Professional Documents
Culture Documents
통합시스템 보안성 평가체계 및 방법연구
통합시스템 보안성 평가체계 및 방법연구
2006. 11.
2006
11 30
:
:
( )
: ( )
( )
( )
( )
1. :
2.
(KISSES; Korean
Information System Security Evaluation Scheme) . KISSES
ISO/IEC 19791-TR(2006 5) .
CC
,
.
, KISSES .
3.
- i -
KISSES , ,
, ,
: SPP/SST, ,
:
SPP/SST, , ,
PP/ST
4.
.
,
.
(1)
ISO/IEC 15443-2
(, , , )
: FISMA, NIST SP 800-37 (C&A), FAA
SPP
: SYS, FTA, TAS(Tailored Assurance
: PP/ST ,
- ii -
Scheme)
: ISIA
: (TSS)
19791: 2WD(2003 7), PDTR(2004 12), DTR(2005 5),
TR(2006 5)
Enhanced CC/CEM: ( )
: CC 3.1 , ITSEM , 19791
, PP/ST TOE
PP, CCEVS
(2)
KISSES , ,
KISSES
,
, ,
UK-ITSEC
(3)
( 19791-TR )
19791-TR SPP/SST
19791-TR
19791-TR
)
SPP/SST ( G)
NIST SP 800-53A
(4)
PP/ST
SPP/SST
SRS
SPP/SST
CC 3.1 ACO CAP
TSEM (ITSEM V1.0, 1993.9), 19791
2
CC 3.1 TOE 3
19791-TR TOE 7 5
- iv -
(scoping)
3 : , ()
()
O-TOE
5.
.
, 19791-TR, SP 800-53A
, , ,
. , 4 PP/ST
, ,
.
6.
.
,
.
- v -
SUMMARY
1. Title
A Security Evaluation Scheme and Method for Intergrated Functional
System
2. R&D Results
Survey and analysis on operational system security evaluation method,
scheme, criteria
- classification of IA mthods
- schemes in U.S.A, UK, Japan, China, Germany
- 19791, Enhanced CC
Design
of
Korean
Information
Scheme(KISSES)
- vi -
System
Security
Evaluation
- vii -
1 1
2 3
1 3
1. 3
2 8
1. 8
2. 46
3. ICCC 56
4. 64
69
3 17
1 71
2 75
1. 75
2. KISSES 79
3. 81
4. 85
5. 89
6. 95
7. 97
99
- viii -
4 100
1 100
2 101
1. SPP/SST 101
2. 118
3. 120
3 123
1. (EWP) 123
2. 125
3. 139
4. 144
5 149
1 PP/ST 149
1. 149
2. SPP SST 150
3. 162
4. SPP/SST 167
5. 170
2 171
1. 172
2. 183
3 191
1. 191
2. TOE 193
- ix -
3. TOE 203
4. TOE (19791-TR ) 209
4 221
1. 221
2. 230
3. 236
238
6 241
A. 243
A.1 Tailored Assurance Scheme(TAS) 243
A.2 SYSn Assurance Packages Framework(SYSn) 246
A.3 Fast Track Assessment(FTA) 251
B. 263
B.1 (ISIA) 263
B.2 273
B.3 ISIA 273
B.4 (Engineering Criteria) 279
C. 287
D. CC 3.1 351
E.1 351
E.2 (CAP) 352
E.3 (ACO) 356
E.4 367
- x -
E. 375
E.1 ITSEM 375
E.2 ISO/IEC 19791 379
E.3 CC 3.0 (ADV ) 381
E.4 PP/ST PP/ST 388
E.5 CCEVS 392
F. 396
F.1 (TOE) 396
F.2 (TOE) 403
G. 417
- xi -
Table of Contents
Chapter 1. Introduction 1
Chapter 2. Survey and analysis on operational system
security evaluation method, scheme, criteria 3
Section 1. System Information Assurance Paradigm 3
1. Information Assurance Scheme 3
References 69
References 99
- xii -
- xiii -
References 238
- xiv -
( 1-1) 2
( 2-1) CC 7
( 2-2) 10
( 2-3) DITSCAP 14
( 2-4) DITSCAP 15
( 2-5) FISMA 27
( 2-6) 28
( 2-7) (risk assessment) 31
( 2-8) , 33
( 2-9) (C&A) 37
( 2-10) PP TOE 51
( 2-11) ST 53
( 2-12) TOE(EAL 3+) 54
( 2-13) STOE 55
( 3-1) 73
( 3-2) KISSES 76
( 3-3) KISSES 76
( 3-4) SST KISSES 77
( 3-5) KISSES 78
( 3-6) KISSES (O-TOE
) 92
( 4-1) 100
( 4-2) 101
