
1 Scope.1
2 Normative references.1
3 Terms and definitions, symbols and abbreviated terms.1
4 Overview.1
4.1 Organisation of this part of ISO/IEC 15408.1
5 Functional requirements paradigm .2
6 Security functional components.5
6.1 Overview.5
6.1.1 Class structure.5
6.1.2 Family structure.6
6.1.3 Component structure .8
6.2 Component catalogue.9
6.2.1 Component changes highlighting .10
7 Class FAU: Security audit.10
7.1 Security audit automatic response (FAU_ARP) .11
7.1.1 Family Behaviour.11
7.1.2 Component levelling .11
7.1.3 Management of FAU_ARP.1 .11
7.1.4 Audit of FAU_ARP.1 .11
7.1.5 FAU_ARP.1 Security alarms.11
7.2 Security audit data generation (FAU_GEN) .11
7.2.1 Family Behaviour.11
7.2.2 Component levelling .11
7.2.3 Management of FAU_GEN.1, FAU_GEN.2.11
7.2.4 Audit of FAU_GEN.1, FAU_GEN.2 .11
7.2.5 FAU_GEN.1 Audit data generation .12
7.2.6 FAU_GEN.2 User identity association.12
7.3 Security audit analysis (FAU_SAA) .12
7.3.1 Family Behaviour.12
7.3.2 Component levelling .12
7.3.3 Management of FAU_SAA.1 .13
7.3.4 Management of FAU_SAA.2 .13
7.3.5 Management of FAU_SAA.3 .13
7.3.6 Management of FAU_SAA.4 .13
7.3.7 Audit of FAU_SAA.1, FAU_SAA.2, FAU_SAA.3, FAU_SAA.4.13
7.3.8 FAU_SAA.1 Potential violation analysis .13
7.3.9 FAU_SAA.2 Profile based anomaly detection .14
7.3.10 FAU_SAA.3 Simple attack heuristics .14
7.3.11 FAU_SAA.4 Complex attack heuristics.15
7.4 Security audit review (FAU_SAR) .15
7.4.1 Family Behaviour.15
7.4.2 Component levelling .15
7.4.3 Management of FAU_SAR.1 .15
7.4.4 Management of FAU_SAR.2, FAU_SAR.3.15
7.4.5 Audit of FAU_SAR.1 .15
7.4.6 Audit of FAU_SAR.2 .16
7.4.7 Audit of FAU_SAR.3 .16
© ISO/IEC 2008 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 15408-2:2008(E)
7.4.8 FAU_SAR.1 Audit review.16
7.4.9 FAU_SAR.2 Restricted audit review .16
7.4.10 FAU_SAR.3 Selectable audit review .16
7.5 Security audit event selection (FAU_SEL) .16
7.5.1 Family Behaviour.16
7.5.2 Component levelling .17
7.5.3 Management of FAU_SEL.1 .17
7.5.4 Audit of FAU_SEL.1.17
7.5.5 FAU_SEL.1 Selective audit.17
7.6 Security audit event storage (FAU_STG) .17
7.6.1 Family Behaviour.17
7.6.2 Component levelling .17
7.6.3 Management of FAU_STG.1.18
7.6.4 Management of FAU_STG.2.18
7.6.5 Management of FAU_STG.3.18
7.6.6 Management of FAU_STG.4.18
7.6.7 Audit of FAU_STG.1, FAU_STG.2.18
7.6.8 Audit of FAU_STG.3.18
7.6.9 Audit of FAU_STG.4.18
7.6.10 FAU_STG.1 Protected audit trail storage .18
7.6.11 FAU_STG.2 Guarantees of audit data availability .19
7.6.12 FAU_STG.3 Action in case of possible audit data loss .19
7.6.13 FAU_STG.4 Prevention of audit data loss.19
8 Class FCO: Communication .20
8.1 Non-repudiation of origin (FCO_NRO).20
8.1.1 Family Behaviour.20
8.1.2 Component levelling .20
8.1.3 Management of FCO_NRO.1, FCO_NRO.2 .20
8.1.4 Audit of FCO_NRO.1.20
8.1.5 Audit of FCO_NRO.2.21
8.1.6 FCO_NRO.1 Selective proof of origin.21
8.1.7 FCO_NRO.2 Enforced proof of origin.21
8.2 Non-repudiation of receipt (FCO_NRR).22
8.2.1 Family Behaviour.22
8.2.2 Component levelling .22
8.2.3 Management of FCO_NRR.1, FCO_NRR.2 .22
8.2.4 Audit of FCO_NRR.1.22
8.2.5 Audit of FCO_NRR.2.22
8.2.6 FCO_NRR.1 Selective proof of receipt .22
8.2.7 FCO_NRR.2 Enforced proof of receipt .23
9 Class FCS: Cryptographic support.24
9.1 Cryptographic key management (FCS_CKM).24
9.1.1 Family Behaviour.24
9.1.2 Component levelling .24
9.1.3 Management of FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4 .25
9.1.4 Audit of FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4 .25
9.1.5 FCS_CKM.1 Cryptographic key generation .25
9.1.6 FCS_CKM.2 Cryptographic key distribution.25
9.1.7 FCS_CKM.3 Cryptographic key access.25
9.1.8 FCS_CKM.4 Cryptographic key destruction .26
9.2 Cryptographic operation (FCS_COP) .26
9.2.1 Family Behaviour.26
9.2.2 Component levelling .26
9.2.3 Management of FCS_COP.1 .26
9.2.4 Audit of FCS_COP.1 .26
9.2.5 FCS_COP.1 Cryptographic operation.27
10 Class FDP: User data protection.27
10.1 Access control policy (FDP_ACC) .29
