{"id":451463,"date":"2024-10-20T09:17:58","date_gmt":"2024-10-20T09:17:58","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-iso-iec-15408-32023\/"},"modified":"2024-10-26T17:20:09","modified_gmt":"2024-10-26T17:20:09","slug":"bs-en-iso-iec-15408-32023","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-iso-iec-15408-32023\/","title":{"rendered":"BS EN ISO\/IEC 15408-3:2023"},"content":{"rendered":"

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
2<\/td>\nundefined <\/td>\n<\/tr>\n
20<\/td>\n5.1 General
5.2 ISO\/IEC 15408 series approach
5.3 Assurance approach
5.3.1 General
5.3.2 Significance of vulnerabilities <\/td>\n<\/tr>\n
21<\/td>\n5.3.3 Cause of vulnerabilities
5.3.4 ISO\/IEC 15408 series assurance
5.3.5 Assurance through evaluation <\/td>\n<\/tr>\n
22<\/td>\n5.4 ISO\/IEC 15408 series evaluation assurance scale
6.1 General
6.2 Assurance class structure
6.2.1 General
6.2.2 Class name
6.2.3 Class introduction <\/td>\n<\/tr>\n
23<\/td>\n6.2.4 Assurance families
6.3 Assurance family structure
6.3.1 Family name
6.3.2 Objectives <\/td>\n<\/tr>\n
24<\/td>\n6.3.3 Component levelling
6.3.4 Application notes
6.3.5 Assurance components
6.4 Assurance component structure
6.4.1 General <\/td>\n<\/tr>\n
25<\/td>\n6.4.2 Component identification
6.4.3 Objectives
6.4.4 Application notes
6.4.5 Dependencies
6.4.6 Assurance elements <\/td>\n<\/tr>\n
26<\/td>\n6.5 Assurance elements
6.6 Component taxonomy
7.1 General <\/td>\n<\/tr>\n
27<\/td>\n7.2 PP introduction (APE_INT)
7.2.1 Objectives
7.2.2 APE_INT.1 PP introduction <\/td>\n<\/tr>\n
28<\/td>\n7.3 Conformance claims (APE_CCL)
7.3.1 Objectives
7.3.2 APE_CCL.1 Conformance claims <\/td>\n<\/tr>\n
30<\/td>\n7.4 Security problem definition (APE_SPD)
7.4.1 Objectives
7.4.2 APE_SPD.1 Security problem definition
7.5 Security objectives (APE_OBJ)
7.5.1 Objectives <\/td>\n<\/tr>\n
31<\/td>\n7.5.2 Component levelling
7.5.3 APE_OBJ.1 Security objectives for the operational environment
7.5.4 APE_OBJ.2 Security objectives <\/td>\n<\/tr>\n
32<\/td>\n7.6 Extended components definition (APE_ECD)
7.6.1 Objectives
7.6.2 APE_ECD.1 Extended components definition <\/td>\n<\/tr>\n
33<\/td>\n7.7 Security requirements (APE_REQ)
7.7.1 Objectives
7.7.2 Component levelling
7.7.3 APE_REQ.1 Direct rationale PP-Module security requirements <\/td>\n<\/tr>\n
34<\/td>\n7.7.4 APE_REQ.2 Derived security requirements <\/td>\n<\/tr>\n
36<\/td>\n8.1 General
8.2 PP-Module introduction (ACE_INT)
8.2.1 Objectives
8.2.2 ACE_INT.1 PP-Module introduction <\/td>\n<\/tr>\n
37<\/td>\n8.3 PP-Module conformance claims (ACE_CCL)
8.3.1 Objectives
8.3.2 ACE_CCL.1 PP-Module conformance claims <\/td>\n<\/tr>\n
39<\/td>\n8.4 PP-Module security problem definition (ACE_SPD)
8.4.1 Objectives
8.4.2 ACE_SPD.1 PP-Module security problem definition <\/td>\n<\/tr>\n
40<\/td>\n8.5 PP-Module security objectives (ACE_OBJ)
8.5.1 Objectives
8.5.2 Component levelling
8.5.3 ACE_OBJ.1 PP-Module security objectives for the operational environment <\/td>\n<\/tr>\n
41<\/td>\n8.5.4 ACE_OBJ.2 PP-Module security objectives
8.6 PP-Module extended components definition (ACE_ECD)
8.6.1 Objectives <\/td>\n<\/tr>\n