( 5-1) CCPP 153
- xv -
- xvi -
[ 2-1] (ISO/IEC TR 15443-2
) 3
[ 2-2] (ISO/IEC TR 15443-3) 5
[ 2-3] 5
[ 2-4] CMVP 6
[ 2-5] SSAA 15
[ 2-6] 16
[ 2-7] 17
[ 2-8] 17
[ 2-9] 17
[ 2-10] NIST SP 800-18 (SSP) 20
[ 2-11] NIST SP 800-26 20
[ 2-12] DIACAP - 22
[ 2-13] DIACAP (IAC) 24
[ 2-14] DIACAP 24
[ 2-15] (IAC) 25
[ 2-16] NIST 30
[ 2-17] 36
[ 2-18] ICCC 64
[ 2-19] 19791, , , ISMS 68
[ 3-1] 71
[ 3-2] 74
[ 3-3] KISSES 88
[ 3-4] 89
- xvii -
119
- xviii -
- xix -
211
[ 5-32] (OPE) 212
[ 5-33] 19791-TR 213
[ 5-34] 19791-TR 218
[ 5-35] 3 O-TOE
231
- xx -
, , ,
, (Information Assurance: IA)
. , . ,
CMVP, CC,
ISO/IEC 19977 ISMS
.
,
, (operational)
(application) .
, COTS (, )
, (composed)
.
ISO/IEC 19791-TR(2006 5)
, CC 3.1 ACO
. CCRA
CC
,
.
.
,
(KISSES; Korean Information System Security Evaluation
Scheme) . KISSES ISO/IEC 19791-TR(2006 5)
. KISSESS
- 1 -
. KISSESS 19791-TR ,
19791-TR . , PP/ST
, ,
. ( 1-1)
.
2
. 3 KISSES
, 4 KISSES
. 5 4 .
19791-TR , SP 800-53A ,
. .
, , ,
,
Enhanced-CC,
19791-TR,
KISSES
(KISSES)
19791-TR
KISSES SPP/SST
SP800-53A
PP/ST
( 1-1)
- 2 -
CC3.1
1
(=/ )
,
.
.
1.
.
.
.
[ 2-1]
. , [ 2-2] [ 2-3]
.
/ /
- 3 -
Penetration Testing
TTAP Trust Technology Assessment Program
TPEP Trusted Product Evaluation Program
CTCPEC Canadian Trusted Product Evaluation Criteria
TCSEC Trusted Computer System Evaluation Criteria
RAMP Rating Maintenance Phase
ERM Evaluation Rating Maintenance (in general)
ITSEC/ITSEM Information Technology Security
Evaluation Criteria and Methodology
KISEC/KISEM Korea Information Security Evaluation
Criteria and Methodology
ISO/IEC 15408 Evaluation criteria for IT security (CC)
ISO/IEC 12207 Software Life Cycle Processes
ISO/IEC 15288 System Life Cycle Processes
VModel
SdoC Suppliers declaration of Conformity
SA-CMM Software Acquisition Capability Maturity Model
ISO/IEC 17799 Code of practice for information security
management
BS 7799.2 Information security management systems
Specification with guidance for use
CMM Capability Maturity Model (for Software)
SE-CMM Systems Engineering Capability Maturity Model
TSDM Trusted Software Development Methodology
TCMM Trusted Capability Maturity Model
FR Flaw Remediation (in general)
ISO/IEC 13335 Guidelines for the management of IT
Security (GMITS)
CMMI Capability Maturity Model
ISO/IEC 21827 Systems Security Engineering Capability
Maturity Model (SSE-CMM)
ISO/IEC 15504 Software Process Assessment
ISO 13407 Human Centered Design (HCD)
Developers Pedigree (in general)
Personnel Assurance (in general)
CISSP Certified Information Systems Security
Professionals
SO 9000 Series Quality Management
ISO/IEC 17025 Accreditation Assurance
Rational Unified Process (RUP)
C&A(Certification and Accreditation) - SP 800-37, NIACAP,
DITSCAP, DIACAP
( : (, ) , : , : (, ) )
- 4 -
HW
SW
()
(mgmt.)