iv © ISO/IEC 2008 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 15408-2:2008(E)
10.1.1 Family Behaviour.29
10.1.2 Component levelling .30
10.1.3 Management of FDP_ACC.1, FDP_ACC.2.30
10.1.4 Audit of FDP_ACC.1, FDP_ACC.2.30
10.1.5 FDP_ACC.1 Subset access control .30
10.1.6 FDP_ACC.2 Complete access control.30
10.2 Access control functions (FDP_ACF) .30
10.2.1 Family Behaviour.30
10.2.2 Component levelling .30
10.2.3 Management of FDP_ACF.1 .31
10.2.4 Audit of FDP_ACF.1 .31
10.2.5 FDP_ACF.1 Security attribute based access control .31
10.3 Data authentication (FDP_DAU).32
10.3.1 Family Behaviour.32
10.3.2 Component levelling .32
10.3.3 Management of FDP_DAU.1, FDP_DAU.2.32
10.3.4 Audit of FDP_DAU.1 .32
10.3.5 Audit of FDP_DAU.2 .32
10.3.6 FDP_DAU.1 Basic Data Authentication.32
10.3.7 FDP_DAU.2 Data Authentication with Identity of Guarantor .33
10.4 Export from the TOE (FDP_ETC) .33
10.4.1 Family Behaviour.33
10.4.2 Component levelling .33
10.4.3 Management of FDP_ETC.1.33
10.4.4 Management of FDP_ETC.2.33
10.4.5 Audit of FDP_ETC.1, FDP_ETC.2 .33
10.4.6 FDP_ETC.1 Export of user data without security attributes.34
10.4.7 FDP_ETC.2 Export of user data with security attributes.34
10.5 Information flow control policy (FDP_IFC) .34
10.5.1 Family Behaviour.34
10.5.2 Component levelling .35
10.5.3 Management of FDP_IFC.1, FDP_IFC.2 .35
10.5.4 Audit of FDP_IFC.1, FDP_IFC.2.35
10.5.5 FDP_IFC.1 Subset information flow control .35
10.5.6 FDP_IFC.2 Complete information flow control.35
10.6 Information flow control functions (FDP_IFF).35
10.6.1 Family Behaviour.35
10.6.2 Component levelling .36
10.6.3 Management of FDP_IFF.1, FDP_IFF.2.36
10.6.4 Management of FDP_IFF.3, FDP_IFF.4, FDP_IFF.5 .36
10.6.5 Management of FDP_IFF.6.36
10.6.6 Audit of FDP_IFF.1, FDP_IFF.2, FDP_IFF.5.36
10.6.7 Audit of FDP_IFF.3, FDP_IFF.4, FDP_IFF.6.37
10.6.8 FDP_IFF.1 Simple security attributes.37
10.6.9 FDP_IFF.2 Hierarchical security attributes.37
10.6.10 FDP_IFF.3 Limited illicit information flows.38
10.6.11 FDP_IFF.4 Partial elimination of illicit information flows.39
10.6.12 FDP_IFF.5 No illicit information flows.39
10.6.13 FDP_IFF.6 Illicit information flow monitoring.39
10.7 Import from outside of the TOE (FDP_ITC).39
10.7.1 Family Behaviour.39
10.7.2 Component levelling .39
10.7.3 Management of FDP_ITC.1, FDP_ITC.2.40
10.7.4 Audit of FDP_ITC.1, FDP_ITC.2.40
10.7.5 FDP_ITC.1 Import of user data without security attributes.40
10.7.6 FDP_ITC.2 Import of user data with security attributes .40
10.8 Internal TOE transfer (FDP_ITT).41
10.8.1 Family Behaviour.41
10.8.2 Component levelling .41
10.8.3 Management of FDP_ITT.1, FDP_ITT.2.41
© ISO/IEC 2008 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 15408-2:2008(E)
10.8.4 Management of FDP_ITT.3, FDP_ITT.4 .42
10.8.5 Audit of FDP_ITT.1, FDP_ITT.2.42
10.8.6 Audit of FDP_ITT.3, FDP_ITT.4.42
10.8.7 FDP_ITT.1 Basic internal transfer protection .42
10.8.8 FDP_ITT.2 Transmission separation by attribute.42
10.8.9 FDP_ITT.3 Integrity monitoring .43
10.8.10 FDP_ITT.4 Attribute-based integrity monitoring .43
10.9 Residual information protection (FDP_RIP).43
10.9.1 Family Behaviour.43
10.9.2 Component levelling .44
10.9.3 Management of FDP_RIP.1, FDP_RIP.2.44
10.9.4 Audit of FDP_RIP.1, FDP_RIP.2.44
10.9.5 FDP_RIP.1 Subset residual information protection .44
10.9.6 FDP_RIP.2 Full residual information protection.44
10.10 Rollback (FDP_ROL).44
10.10.1 Family Behaviour.44
10.10.2 Component levelling .44
10.10.3 Management of FDP_ROL.1, FDP_ROL.2.45
10.10.4 Audit of FDP_ROL.1, FDP_ROL.2.45
10.10.5 FDP_ROL.1 Basic rollback.45
10.10.6 FDP_ROL.2 Advanced rollback.45
10.11 Stored data integrity (FDP_SDI) .46
10.11.1 Family Behaviour.46
10.11.2 Component levelling .46
10.11.3 Management of FDP_SDI.1 .46
10.11.4 Management of FDP_SDI.2 .46
10.11.5 Audit of FDP_SDI.1 .46
10.11.6 Audit of FDP_SDI.2 .46
10.11.7 FDP_SDI.1 Stored data integrity monitoring.46
10.11.8 FDP_SDI.2 Stored data integri
...

