标准摘要
[中文适用范围]: 本文件规定了完整性级别的概念以及实现完整性级别的相应完整性级别要求。提供了定义和使用完整性级别及其相应完整性级别要求的要求和推荐方法。本文件涵盖系统、软件产品及其元素,以及相关的外部依赖关系。本文件适用于系统和软件,旨在供以下人员使用:a) 完整性级别的定义者,如行业和专业组织、标准组织和政府机构;b) 完整性级别的用户,如开发人员和维护人员、供应商和采购方、系统或软件用户、系统或软件评估人员以及系统和/或软件产品的管理和技术支持人员。完整性级别的一个重要用途是供应商和采购方在协议中使用,例如,帮助确保交付的系统或产品的安全、财务或安全特性。本文件未规定一组特定的完整性级别或其完整性级别要求。此外,它未规定完整性级别的使用与整个系统或软件工程生命周期过程集成的方式。但是,它在附件 A 中提供了使用本文件的示例。 [外文原描述]: This document specifies the concept of integrity levels with the corresponding integrity level requirements for achieving the integrity levels. Requirements and recommended methods are provided for defining and using integrity levels and their corresponding integrity level requirements. This document covers systems, software products, and their elements, as well as relevant external dependences. This document is applicable to systems and software and is intended for use by: a) definers of integrity levels such as industry and professional organizations, standards organizations, and government agencies; b) users of integrity levels such as developers and maintainers, suppliers and acquirers, system or software users, assessors of systems or software and administrative and technical support staff of systems and/or software products. One important use of integrity levels is by suppliers and acquirers in agreements, for example, to aid in assuring safety, financial, or security characteristics of a delivered system or product. This document does not prescribe a specific set of integrity levels or their integrity level requirements. In addition, it does not prescribe the way in which integrity level use is integrated with the overall system or software engineering life cycle processes. It does, however, provide an example of use of this document in Annex A.
英文名称Systems and software engineering - Systems and software assurance - Part 3: System integrity levels