IT
IT
(adm.)
CC
FIPS 140
SSECMM
S
P
P
P
S
S
P
P
P
P
S
P
P
S
P
P
S
ISO
13335
ISO
17799
S
S
P
P
P
P
P
P
P
IT
Baseline
CobiT Protection
Manual
S
S
S
S
P
P
P
P
P
P
P
P
S
S
P
P
S
P
S
P
ISO
9000
X
X
X
X
X
X
S
P
P
P
P
S
P
P
S
S
S
S
(P: , S: , X: )
[ 2-3]
FIPS 140
FIPS 140
CC 2.3
CEM 2.3
ISO/IEC
19791,
C&A
CMVP
CCRA
CC
FIPS 140
CC 2.3
19791,
19791,
C&A C&A C&A
CC 3.0
CEM 3.0
CCRA
CC
SSE-CMM
SSE-CMM
ISO 9000
ISO/IEC
17799
BS 7799-2
ISO 9000
ISO 9000
ISO 9000
ISO/IEC
17799,
BS 7799-2
ISO Guide
62 EA
7/03
- 5 -
CobiT, IT
Baseline
(1)
CC 3.0
SSE-CMM SSE-CMM
SSO
CC 3.0
, KAT (known answer test) MCT(The modes test)
.
[ 2-4] CMVP
< >
y
y
y
y
y
y
//
y
y
y
y
y
(2)
800-20,
RSAVS(RSA
),
3DES
),
),
AESAVS(AES
rDSAVS(ECDSA),
DSAVS(DSA),
),
RNGVS(SHS
accrediation
program)
CMT(cryptographic
NIST
module
NVLAP(national
Atlan
voluntary
Laboratories
testing).
laboratory
10
- 6 -
(CRYPTREC) CMVP
.
(1)
TCSEC(), FC(), ITSEC(), CTCPEC(),
(), ()
, CC 2.3( ), CC 2.4(PP ST
), CC 3.1(2006 7, ) . , CC 3.1 CC 2.3
, ,
. , ISO/IEC 19791
CC 2.3 (, - ) ,
ISO/IEC CC 3.1 2006 9 , CCRA 2008 CC
v3.1 . ( 2-1) CC
( 2-1) CC
(2)
ITSEM CEM , (,
PP/ST ) .
- 7 -
CC
3.1
. E ). CC 3.1
composite . (operational)
, ,
() -
. ISO/IEC TR 19791 Enhanced-CC .
2
1.
.
(1)
.
,
(Certification and Accreditation, C&A) .
.
- (: CMVP), (:
CC ), (Information Security Management System; ISMS)
(: ISO/IEC 17799 ) (,
) .
- 8 -
.
o :
, ,
o : ,
(,
, ,
.
,
-
. , - (
) , 3 6
.
(2)
() -
- .
o DITSCAP (Defense Information Systems Certification and Accreditation
regulation): 1997 DoDI 5200.40
- -
- . DIACAP
.
o DIACAP (Defense Information Assurance Certification and Accreditation
Process): 2002 e-Government Act (, Federal Information Security
Management Act; FISMA) 2002
DoDI 8500-1
-.
o NIACAP (National Information Assurance Certification and Accreditation
- 9 -
Process):
2000
NSTISSI(National
Security
Telecommunications
and
No. 1000
- DITSCAP -
.
o FISMA(Federal Information Security Management Act): 2002
( 2-2) -
. -
(1) - ( )
,
. (FISMA, DITSCAP, DIACAP,
NIACAP) .