INTERNATIONAL ISO/IEC
STANDARD 15408-2
Third edition
2008-08-15

Information technology — Security
techniques — Evaluation criteria for IT
security —
Part 2:
Security functional components
Technologies de l'information — Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 2: Composants fonctionnels de sécurité




Reference number
ISO/IEC 15408-2:2008(E)
©
ISO/IEC 2008

---------------------- Page: 1 ----------------------
ISO/IEC 15408-2:2008(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2008 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 15408-2:2008(E)


Contents Page

1 Scope . 1

2 Normative references . 1

3 Terms and definitions, symbols and abbreviated terms . 1

4 Overview . 1
4.1 Organisation of this part of ISO/IEC 15408 . 1

5 Functional requirements paradigm . 2

6 Security functional components . 5
6.1 Overview . 5

6.1.1 Class structure . 5
6.1.2 Family structure . 6
6.1.3 Component structure . 7
6.2 Component catalogue . 9
6.2.1 Component changes highlighting . 10
7 Class FAU: Security audit. 10

7.1 Security audit automatic response (FAU_ARP) . 11
7.1.1 Family Behaviour . 11

7.1.2 Component levelling . 11
7.1.3 Management of FAU_ARP.1 . 11

7.1.4 Audit of FAU_ARP.1 . 11
7.1.5 FAU_ARP.1 Security alarms . 11

7.2 Security audit data generation (FAU_GEN) . 11
7.2.1 Family Behaviour . 11

7.2.2 Component levelling . 11
7.2.3 Management of FAU_GEN.1, FAU_GEN.2 . 11

7.2.4 Audit of FAU_GEN.1, FAU_GEN.2 . 11
7.2.5 FAU_GEN.1 Audit data generation . 12

7.2.6 FAU_GEN.2 User identity association . 12
7.3 Security audit analysis (FAU_SAA) . 12

7.3.1 Family Behaviour . 12
7.3.2 Component levelling . 12

7.3.3 Management of FAU_SAA.1 . 13
7.3.4 Management of FAU_SAA.2 . 13

7.3.5 Management of FAU_SAA.3 . 13
7.3.6 Management of FAU_SAA.4 . 13
7.3.7 Audit of FAU_SAA.1, FAU_SAA.2, FAU_SAA.3, FAU_SAA.4. 13
7.3.8 FAU_SAA.1 Potential violation analysis . 13
7.3.9 FAU_SAA.2 Profile based anomaly detection . 14
7.3.10 FAU_SAA.3 Simple attack heuristics . 14
7.3.11 FAU_SAA.4 Complex attack heuristics . 15

