TECHNICAL ISO/IEC TR REPORT 15446 Third edition 2017-10 Information technology - Security techniques Guidance for the production of protection profiles and security targets Technologies de I'information - Techniques de sécurité - Guide pour la production de profils de protection et de cibles de seécurite Reference number EC IS0/IEC TR15446:2017(E) @IS0/IEC 2017 ACKEY, MA nout license from IHS IS0/IEC TR 15446:2017(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org @ IS0/IEC 2017 - All rights reserved see=NanyangTechnological Univ/5926867100,User=JACKEY,MA No reproductic or networking permitted without license from IHS IS0/IEC TR 15446:2017(E) Contents Page Foreword ..V Introduction. ..vi 1 Scope. 2 Normative references. 3 Terms and definitions 4 Abbreviated terms ..1 5 Purpose and structure of this document. ..2 6 Overview of PPs and STs ..2 6.1 General .2 6.2 Audience. .2 6.3 Use of PPs and STs 3 6.3.1 General .3 6.3.2 Specification-based purchasing processes .4 6.3.3 Selection-based purchasing processes. 6.3.4 Other uses of PPs .8 6.4 The PP/ST development process ..8 6.4.1 Including stakeholders in the development process. .8 6.4.2 Method to develop a PP or ST .9 6.4.3 Evaluation of PPs and STs .9 6.5 Reading and understanding PPs and STs .10 6.5.1 General. .10 6.5.2 Reading the TOE overview. .10 6.5.3 Reading the TOE description.. ..11 6.5.4 Security objectives for the operational environment ..12 6.5.5 Reading the conformance claim ..12 6.5.6 ConformancetoProtectionProfiles .13 6.5.7 EALs and other assurance issues. ..13 6.5.8 Summary ..15 6.5.9 Further reading .. 15 7 Specifying the PP/ST introduction ..15 8 Specifying conformance claims ..16 9 Specifying the security problem definition .17 9.1 General 17 9.2 Identifying the informal security requirement .18 9.2.1 General. ..18 9.2.2 Sources of information .19 9.2.3 Documenting the informal requirement 20 9.3 How to identify and specify threats.. 21 9.3.1 General 21 9.3.2 Deciding on a threat analysis methodology 21 9.3.3 Identifying participants. 23 9.3.4 Applying the chosen threat analysis methodology 26 9.3.5 Practicaladvice 27 9.4 How to identify and specify policies. .28 9.5 How to identify and specify assumptions. ..29 9.6 Finalizing the security problem definition ..31 10 Specifying the security objectives .32 10.1 General .32 10.2 Structuring the threats, policies and assumptions .33 10.3 Identifying the non-IT operational environment objectives. 34 Copyrintntematonal OEan-All rights reserved ii ACKEY,MA mited withoutlicense from IHS Notfor Resale,11/12/201721:45:23MST IS0/IEC TR 15446:2017(E) 10.4 Identifying the IT operational environment objectives. .35 10.5 Identifying the TOE objectives 35 10.6 Producing the objectives rationale .38 11 Specifying extended component definitions .39 12 Specifying the security requirements 43 12.1 General 43 12.2 Security paradigms in IS0/IEC 15408 45 12.2.1 Explanation of the security paradigms and their usage for modelling the security functionality.. 45 12.2.2 Controlling access to and use of resources and objects 45 12.2.3 User management. 48 12.2.4 TOE self protection 49 12.2.5 Securing communication 50 12.2.6 Security audit. .52 12.2.7 Architectural requirements. 52 12.3 How to specify security functional requirements in a PP or ST 53 12.3.1 How should security functional requirements be selected? 53 12.3.2 Selecting SFRs from IS0/IEC 15408-2:2008 56 12.3.3 H