, ,
.
o
- 10 -
o
o
o SW HW
o
o
o (contingency plan)
o
o
NIST -
.
.
(2) -
. .
o (Authority to Operation; ATO):
.
o (Interim Authority to Operation; IATO):
,
(;
) .
3 .
(3)
(, )
.
.
. - -
- 11 -
. 4,
.
Level 4 .
(4) -
- -
.
Federally Funded Research and Development Centers (FFRDC)
. FFRDC ,
.
, , FFRDC
.
. DITSCAP
(1)
DITSCAP (Defense Information Systems Certification and Accreditation
Regulation) DoDI 5200.40 (December 30, 1997)
,
- , ,
DoD
Directive
5200.28,
- 12 -
o
o
(2)
() (Designated Approving Authority; DAA)
,
.
.
() (program manager)
, , , , ,
.
() (certification authority)
SSAA
, DAA
.
() (User Representative)
- ,
, , , , .
() -
DITSCAP - ( 2-3) 4 .
( 2-4) DITSCAP - .
(3)
() (System Security Authorization Agreement; SSAA)
CC- PP ST - SSAA
SSAA PP/ST . DITSCAP
- 13 -
- . , , ,
,
. , -
, . , SSAA (INFOSEC)
- .
SSAA .
o DAA, ,
,
1.
No
SSAA
2.
No
No
3.
No
No
4.
No
No
Yes
( 2-3) DITSCAP
- 14 -
Yes
(1 ~ n)
( 2-4) DITSCAP -
o
o
o SSAA (; , , , )
o DITSCAP
SSAA -
.
o
o (Security Test and Evaluations; ST&E)
o ,
o
SSAA [ 2-5] .
[ 2-5] SSAA
1.
1.1
1.2
1.3
1.4 CONOPS
4.6
4.7
5. 5.1
5.2
5.3
5.4
2.
- 15 -
6. DITSCAP
6.1
2.1
2.2 SW
2.3
3.
3.1
3.2
3.3
3.4 (boundary)
4.
4.1
4.2 (governing) (requisite)
4.3
4.4 CONOPS
4.5
E -
F - /
G - ( )
H -
I - (artifact)
J -
K -
L -
M -
N - (Memorandums of Agreement)
O - ,
P -
Q -
R -
()
( ) [ 2-6] . -
(, , , , -
, , ) [ 2-7]
. [ 2-8]
. [ 2-9]
.
[ 2-6]
- 16 -
[ 2-7]
[ 2-8]
Level 1
< 16
Level 2
12 ~ 32
Level 3
24 ~ 44
Level 4
38 ~ 50
[ 2-9]
Active
System High
Basic
Total
ASAP
Approximate
Sensitive
2
27
, Level 3
- 17 -
, .
,
.
ST&E , , ,
SW, HW FW SSAA
. , , , , ,
.
SSAA , ,
,
.
.
() ,
2 3 . IT,
,
.
. ,
.
. ,
. ,
.
- 18 -
. NIACAP
(1)
NIACAP (National Information Assurance Certification and Accreditation
Process)
2000
NSTISSI
(National
Security
Telecommunications
and
-. DITSCAP
, . Computer Security Act (1987)
Circular A-130 (1996)
(sensitivity) ,
.
NIACAP DITSCAP -
FIPS SP 800-37 .
NIACAP OMB A-130 (1996) (
)
. .
o
o
o
o
(2) -
NIACAP - DITSCAP ( 2-3, 2-4).
(3)
NIACAP (SSP) 1998 NIST
- 19 -
3.GSS -
3.GSS.1
3.GSS.2
3.GSS.3 , /
3.GSS.4
3.GSS.5
3.GSS.6
3.GSS.7
3.GSS.8
3.GSS.9
4
4.MA -
4.MA.1
4.MA.2
(/)
4.MA.3 (public)
4.MA.4
4.GSS -
4.GSS.1
4.GSS.2
4..GSS.3
9.
10.
11.
12.
13. ,
14.
III.
15.
16.
17.