7.4 Security audit review (FAU_SAR) . 15
7.4.1 Family Behaviour . 15

7.4.2 Component levelling . 15
7.4.3 Management of FAU_SAR.1 . 15

7.4.4 Management of FAU_SAR.2, FAU_SAR.3 . 15
7.4.5 Audit of FAU_SAR.1 . 15

7.4.6 Audit of FAU_SAR.2 . 16
7.4.7 Audit of FAU_SAR.3 . 16

7.4.8 FAU_SAR.1 Audit review . 16
7.4.9 FAU_SAR.2 Restricted audit review . 16

7.4.10 FAU_SAR.3 Selectable audit review . 16
7.5 Security audit event selection (FAU_SEL) . 17

© ISO/IEC 2008 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 15408-2:2008(E)
7.5.1 Family Behaviour . 17
7.5.2 Component levelling . 17
7.5.3 Management of FAU_SEL.1 . 17

7.5.4 Audit of FAU_SEL.1 . 17
7.5.5 FAU_SEL.1 Selective audit . 17

7.6 Security audit event storage (FAU_STG) . 17
7.6.1 Family Behaviour . 17

7.6.2 Component levelling . 17
7.6.3 Management of FAU_STG.1 . 18

7.6.4 Management of FAU_STG.2 . 18
7.6.5 Management of FAU_STG.3 . 18

7.6.6 Management of FAU_STG.4 . 18
7.6.7 Audit of FAU_STG.1, FAU_STG.2 . 18

7.6.8 Audit of FAU_STG.3. 18
7.6.9 Audit of FAU_STG.4. 18

7.6.10 FAU_STG.1 Protected audit trail storage . 18
7.6.11 FAU_STG.2 Guarantees of audit data availability . 19

7.6.12 FAU_STG.3 Action in case of possible audit data loss . 19
7.6.13 FAU_STG.4 Prevention of audit data loss . 19

8 Class FCO: Communication . 19

8.1 Non-repudiation of origin (FCO_NRO). 20
8.1.1 Family Behaviour . 20
8.1.2 Component levelling . 20
8.1.3 Management of FCO_NRO.1, FCO_NRO.2 . 20
8.1.4 Audit of FCO_NRO.1 . 20
8.1.5 Audit of FCO_NRO.2 . 20
8.1.6 FCO_NRO.1 Selective proof of origin . 20

8.1.7 FCO_NRO.2 Enforced proof of origin . 21
8.2 Non-repudiation of receipt (FCO_NRR) . 21

8.2.1 Family Behaviour . 21
8.2.2 Component levelling . 21

8.2.3 Management of FCO_NRR.1, FCO_NRR.2 . 21
8.2.4 Audit of FCO_NRR.1 . 22

8.2.5 Audit of FCO_NRR.2 . 22
8.2.6 FCO_NRR.1 Selective proof of receipt . 22

8.2.7 FCO_NRR.2 Enforced proof of receipt . 22

9 Class FCS: Cryptographic support . 23
9.1 Cryptographic key management (FCS_CKM) . 23

9.1.1 Family Behaviour . 23
9.1.2 Component levelling . 23

9.1.3 Management of FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4 . 24
9.1.4 Audit of FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4 . 24

9.1.5 FCS_CKM.1 Cryptographic key generation . 24
9.1.6 FCS_CKM.2 Cryptographic key distribution . 24

9.1.7 FCS_CKM.3 Cryptographic key access . 25
9.1.8 FCS_CKM.4 Cryptographic key destruction . 25
9.2 Cryptographic operation (FCS_COP) . 25
9.2.1 Family Behaviour . 25
9.2.2 Component levelling . 25
9.2.3 Management of FCS_COP.1 . 25
9.2.4 Audit of FCS_COP.1 . 26

