标准摘要
[中文适用范围]: 1.1 目的 ISO/IEC TR 15443 本部分的目的是为鉴证机构选择适当类型的国际通信技术(ICT)鉴证方法提供一般指导,并为具体鉴证方法的分析奠定框架针对特定环境。1.2 应用 ISO/IEC TR 15443 的这一部分将允许用户将特定的保证要求和/或典型的保证情况与可用保证方法提供的一般特征相匹配。1.3 适用领域 ISO/IEC TR 15443本部分的指导适用于有安全要求的ICT产品和ICT系统的开发、实施和运行。1.4 局限性 安全需求可能很复杂,保障方法多种多样,组织资源和文化差异很大。 因此,ISO/IEC TR 15443 这一部分给出的建议将是定性和总结性的,用户可能需要自行分析本技术报告第 2 部分中提出的哪些方法最适合其特定的可交付成果和组织安全要求。 [外文原描述]: ISO/IEC TR 15443-3:2007 provides general guidance to an assurance authority in the choice of the appropriate type of international communications techology (ICT) assurance methods and to lay the framework for the analysis of specific assurance methods for specific environments. ISO/IEC TR 15443-3:2007 will allow the user to match specific assurance requirements and/or typical assurance situations with the general characteristics offered by available assurance methods. The guidance of ISO/IEC TR 15443-3:2007 is applicable to the development, implementation and operation of ICT product and ICT systems with security requirements. The advice given in ISO/IEC TR 15443-3:2007 will be qualitative and summary, and the user may need to analyse which methods presented in ISO/IEC TR 15443-2 will suit best his specific deliverables and organisational security requirements.
英文名称Information technology - Security techniques - A framework for IT security assurance - Part 3: Analysis of assurance methods