- 20 -
. DIACAP
(1)
DIACAP (Defense Information Assurance Certification and Accreditation
Process)1996 OMB Circular A-130, 2002 E-Government Act (Federal
Information Security Management Act; FISMA) 2002 DoD Directive
8500.1 , ,
, ,
DIACAP -. , FISMA
. .
DIACAP GIG
(Global
Information
Grid)
(defense-in-depth) (IA)
. , (
) , ,
.
DIACAP ,
(2) -
DIACAP
(: , , ) .
, DIACAP ,
. DIACAP
- 21 -
- . DIACAP NIACAP
. [ 2-12] DIACAP -
.
[ 2-12] DIACAP -
[ 1]
[ 2]
1.1
1.2 (IAC)
1.3 DIACAP
1.4 DIACAP
1.5
2.1
2.2
2.3
[ 3]
[ 4] /
3.1 : 4.1
DAA
3.2
4.2
3.3
4.3
[ 5] (decommission)
y
DIACAP .
(3)
() (Mission Assurance Category; MAC)
MAC
, . 3
MAC 3 .
o MAC I ( ):
o MAC III ( (basic)):
,
() (Confidentiality Level; CL)
- 22 -
MAC CL CL
.
o Classified:
o Sensitive:
o Public:
BS 7799
. , CC ,
(--) .
DoD 8500.2 MAC CL IAC
.
o IAC: (
, ) , MAC .
o IAC: .
- 23 -
IAC MAC
IAC CL IAC .
IA (; , , )
IAC . IAC
.
, , IAC
, .
[ 2-13]
DC
IA
EC
EB
PE
PR
CO
VI
31
9
48
8
27
7
24
3
IAC
(Security Design & Configuration)
(Identification and Authentication)
(Enclave and Computing Environment)
(Enclave Boundary Defense)
(Physical and Environmental)
(Personnel)
(Continuity)
(Vulnerability and Incident Management)
[ 2-14] DIACAP
MAC
(Mission Assurance Category control)
(confidentiality control)
I
II
III
CLASSIFIED
SENSITIVE
PUBLICLY RELEASED
32
32
27
7
3
2
38
38
37
0
0
0
45
34
10
IAC .
o : IAC
- 24 -
8
o : , ,
o : IAC
o : IA IAC
o : 4- . 2
, 2 IAC .
[ 2-15] (IAC) .
[ 2-15] (IAC)
:: VIIR-11
(a) (MAC)
:
: .
:: IAGA-12
PKI DAA .
(b)
&(T&E)
. DoD Instruction 5000.2 Developmental Test and
Evaluation (DT&E) Operational Test and Evaluation (OT&E)
(IAT) . ,
- 25 -
, .
,
IAT
. IAT .
.
National Security Agency
, OT&E .
. FISMA
(Federal Information Security Management Act, FISMA)
. FISMA 2002
(e-Government Act) 3(Title III)
, ,
.
NIST
.
.
FISMA (NIST)
,
FISMA SP 800-53A( 2nd 2006
12 ) . ( 2-5)
FISMA
- 26 -
( 2-5) FISMA
(1)
() (FIPS 199, SP 800-60)
FISMA
, FIPS 199
, , 3
.
1) FIPS 199
(type)
(potential impact)
. FISMA 3
, , .
FIPS 199 3 (, , ) .
o : ,
.
o : ,
o : ,
- 27 -
2) NIST SP 800-60
NIST SP 800-60 FIPS 199
, 2 . 1
/ 2
.
1 FIPS 199
,
.
( 2-6) .
( 2-6)
o : , ,
,
o : , , ,
o : 2 C D
- 28 -
o : , ,
, ,
o :
, ,
2 ( C), (
D) ,
( E) .
() (FIPS 200, SP 800-53)
1) FIPS 200
FIPS 199 200
, , .
NIST SP 800-53
.
800-53
(low baseline)
,
(moderate baseline) ,
(high baseline)
.
2) NIST SP 800-53
FIPS 200
. NIST SP 800-53
. 3 (,
- 29 -
, ) 17 (family)
. 17
[ 2-16] .