9.2.5 FCS_COP.1 Cryptographic operation . 26

10 Class FDP: User data protection . 26
10.1 Access control policy (FDP_ACC) . 28

10.1.1 Family Behaviour . 28
10.1.2 Component levelling . 29

10.1.3 Management of FDP_ACC.1, FDP_ACC.2 . 29
10.1.4 Audit of FDP_ACC.1, FDP_ACC.2 . 29

iv © ISO/IEC 2008 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 15408-2:2008(E)
10 .1.5 FDP_ACC.1 Subset access control . 29
10.1.6 FDP_ACC.2 Complete access control . 29
10.2 Access control functions (FDP_ACF) . 29

10.2.1 Family Behaviour . 29
10.2.2 Component levelling . 29

10.2.3 Management of FDP_ACF.1 . 30
10.2.4 Audit of FDP_ACF.1 . 30

10.2.5 FDP_ACF.1 Security attribute based access control . 30
10.3 Data authentication (FDP_DAU) . 31

10.3.1 Family Behaviour . 31
10.3.2 Component levelling . 31

10.3.3 Management of FDP_DAU.1, FDP_DAU.2 . 31
10.3.4 Audit of FDP_DAU.1 . 31

10.3.5 Audit of FDP_DAU.2 . 31
10.3.6 FDP_DAU.1 Basic Data Authentication . 31

10.3.7 FDP_DAU.2 Data Authentication with Identity of Guarantor . 32
10.4 Export from the TOE (FDP_ETC) . 32

10.4.1 Family Behaviour . 32
10.4.2 Component levelling . 32

10.4.3 Management of FDP_ETC.1 . 32
10.4.4 Management of FDP_ETC.2 . 32

10.4.5 Audit of FDP_ETC.1, FDP_ETC.2 . 32
10.4.6 FDP_ETC.1 Export of user data without security attributes . 33

10.4.7 FDP_ETC.2 Export of user data with security attributes . 33
10.5 Information flow control policy (FDP_IFC) . 33

10.5.1 Family Behaviour . 33
10.5.2 Component levelling . 34

10.5.3 Management of FDP_IFC.1, FDP_IFC.2 . 34
10.5.4 Audit of FDP_IFC.1, FDP_IFC.2 . 34

10.5.5 FDP_IFC.1 Subset information flow control . 34
10.5.6 FDP_IFC.2 Complete information flow control . 34

10.6 Information flow control functions (FDP_IFF) . 34
10.6.1 Family Behaviour . 34

10.6.2 Component levelling . 35
10.6.3 Management of FDP_IFF.1, FDP_IFF.2 . 35

10.6.4 Management of FDP_IFF.3, FDP_IFF.4, FDP_IFF.5 . 35
10.6.5 Management of FDP_IFF.6. 35

10.6.6 Audit of FDP_IFF.1, FDP_IFF.2, FDP_IFF.5 . 35
10.6.7 Audit of FDP_IFF.3, FDP_IFF.4, FDP_IFF.6 . 36

10.6.8 FDP_IFF.1 Simple security attributes . 36
10.6.9 FDP_IFF.2 Hierarchical security attributes . 36

10.6.10 FDP_IFF.3 Limited illicit information flows . 37
10.6.11 FDP_IFF.4 Partial elimination of illicit information flows . 38

10.6.12 FDP_IFF.5 No illicit information flows . 38
10.6.13 FDP_IFF.6 Illicit information flow monitoring . 38

10.7 Import from outside of the TOE (FDP_ITC) . 38
10.7.1 Family Behaviour . 38
10 .7.2 Component levelling . 38
10.7.3 Management of FDP_ITC.1, FDP_ITC.2 . 38
10 .7.4 Audit of FDP_ITC.1, FDP_ITC.2 . 39
10.7.5 FDP_ITC.1 Import of user data without security attributes . 39
10.7.6 FDP_ITC.2 Import of user data with security attributes . 39

10.8 Internal TOE transfer (FDP_ITT) . 40
10.8.1 Family Behaviour . 40

10.8.2 Component levelling . 40
10.8.3 Management of FDP_ITT.1, FDP_ITT.2 . 40

10.8.4 Management of FDP_ITT.3, FDP_ITT.4 . 40
10.8.5 Audit of FDP_ITT.1, FDP_ITT.2 . 41

10.8.6 Audit of FDP_ITT.3, FDP_ITT.4 . 41
10.8.7 FDP_ITT.1 Basic internal transfer protection . 41

© ISO/IEC 2008 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 15408-2:2008(E)
10.8.8 FDP_ITT.2 Transmission separation by attribute . 41
10.8.9 FDP_ITT.3 Integrity monitoring . 42
10.8.10 FDP_ITT.4 Attribute-based integrity monitoring . 42