42<\/td>\n8.6.2 ACE_ECD.1 PP-Module extended components definition
8.7 PP-Module security requirements (ACE_REQ)
8.7.1 Objectives <\/td>\n<\/tr>\n
43<\/td>\n8.7.2 Component levelling
8.7.3 ACE_REQ.1 PP-Module stated security requirements <\/td>\n<\/tr>\n
44<\/td>\n8.7.4 ACE_REQ.2 PP-Module derived security requirements <\/td>\n<\/tr>\n
45<\/td>\n8.8 PP-Module consistency (ACE_MCO)
8.8.1 Objectives
8.8.2 ACE_MCO.1 PP-Module consistency <\/td>\n<\/tr>\n
46<\/td>\n8.9 PP-Configuration consistency (ACE_CCO)
8.9.1 Objectives
8.9.2 ACE_CCO.1 PP-Configuration consistency <\/td>\n<\/tr>\n
50<\/td>\n9.1 General
9.2 ST introduction (ASE_INT)
9.2.1 Objectives
9.2.2 ASE_INT.1 ST introduction <\/td>\n<\/tr>\n
51<\/td>\n9.3 Conformance claims (ASE_CCL)
9.3.1 Objectives
9.3.2 ASE_CCL.1 Conformance claims <\/td>\n<\/tr>\n
53<\/td>\n9.4 Security problem definition (ASE_SPD)
9.4.1 Objectives
9.4.2 ASE_SPD.1 Security problem definition <\/td>\n<\/tr>\n
54<\/td>\n9.5 Security objectives (ASE_OBJ)
9.5.1 Objectives
9.5.2 Component levelling
9.5.3 ASE_OBJ.1 Security objectives for the operational environment <\/td>\n<\/tr>\n
55<\/td>\n9.5.4 ASE_OBJ.2 Security objectives <\/td>\n<\/tr>\n
56<\/td>\n9.6 Extended components definition (ASE_ECD)
9.6.1 Objectives
9.6.2 ASE_ECD.1 Extended components definition <\/td>\n<\/tr>\n
57<\/td>\n9.7 Security requirements (ASE_REQ)
9.7.1 Objectives
9.7.2 Component levelling
9.7.3 ASE_REQ.1 Direct rationale security requirements <\/td>\n<\/tr>\n
58<\/td>\n9.7.4 ASE_REQ.2 Derived security requirements <\/td>\n<\/tr>\n
59<\/td>\n9.8 TOE summary specification (ASE_TSS)
9.8.1 Objectives <\/td>\n<\/tr>\n
60<\/td>\n9.8.2 Component levelling
9.8.3 ASE_TSS.1 TOE summary specification
9.8.4 ASE_TSS.2 TOE summary specification with architectural design summary <\/td>\n<\/tr>\n
61<\/td>\n9.9 Consistency of composite product Security Target (ASE_COMP)
9.9.1 Objectives
9.9.2 Component levelling
9.9.3 Application notes <\/td>\n<\/tr>\n
62<\/td>\n9.9.4 ASE_COMP.1 Consistency of Security Target (ST) <\/td>\n<\/tr>\n
63<\/td>\n10.1 General <\/td>\n<\/tr>\n
67<\/td>\n10.2 Security Architecture (ADV_ARC)
10.2.1 Objectives
10.2.2 Component levelling <\/td>\n<\/tr>\n
68<\/td>\n10.2.3 Application notes
10.2.4 ADV_ARC.1 Security architecture description <\/td>\n<\/tr>\n
69<\/td>\n10.3 Functional specification (ADV_FSP)
10.3.1 Objectives
10.3.2 Component levelling <\/td>\n<\/tr>\n
70<\/td>\n10.3.3 Application notes <\/td>\n<\/tr>\n
72<\/td>\n10.3.4 ADV_FSP.1 Basic functional specification <\/td>\n<\/tr>\n
73<\/td>\n10.3.5 ADV_FSP.2 Security-enforcing functional specification
10.3.6 ADV_FSP.3 Functional specification with complete summary <\/td>\n<\/tr>\n
74<\/td>\n10.3.7 ADV_FSP.4 Complete functional specification <\/td>\n<\/tr>\n
75<\/td>\n10.3.8 ADV_FSP.5 Complete semi-formal functional specification with additional error information <\/td>\n<\/tr>\n
76<\/td>\n10.3.9 ADV_FSP.6 Complete semi-formal functional specification with additional formal specification <\/td>\n<\/tr>\n
77<\/td>\n10.4 Implementation representation (ADV_IMP)
10.4.1 Objectives <\/td>\n<\/tr>\n
78<\/td>\n10.4.2 Component levelling
10.4.3 Application notes <\/td>\n<\/tr>\n