[ 2-16] NIST
(Class
(Family)
(Risk Assessment)
(Planning)
(System and Services Acquisition)
(Certification, Accreditation, and Security Assessments)
(Personnel Security)
, (Physical and Environment Protection)
(Contingency Planning)
(Configuration Management)
(Maintenance)
(System and Information integrity)
(Media Protection)
(Incident Response)
(Awareness and Training)
(Identification and Authentication)
(Access Control)
(Audit and Accountability)
(System and Communications Protection)
RA
PL
SA
CA
PS
PE
CP
CM
MA
SI
MP
IR
AT
IA
AC
AU
SC
() (SP 800-30)
1) NIST SP 800-30
NIST SP 800-30
.
.
3 :
o (risk assessment)
o (risk mitigation)
o (ongoing risk evaluation)
- 30 -
) (risk assessment)
( 2-7) 6 .
o : ,
o : , ,
o : ,
o : , ,
CIA ,
o () : /
o : .
) (risk mitigation)
( , , , ) .
7
.
o
o
o
o
- 31 -
o
o
o
.
( 2-8) /
,
3 ( , , POA&M)
.
- 32 -
( 2-8) ,
.
o ,
o
o
o
o
o
o
o
o ,
o
o ,
o , ,
o
o
o
- 33 -
1) NIST SP 800-35
SP 800-35 IT
IT , .
.
o
-
-
-
o
- ( )
-
-
o
-
-
-
o
-
-
o
- ,
-
-
o
-
-
2) NIST SP 800-36
NIST SP 800-36 , ,
- 34 -
, , ,
.
3) NIST SP 800-70
NIST SP 800-70 (configuration
checklist)
.
4) NIST SP 800-50, SP 800-16
NIST SP 800-50
, NIST SP 800-16 , ,
,
, SP 800-50
.
.
.
o
o
o
o
, ,
-
FISMA
.
o (FIPS 199 SP 800-53 )
o
o
(, , ) E ,
. [ 2-17]
- 35 -
[ 2-17]
--
--
--
2) NIST SP 800-26
NIST SP 800-26 ,
,
,
.
() (NIST SP 800-37)
1) NIST SP 800-37
NIST SP 800-37
(C&A) . 44
U.S.C. Section 3542
- 36 -
.
. (critical)
,
.
SP 800-37 .
o
o ,
o ,
)
( 2-9) 4
.
( 2-9) (C&A)
- 37 -
o [ 1]
1:
(SSP)
, - .
y
1.1 [ ]: SSP
.
1.2 [ ]: SSP
.
1.3 [ ()]:
SSP,
.
1.4 [ ()]:
SSP,
.
1.5 [ ()]:
( ) SSP,
.
y
1.6 [ ]: ,
SSP,
.
2: ()
(i) IS -
; (ii) ; (iii)
, -
y
2.1 []: , ,
,
-
2.2 [ ]: ( )
- 38 -
3: SSP ,
(i) FIPS 199 , (ii)
, (iv)
SSP .
- .
y
3.1 [ ]: ,
,
, SSP FIPS 199
3.2 [SSP ]: IS
SSP
3.3 [SSP ]: ,
SSP
3.4 [SSP ]:
SSP
o [ 2]
. (i) ; (ii)
.
.
.
, ,
.
- 39 -
4:
(i) IS , (ii)
. ,
, , ,
.
. ,
, ,
.
,
,
.
y
4.1 [ ]:
(material) .
, ,
4.2 [ ]: ,
,
4.3 []:
, ,
4.4 []:
5:
5.1 [ ]: I
5.2 [SSP ]:
SSP
- 40 -
5.3 [ ]:
5.4 [ ]:
o [ 3]
. (i) ; (ii)
.
,
. ,
. (i) ; (ii)
; (iii)
.
6:
: (i)
; (ii) .
,
.
.
y
6.1 [ ]:
, ,
6.2 [ ]: ,
,
7:
, (i)
- 41 -
; (ii) SSP .
- .
y
7.1 [ ]: (
)
(,
)
7.2 [SSP ]: ,
SSP
o [ 4]
3 . (i) ; (ii)
; (iii) .
.
.
,
.
8:
: (i)
; (ii) .
HW, SW FW
.