10.9 Residual information protection (FDP_RIP) . 42
10.9.1 Family Behaviour . 42

10.9.2 Component levelling . 42
10.9.3 Management of FDP_RIP.1, FDP_RIP.2 . 43

10.9.4 Audit of FDP_RIP.1, FDP_RIP.2 . 43
10.9.5 FDP_RIP.1 Subset residual information protection . 43

10.9.6 FDP_RIP.2 Full residual information protection . 43
10.10 Rollback (FDP_ROL) . 43

10.10.1 Family Behaviour . 43
10.10.2 Component levelling . 43

10.10.3 Management of FDP_ROL.1, FDP_ROL.2 . 43
10.10.4 Audit of FDP_ROL.1, FDP_ROL.2 . 44

10.10.5 FDP_ROL.1 Basic rollback . 44
10.10.6 FDP_ROL.2 Advanced rollback . 44

10.11 Stored data integrity (FDP_SDI) . 44
10.11.1 Family Behaviour . 44

10.11
...

NORME ISO/IEC
INTERNATIONALE 15408-2
Troisième édition
2008-08-15
Technologies de l'information —
Techniques de sécurité — Critères
d'évaluation pour la sécurité TI —
Partie 2:
Composants fonctionnels de sécurité
Information technology — Security techniques — Evaluation criteria
for IT security —
Part 2: Security functional components
Numéro de référence
ISO/IEC 15408-2:2008(F)
© ISO/IEC 2008

---------------------- Page: 1 ----------------------
ISO/IEC 15408-2:2008(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/IEC 2008
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
Fax: +41 22 749 09 47
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii
  © ISO/IEC 2008 – Tous droits réservés

---------------------- Page: 2 ----------------------
ISO/IEC 15408-2:2008(F)
Sommaire Page
Avant-propos . xv
Introduction . xvii
1 Domaine d'application .1
2 Références normatives .1
3 Termes, définitions, symboles et abréviations . 1
4 Vue d'ensemble . 1
4.1 Organisation de la présente partie de l'ISO/IEC 15408 . 1
5 Modèle d'exigences fonctionnelles . 2
6 Composants fonctionnels de sécurité . 6
6.1 Vue d'ensemble . 6
6.1.1 Structure des classes . 6
6.1.2 Structure d'une famille . 6
6.1.3 Structure d'un composant . 8
6.2 Catalogue de composants . 10
6.2.1 Mise en évidence des changements de composants . 11
7 Classe FAU: Audit de sécurité . .11
7.1 Réponse automatique de l'audit de sécurité (FAU_ARP). 11
7.1.1 Comportement de la famille . 11
7.1.2 Classement des composants .12
7.1.3 Gestion de FAU_ARP.1 .12
7.1.4 Audit de FAU_ARP.1.12
7.1.5 FAU_ARP.1 Alarmes de sécurité .12
7.2 Génération de données de l'audit de sécurité (FAU_GEN).12
7.2.1 Comportement de la famille .12
7.2.2 Classement des composants .12
7.2.3 Gestion de FAU_GEN.1, FAU_GEN.2 .12
7.2.4 Audit de FAU_GEN.1, FAU_GEN.2 .12
7.2.5 FAU_GEN.1 Génération de données d'audit .12
7.2.6 FAU_GEN.2 Lien avec l'identité de l'utilisateur .13
7.3 Analyse de l'audit de sécurité (FAU_SAA) . 13
7.3.1 Comportement de la famille . 13
7.3.2 Classement des composants . 13
7.3.3 Gestion de FAU_SAA.1 . . 14
7.3.4 Gestion de FAU_SAA.2 . 14
7.3.5 Gestion de FAU_SAA.3 . 14
7.3.6 Gestion de FAU_SAA.4 . 14
7.3.7 Audit de FAU_SAA.1, FAU_SAA.2, FAU_SAA.3, FAU_SAA.4 . 14
7.3.8 FAU_SAA.1 Analyse de violation potentielle . 14
7.3.9 FAU_SAA.2 Détection d'anomalie basée sur un profil . 15
7.3.10 FAU_SAA.3 Heuristique des attaques simples . 15
7.3.11 FAU_SAA.4 Heuristique des attaques complexes . 16
7.4 Revue de l'audit de sécurité (FAU_SAR) . 16
7.4.1 Comportement de la famille . 16
7.4.2 Classement des composants . 16
7.4.3 Gestion de FAU_SAR.1 . 16
7.4.4 Gestion de FAU_SAR.2, FAU_SAR.3 . 17
7.4.5 Audit de FAU_SAR.1 . 17
7.4.6 Audit de FAU_SAR.2 . 17
7.4.7 Audit de FAU_SAR.3 . 17
7.4.8 FAU_SAR.1 Revue d'audit . 17
7.4.9 FAU_SAR.2 Revue d'audit restreinte . . 17
7.4.10 FAU_SAR.3 Revue d'audit sélective . 17
iii
© ISO/IEC 2008 – Tous droits réservés