79<\/td>\n10.4.4 ADV_IMP.1 Implementation representation of the TSF
10.4.5 ADV_IMP.2 Complete mapping of the implementation representation of the TSF <\/td>\n<\/tr>\n
80<\/td>\n10.5 TSF internals (ADV_INT)
10.5.1 Objectives
10.5.2 Component levelling
10.5.3 Application notes <\/td>\n<\/tr>\n
81<\/td>\n10.5.4 ADV_INT.1 Well-structured subset of TSF internals <\/td>\n<\/tr>\n
82<\/td>\n10.5.5 ADV_INT.2 Well-structured internals
10.5.6 ADV_INT.3 Minimally complex internals <\/td>\n<\/tr>\n
83<\/td>\n10.6 Security policy modelling (ADV_SPM)
10.6.1 Objectives <\/td>\n<\/tr>\n
84<\/td>\n10.6.2 Component levelling
10.6.3 Application notes
10.6.4 ADV_SPM.1 Formal TOE security policy model <\/td>\n<\/tr>\n
86<\/td>\n10.7 TOE design (ADV_TDS)
10.7.1 Objectives
10.7.2 Component levelling
10.7.3 Application notes <\/td>\n<\/tr>\n
87<\/td>\n10.7.4 ADV_TDS.1 Basic design <\/td>\n<\/tr>\n
88<\/td>\n10.7.5 ADV_TDS.2 Architectural design <\/td>\n<\/tr>\n
89<\/td>\n10.7.6 ADV_TDS.3 Basic modular design <\/td>\n<\/tr>\n
90<\/td>\n10.7.7 ADV_TDS.4 Semiformal modular design <\/td>\n<\/tr>\n
92<\/td>\n10.7.8 ADV_TDS.5 Complete semiformal modular design <\/td>\n<\/tr>\n
93<\/td>\n10.7.9 ADV_TDS.6 Complete semiformal modular design with formal high-level design presentation <\/td>\n<\/tr>\n
94<\/td>\n10.8 Composite design compliance (ADV_COMP)
10.8.1 Objectives
10.8.2 Component levelling
10.8.3 Application notes <\/td>\n<\/tr>\n
95<\/td>\n10.8.4 ADV_COMP.1 Design compliance with the base component-related user guidance, ETR for composite evaluation and report of the base component evaluation authority <\/td>\n<\/tr>\n
96<\/td>\n11.1 General
11.2 Operational user guidance (AGD_OPE)
11.2.1 Objectives
11.2.2 Component levelling
11.2.3 Application notes <\/td>\n<\/tr>\n
97<\/td>\n11.2.4 AGD_OPE.1 Operational user guidance <\/td>\n<\/tr>\n
98<\/td>\n11.3 Preparative procedures (AGD_PRE)
11.3.1 Objectives
11.3.2 Component levelling
11.3.3 Application notes
11.3.4 AGD_PRE.1 Preparative procedures <\/td>\n<\/tr>\n
99<\/td>\n12.1 General <\/td>\n<\/tr>\n
100<\/td>\n12.2 CM capabilities (ALC_CMC)
12.2.1 Objectives <\/td>\n<\/tr>\n
101<\/td>\n12.2.2 Component levelling
12.2.3 Application notes
12.2.4 ALC_CMC.1 Labelling of the TOE <\/td>\n<\/tr>\n
102<\/td>\n12.2.5 ALC_CMC.2 Use of the CM system <\/td>\n<\/tr>\n
103<\/td>\n12.2.6 ALC_CMC.3 Authorization controls <\/td>\n<\/tr>\n
105<\/td>\n12.2.7 ALC_CMC.4 Production support, acceptance procedures and automation <\/td>\n<\/tr>\n
107<\/td>\n12.2.8 ALC_CMC.5 Advanced support <\/td>\n<\/tr>\n
110<\/td>\n12.3 CM scope (ALC_CMS)
12.3.1 Objectives
12.3.2 Component levelling
12.3.3 Application notes
12.3.4 ALC_CMS.1 TOE CM coverage <\/td>\n<\/tr>\n
111<\/td>\n12.3.5 ALC_CMS.2 Parts of the TOE CM coverage <\/td>\n<\/tr>\n
112<\/td>\n12.3.6 ALC_CMS.3 Implementation representation CM coverage <\/td>\n<\/tr>\n
113<\/td>\n12.3.7 ALC_CMS.4 Problem tracking CM coverage
12.3.8 ALC_CMS.5 Development tools CM coverage <\/td>\n<\/tr>\n
114<\/td>\n12.4 Delivery (ALC_DEL)
12.4.1 Objectives <\/td>\n<\/tr>\n
115<\/td>\n12.4.2 Component levelling
12.4.3 Application notes
12.4.4 ALC_DEL.1 Delivery procedures <\/td>\n<\/tr>\n