.
y
8.1 [ ]:
, (SW, HW, FW
)
8.2 [ ]: ,
(SW, HW, )
- 42 -
9:
: (i)
; (ii)
;
,
.
y
9.1 [ ]:
9.2 [ ]:
, ,
10:
(i)
SSP ; (ii)
; (iii)
.
, FISMA
.
y
10.1 [SSP ]:
(SW, HW, )
SSP
y
10.2 [ ]:
(SW, HW, )
10.3 []:
)
- 43 -
SSP [ 2-10] .
. SSP
. SSP
.
1) NIST SP 800-55
NIST SP 800-55 NIST SP 800-26 17
37
. 3 .
o :
o / :
o :
2) NIST SP 800-80
NIST SP 800-80
,
.
.
SP 800-53
17 1
18
.
- 44 -
FISMA 3 .
y
[ 1] (2003 ~ 2006):
FISMA .
y
(, - )
, .
y
(GOTS) ,
CMVP
.
- DIACAP, FISMA
.
(SSAA) PP/ST .
, , .
,
.
.
o
.
- 45 -
o , OS, IT ,
NIST NIST
.
o NIST
,
(C&A) . C&A
,
,
.
o NIST
(NIST SP 800-65),
(NIST SP 800-64)
.
o SP 800
100 ,
.
,
.
2.
.
(1)
() (IT Strategic Headquarters)
20011 (Promotion
of an Advanced Information and Telecommunications Network Society)
.
- 46 -
, , , .
(IT
Security
Promotion
, (National Incident Response Team; NIRT)
. NIRT .
o : (, ), (,
, ), ( )
o
() (METI)
.
Information-technology Promotion Agency (IPA) Japan Computer
Emergency Response Coordination Center (JPCERT/CC) ,
.
SW IT ,
.
o
o ISO/IEC 17799 (ISMS)
o CC (JISEC)
o (Encryption Technology Evaluation)
o CRYPTREC
, IT
- 47 -
, ,
,
. (Information Security Committee) (Study
Group) .
. ,
SW (ISEC,
) IT .
, , ,
, ,
.
o
o IT (JISEC)
o (JPCERT/CC )
o : (CRYPTREC)
o , , , : S/MIME
(2)
() CC (Japanese Information Technology Security Evaluation
and Certification Scheme; JISEC) - 20014
.
o ()
o ()
o ()
- 48 -
() ST
CC ASE ST CC
. NITE ST chief
.
ISO/IEC 17799
. 1967 12 JIPDEC (Japan Information
Processing Development Corporation)
Information-Processing Accreditation
Scheme (IAS:
) 2002 4 .
. 1)
(1)
2000
,
IPA JEITA
.
IPA 2000 3
3 .
o PP . CC 2.1 PP
5 2002 .
o ST (confirmation) : JEITA ECSEC
5 ST
CC 2.1
o ,
: CC 2.1
1) 2006 KISA 2
2006 ICCC
- 49 -
2002
2003 ISO/IEC JTC1 SC27 TR 19791
, 2004 JEITA 19791
(2) PP
()
2001 6 2002 2 CC V2.1 EAL 3+
PP,
PP,
PP,
PP,
PP (EAL4) .
PP SPP .
() PP : PP
o TOE :
o : (JEITA), 2001.6.21
o : CC V2.1, EAL3+
o TOE : , ,
- 50 -
( 2-10) PP TOE
,
/ , , ,
, , ()
o TOE
FAU : FAU_ARP.1 8
FCO : FCS_COP.1 5
FDP : FDP_ACC.1 8
FIA : FIA_ATD.1 5
FMT : FMT_MOF.1 6
FPT : FPT_ITI.1 6
o TOE
(3) ST /(STEC)2)
()
- 51 -
o (, , )
(, ST) (confirmation) 3).
o (
, 2005 12) SW ST
(confirmation) () .
o EAL1
o 06 5 ASE (29/ )
o 06 6 ASE, ADV_FSP.1 and ADV_RCR.1
o ISO/IEC TR 19791
1004 2005 JEITA ECSEC
(C-S),
, ST .