---------------------- Page: 3 ----------------------
ISO/IEC 15408-2:2008(F)
7.5 Sélection des événements de l'audit de sécurité (FAU_SEL) . 18
7.5.1 Comportement de la famille . 18
7.5.2 Classement des composants . 18
7.5.3 Gestion de FAU_SEL.1 . 18
7.5.4 Audit de FAU_SEL.1 . 18
7.5.5 FAU_SEL.1 Audit sélectif . 18
7.6 Stockage d'événements de l'audit de sécurité (FAU_STG) . 18
7.6.1 Comportement de la famille . 18
7.6.2 Classement des composants . 19
7.6.3 Gestion de FAU_STG.1 . 19
7.6.4 Gestion de FAU_STG.2 . 19
7.6.5 Gestion de FAU_STG.3 . 19
7.6.6 Gestion de FAU_STG.4 . 19
7.6.7 Audit de FAU_STG.1, FAU_STG.2 . 19
7.6.8 Audit de FAU_STG.3. 19
7.6.9 Audit de FAU_STG.4 . 19
7.6.10 FAU_STG.1 Stockage protégé de la trace d'audit . 20
7.6.11 FAU_STG.2 Garanties de disponibilité des données d'audit .20
7.6.12 FAU_STG.3 Action en cas de perte possible de données d'audit .20
7.6.13 FAU_STG.4 Prévention des pertes de données d'audit . 20
8 Classe FCO: Communication .21
8.1 Non-répudiation de l'origine (FCO_NRO) . 21
8.1.1 Comportement de la famille . 21
8.1.2 Classement des composants . 21
8.1.3 Gestion de FCO_NRO.1, FCO_NRO.2 . 21
8.1.4 Audit de FCO_NRO.1 . . 21
8.1.5 Audit de FCO_NRO.2 .22
8.1.6 FCO_NRO.1 Preuve sélective de l'origine . 22
8.1.7 FCO_NRO.2 Preuve systématique de l'origine .22
8.2 Non-répudiation de la réception (FCO_NRR) . 23
8.2.1 Comportement de la famille . 23
8.2.2 Classement des composants . 23
8.2.3 Gestion de FCO_NRR.1, FCO_NRR.2 . 23
8.2.4 Audit de FCO_NRR.1 . 23
8.2.5 Audit de FCO_NRR.2 . 23
8.2.6 FCO_NRR.1 Preuve sélective de la réception. 23
8.2.7 FCO_NRR.2 Preuve systématique de la réception . 24
9 Classe FCS: Support cryptographique .24
9.1 Gestion de clés cryptographiques (FCS_CKM) . 25
9.1.1 Comportement de la famille . 25
9.1.2 Classement des composants . 25
9.1.3 Gestion de FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4.25
9.1.4 Audit de FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4 .26
9.1.5 FCS_CKM.1 Génération de clés cryptographiques . 26
9.1.6 FCS_CKM.2 Distribution de clés cryptographiques . 26
9.1.7 FCS_CKM.3 Accès aux clés cryptographiques . 26
9.1.8 FCS_CKM.4 Destruction de clés cryptographiques . 27
9.2 Opération cryptographique (FCS_COP) . 27
9.2.1 Comportement de la famille . 27
9.2.2 Classement des composants . 27
9.2.3 Gestion de FCS_COP.1 . 27
9.2.4 Audit de FCS_COP.1 . 27
9.2.5 FCS_COP.1 Opération cryptographique .28
10 Classe FDP: Protection des données utilisateur .28
10.1 Politique de contrôle d'accès (FDP_ACC) .30
10.1.1 Comportement de la famille .30
10.1.2 Classement des composants . 31
iv
  © ISO/IEC 2008 – Tous droits réservés