116<\/td>\n12.5 Developer environment security (ALC_DVS)
12.5.1 Objectives
12.5.2 Component levelling
12.5.3 Application notes
12.5.4 ALC_DVS.1 Identification of security controls <\/td>\n<\/tr>\n
117<\/td>\n12.5.5 ALC_DVS.2 Sufficiency of security controls
12.6 Flaw remediation (ALC_FLR)
12.6.1 Objectives
12.6.2 Component levelling
12.6.3 Application notes <\/td>\n<\/tr>\n
118<\/td>\n12.6.4 ALC_FLR.1 Basic flaw remediation
12.6.5 ALC_FLR.2 Flaw reporting procedures <\/td>\n<\/tr>\n
120<\/td>\n12.6.6 ALC_FLR.3 Systematic flaw remediation <\/td>\n<\/tr>\n
121<\/td>\n12.7 Development Life-cycle definition (ALC_LCD)
12.7.1 Objectives
12.7.2 Component levelling <\/td>\n<\/tr>\n
122<\/td>\n12.7.3 Application notes
12.7.4 ALC_LCD.1 Developer defined life-cycle processes <\/td>\n<\/tr>\n
123<\/td>\n12.7.5 ALC_LCD.2 Measurable life-cycle model <\/td>\n<\/tr>\n
124<\/td>\n12.8 TOE Development Artefacts (ALC_TDA)
12.8.1 Objectives
12.8.2 Component levelling
12.8.3 Application notes <\/td>\n<\/tr>\n
125<\/td>\n12.8.4 ALC_TDA.1 Uniquely identifying implementation representation <\/td>\n<\/tr>\n
126<\/td>\n12.8.5 ALC_TDA.2 Matching CMS scope of implementation representation <\/td>\n<\/tr>\n
128<\/td>\n12.8.6 ALC_TDA.3 Regenerate TOE with well-defined development tools <\/td>\n<\/tr>\n
131<\/td>\n12.9 Tools and techniques (ALC_TAT)
12.9.1 Objectives
12.9.2 Component levelling
12.9.3 Application notes <\/td>\n<\/tr>\n
132<\/td>\n12.9.4 ALC_TAT.1 Well-defined development tools
12.9.5 ALC_TAT.2 Compliance with implementation standards <\/td>\n<\/tr>\n
133<\/td>\n12.9.6 ALC_TAT.3 Compliance with implementation standards – all parts <\/td>\n<\/tr>\n
134<\/td>\n12.10 Integration of composition parts and consistency check of delivery procedures (ALC_COMP)
12.10.1 Objectives
12.10.2 Component levelling
12.10.3 Application notes
12.10.4 ALC_COMP.1 Integration of the dependent component into the related base component and Consistency check for delivery and acceptance procedures <\/td>\n<\/tr>\n
135<\/td>\n13.1 General <\/td>\n<\/tr>\n
136<\/td>\n13.2 Coverage (ATE_COV)
13.2.1 Objectives
13.2.2 Component levelling
13.2.3 Application notes
13.2.4 ATE_COV.1 Evidence of coverage <\/td>\n<\/tr>\n
137<\/td>\n13.2.5 ATE_COV.2 Analysis of coverage
13.2.6 ATE_COV.3 Rigorous analysis of coverage <\/td>\n<\/tr>\n
138<\/td>\n13.3 Depth (ATE_DPT)
13.3.1 Objectives
13.3.2 Component levelling
13.3.3 Application notes <\/td>\n<\/tr>\n
139<\/td>\n13.3.4 ATE_DPT.1 Testing: basic design
13.3.5 ATE_DPT.2 Testing: security enforcing modules <\/td>\n<\/tr>\n
140<\/td>\n13.3.6 ATE_DPT.3 Testing: modular design <\/td>\n<\/tr>\n
141<\/td>\n13.3.7 ATE_DPT.4 Testing: implementation representation <\/td>\n<\/tr>\n
142<\/td>\n13.4 Functional tests (ATE_FUN)
13.4.1 Objectives
13.4.2 Component levelling
13.4.3 Application notes
13.4.4 ATE_FUN.1 Functional testing <\/td>\n<\/tr>\n
143<\/td>\n13.4.5 ATE_FUN.2 Ordered functional testing <\/td>\n<\/tr>\n
144<\/td>\n13.5 Independent testing (ATE_IND)
13.5.1 Objectives
13.5.2 Component levelling
13.5.3 Application notes <\/td>\n<\/tr>\n
145<\/td>\n13.5.4 ATE_IND.1 Independent testing – conformance
