标准摘要
[中文适用范围]: 本马来西亚标准规定了两类用于表述信息技术安全功能与保证要求的格式。保护配置文件(PP)结构允许创建通用的、可复用的安全需求集合。 prospective消费者可利用PP来指定和识别具备符合其需求的信息安全技术特征的产品。安全目标(ST)则表述特定产品或系统(称为评估目标,TOE)的安全需求,并规定其安全功能,供评估员依据MS ISO/IEC 15408标准开展评估工作。 [外文原描述]: ISO/IEC 15408-1:2005 defines two forms for expressing IT security functional and assurance requirements. The protection profile (PP) construct allows creation of generalized reusable sets of these security requirements. The PP can be used by prospective consumers for specification and identification of products with IT security features which will meet their needs. The security target (ST) expresses the security requirements and specifies the security functions for a particular product or system to be evaluated, called the target of evaluation (TOE). The ST is used by evaluators as the basis for evaluations conducted in accordance with ISO/IEC 15408.
英文名称Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model