British Standards Institution

Source:: ISO/IEC
Committee:: IST/33/3 - Security Evaluation, Testing and Specification
Categories:
Number of comments:: 0

Scope

This document provides packages of security assurance and security functional requirements that have been identified as useful in support of common usage by stakeholders.

EXAMPLE 1

Examples of provided packages include the evaluation assurance levels (EAL) and the composed assurance packages (CAPs).

This document presents:

— Evaluation assurance levels (EAL) (see Clause 4) family of packages that specify pre-defined sets of security assurance components that may be referenced in PPs and STs and which specify appropriate security assurances to be provided during an evaluation of a target of evaluation (TOE);

— Composed assurance packages (CAP) (see Clause 5) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during an evaluation of composed TOEs;

— Composite product packages (COMP) (see Clause 6) family of packages that specifies a set of security assurance components used for specifying appropriate security assurances to be provided during an evaluation of a composite product TOEs;

— Protection profile assurances (PPA) (see Clause 7) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during a protection profile evaluation;

— Security target assurances (STA) (see Clause 8) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during a security target evaluation.

The users of this document can include consumers, developers, and evaluators of secure IT products.

Comment on proposal

Required form fields are indicated by an asterisk (*) character.

How important do you think standardization is in this area? *

Do you agree that a standard on this subject is feasible?: *

Please give reasons for your selections above: *

Would you or your organization use the standard? *

Would you or your organization be prepared to participate in the development of the standard or to comment on the draft when it is available? *

Are you aware of any regulation, existing standards and other good practice information in this area in the UK (e.g. Industry codes of practice; company specifications, international or European Standards)? *

Would the development of a standard(s) in this area have a particular impact/relevance to SME, consumer, environmental or societal interests? *

Are you aware of any other organizations to which this proposal may be relevant? If so please provide details below. *

Additional comments on the scope or proposal:

Although BSI will not usually enter into correspondence regarding individual comments or suggestions we may wish to contact you to seek further clarification. Please indicate whether this will be acceptable: *

Discard

Please email further comments to: debbie.stead@bsigroup.com

Standard timeline

1. Proposal (Complete)

Proposal start date:

2. Draft (Complete)

Draft start date:

21/06/2024

3. Public Comments

Public Comments start date:

19/08/2024

Public Comments end date:

12/10/2024

Learn more about the standards development process

Standards Development

BS EN ISO/IEC 15408-5 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 5: Pre-defined packages of security requirements

Scope

Comment on proposal

Discard changes?

Submit comment

Submit comment

Follow standard

Unfollow standard

Error