13.5.5 ATE_IND.2 Independent testing – sample <\/td>\n<\/tr>\n
146<\/td>\n13.5.6 ATE_IND.3 Independent testing – complete <\/td>\n<\/tr>\n
148<\/td>\n13.6 Composite functional testing (ATE_COMP)
13.6.1 Objectives
13.6.2 Component levelling
13.6.3 Application notes
13.6.4 ATE_COMP.1 Composite product functional testing <\/td>\n<\/tr>\n
149<\/td>\n14.1 General
14.2 Application notes <\/td>\n<\/tr>\n
150<\/td>\n14.3 Vulnerability analysis (AVA_VAN)
14.3.1 Objectives
14.3.2 Component levelling
14.3.3 AVA_VAN.1 Vulnerability survey <\/td>\n<\/tr>\n
151<\/td>\n14.3.4 AVA_VAN.2 Vulnerability analysis <\/td>\n<\/tr>\n
152<\/td>\n14.3.5 AVA_VAN.3 Focused vulnerability analysis <\/td>\n<\/tr>\n
153<\/td>\n14.3.6 AVA_VAN.4 Methodical vulnerability analysis <\/td>\n<\/tr>\n
154<\/td>\n14.3.7 AVA_VAN.5 Advanced methodical vulnerability analysis <\/td>\n<\/tr>\n
155<\/td>\n14.4 Composite vulnerability assessment (AVA_COMP)
14.4.1 Objectives
14.4.2 Component levelling <\/td>\n<\/tr>\n
156<\/td>\n14.4.3 Application notes
14.4.4 AVA_COMP.1 Composite product vulnerability assessment <\/td>\n<\/tr>\n
157<\/td>\n15.1 General <\/td>\n<\/tr>\n
160<\/td>\n15.2 Composition rationale (ACO_COR)
15.2.1 Objectives
15.2.2 Component levelling
15.2.3 ACO_COR.1 Composition rationale
15.3 Development evidence (ACO_DEV)
15.3.1 Objectives
15.3.2 Component levelling
15.3.3 Application notes <\/td>\n<\/tr>\n
161<\/td>\n15.3.4 ACO_DEV.1 Functional Description <\/td>\n<\/tr>\n
162<\/td>\n15.3.5 ACO_DEV.2 Basic evidence of design
15.3.6 ACO_DEV.3 Detailed evidence of design <\/td>\n<\/tr>\n
163<\/td>\n15.4 Reliance of dependent component (ACO_REL)
15.4.1 Objectives <\/td>\n<\/tr>\n
164<\/td>\n15.4.2 Component levelling
15.4.3 Application notes
15.4.4 ACO_REL.1 Basic reliance information
15.4.5 ACO_REL.2 Reliance information <\/td>\n<\/tr>\n
165<\/td>\n15.5 Composed TOE testing (ACO_CTT)
15.5.1 Objectives
15.5.2 Component levelling
15.5.3 Application notes <\/td>\n<\/tr>\n
166<\/td>\n15.5.4 ACO_CTT.1 Interface testing <\/td>\n<\/tr>\n
167<\/td>\n15.5.5 ACO_CTT.2 Rigorous interface testing <\/td>\n<\/tr>\n
168<\/td>\n15.6 Composition vulnerability analysis (ACO_VUL)
15.6.1 Objectives
15.6.2 Component levelling
15.6.3 Application notes <\/td>\n<\/tr>\n
169<\/td>\n15.6.4 ACO_VUL.1 Composition vulnerability review
15.6.5 ACO_VUL.2 Composition vulnerability analysis <\/td>\n<\/tr>\n
170<\/td>\n15.6.6 ACO_VUL.3 Enhanced-Basic Composition vulnerability analysis <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Information security, cybersecurity and privacy protection. Evaluation criteria for IT security – Security assurance components<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2023<\/td>\n204<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":451474,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-451463","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/451463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/451474"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=451463"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=451463"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=451463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}