---------------------- Page: 4 ----------------------
ISO/IEC 15408-2:2008(F)
10.1.3 Gestion de FDP_ACC.1, FDP_ACC.2 . 31
10.1.4 Audit de FDP_ACC.1, FDP_ACC.2 . 31
10.1.5 FDP_ACC.1 Contrôle d'accès partiel . 31
10.1.6 FDP_ACC.2 Contrôle d'accès complet . 31
10.2 Fonctions de contrôle d'accès (FDP_ACF) . 31
10.2.1 Comportement de la famille . 31
10.2.2 Classement des composants . 32
10.2.3 Gestion de FDP_ACF.1 . 32
10.2.4 Audit de FDP_ACF.1 . 32
10.2.5 FDP_ACF.1 Contrôle d'accès basé sur les attributs de sécurité . 32
10.3 Authentification de données (FDP_DAU) . 33
10.3.1 Comportement de la famille . 33
10.3.2 Classement des composants . 33
10.3.3 Gestion de FDP_DAU.1, FDP_DAU.2 . 33
10.3.4 Audit de FDP_DAU.1 . 33
10.3.5 Audit de FDP_DAU.2 .33
10.3.6 FDP_DAU.1 Authentification de données élémentaire . 33
10.3.7 FDP_DAU.2 Authentification de données avec identité du garant .34
10.4 Exportation depuis la TOE (FDP_ETC) .34
10.4.1 Comportement de la famille .34
10.4.2 Classement des composants .34
10.4.3 Gestion de FDP_ETC.1 .34
10.4.4 Gestion de FDP_ETC.2 .34
10.4.5 Audit de FDP_ETC.1, FDP_ETC.2 . 35
10.4.6 FDP_ETC.1 Exportation de données de l'utilisateur sans attributs de
sécurité . 35
10.4.7 FDP_ETC.2 Exportation de données de l'utilisateur avec attributs de
sécurité . 35
10.5 Politique de contrôle de flux d'information (FDP_IFC) .36
10.5.1 Comportement de la famille . 36
10.5.2 Classement des composants . 36
10.5.3 Gestion de FDP_IFC.1, FDP_IFC.2 .36
10.5.4 Audit de FDP_IFC.1, FDP_IFC.2 . .36
10.5.5 FDP_IFC.1 Contrôle de flux d'information partiel .36
10.5.6 FDP_IFC.2 Contrôle de flux d'information complet. 37
10.6 Fonctions de contrôle de flux d'information (FDP_IFF). 37
10.6.1 Comportement de la famille . 37
10.6.2 Classement des composants . 37
10.6.3 Gestion de FDP_IFF.1, FDP_IFF.2 .38
10.6.4 Gestion de FDP_IFF.3, FDP_IFF.4, FDP_IFF.5 .38
10.6.5 Gestion de FDP_IFF.6 .38
10.6.6 Audit de FDP_IFF.1, FDP_IFF.2, FDP_IFF.5 .38
10.6.7 Audit de FDP_IFF.3, FDP_IFF.4, FDP_IFF.6 .38
10.6.8 FDP_IFF.1 Attributs de sécurité simples .38
10.6.9 FDP_IFF.2 Attributs de sécurité hiérarchiques .39
10.6.10 .
FDP_IFF.3 Flux d'information illicites limités .40
10.6.11 .
FDP_IFF.4 Élimination partielle des flux d'information illicites .40
10.6.12 .
FDP_IFF.5 Aucun flux d'information illicite . 41
10.6.13 .
FDP_IFF.6 Contrôle des flux d'information illicites . 41
10.7 Importation depuis une zone hors du contrôle de la TSF (FDP_ITC) . 41
10.7.1 Comportement de la famille . 41
10.7.2 Classement des composants . 41
10.7.3 Gestion de FDP_ITC.1, FDP_ITC.2 . 41
10.7.4 Audit de FDP_ITC.1, FDP_ITC.2 . 41
v
© ISO/IEC 2008 – Tous droits réservés

---------------------- Page: 5 ----------------------
ISO/IEC 15408-2:2008(F)
10.7.5 FDP_ITC.1 Importation de données de l'utilisateur sans attributs de sécurité . 42
10.7.6 FDP_ITC.2 Importation de données de l'utilisateur avec attributs de sécurité . 42
10.8 Transfert interne à la TOE (FDP_ITT) . 43
10.8.1 Comportement de la famille . 43
10.8.2 Classement des composants . 43
10.8.3 Gestion de FDP_ITT.1, FDP_ITT.2. 43
10.8.4 Gestion de FDP_ITT.3, FDP_ITT.4 . 43
10.8.5 Audit de FDP_ITT.1, FDP_ITT.2 .44
10.8.6 Audit de FDP_ITT.3, FDP_ITT.4 .44
10.8.7 FDP_ITT.1 Protection élémentaire d'un transfert interne .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.