() ST : ST
o TOE : ForceSecure-Filing V01R21(())
o TOE :
o : (ECSEC), 2005.2.21
o : CC V2.1, EAL3
o TOE
3) SW 42% / 24%
- 52 -
( 2-11) ST
o TOE : , , , TOE
/ , TOE
o TOE
FAU : FAU_GEN.1 6
FDP : FDP_IFC.1 3
FIA : FIA_ATD.1 5
FMT : FMT_MSA.1 6
FPT : FPT_RVM.1 3
TOE : EAL3
()
1) : (IPA)
2) : (JEITA)
3) :
4)
- 53 -
o (SST)
/, , , 4
STOE
( STOE
)
, ,
o : 19791
o
, ,
ISO/IEC 15408
o : (EAL 3+)
- 54 -
() JEITA
1)
o ISO/IEC 19791
o
2) : 2004 ~
3) : IDC( )
o IDC
o Vault Box, DB ,
o STOE
( 2-13) STOE
4)
o (SST)
/, , , 4
- 55 -
STOE
( STOE
)
, ,
3. ICCC( )
. ICCC
ICCC 2000 CC
, CCRA . 2000 5
1 ICCC(International Common Criteria Conference)
98 10, 5 6 CC (CCMRA :
Common Criteria Mutual Recognition Arrangement)
CCRA(Common Criteria Recognition Arrangement)
. 2000 5 23 25
1 ICCC CCMRA CCRA
.
(1) 1 ICCC
o : 2000. 5. 23 ~ 25
o :
o : NIAP
o :
CC
(2) 2 ICCC
- 56 -
o : 2001. 7. 18 ~ 19
o :
o : CESG
o :
(3) 3 ICCC
o : 2002. 5. 13 ~ 14
o :
o : CSE
o : CC(Delivering Information Assurance
Solutions)
o :
General,
Tutorial,
New
Dimensions,
Evaluator/Certifier
Workshop,
Technical 5 CC ,
(4) 4 ICCC
o : 2003. 9. 7 ~ 9
o :
o : SWEDAC
o : (Trust for Economic Growth)
o :
, 20 400 , 30
, CCRA
.
(EU)
- 57 -
ENISA(The European
Network Information Security Agency) .
(5) 5 ICCC
o : 2004. 9. 28 ~ 30
o :
o : BSI
o : CC
o :
CC , / , /
, , CC ,
, , , , ,
(6) 6 ICCC
o : 2005. 9. 28 ~ 29
o :
o : IPA
o : CC IT
o :
, ISO/IEC 19791 ,
.
(7) 7 ICCC
o : 2006. 9. 19 ~ 21
o :
- 58 -
CC/CEM 3.1
(8) 8 ICCC
o : 2007. 9. 26 ~ 27()
o :
o : ANS(Autorita Nazionale per la Sicurezza)
. ICCC
(1) 4 ICCC
o : K. Rogers(CygnaCom)
o : CC -
o : S. Katzke (NIST)
o : CC CC
o : N. Naaman()
o : , , -
, - ,
(provision) ,
(2) 5 ICCC
o : M. Donaldon (Decisive Analytics Corp.)
o :
y
y
-IT
- 59 -
y
y
y
( )
(3) 6 ICCC
1)
o : Evaluation of application systems by ISO/IEC TR 19791
o : Hirohisa Nakamura
o :
- ISO/IEC TR 19791 .
-
.
- ,
y
y
y
y
-IT
y
(catalogue)
y
y
y
y
o : ISMS Aspects in Common Criteria Certificates for Development
Sites
o : Dr. Bertolt Krger
o :
- CC ISMS .
- ISMS CC 3.0 ALC .
o : ACO Composition in v3.0
o : David Martin
- 60 -
o :
- CC v3.0 ACO .
- TOE ACO .
o : Deriving Security for Mixed IT System Architectures from
Evaluated Products
o : David Ochel
o :
- , , CC CC
.
o : Business value of the operational system security evaluation for
the integrator and service provider
o : Hiroyuki Kaneko
o :
- .
- CC
.
- CC .
2)
o : Naohisa Ichihara(NTTDATA Corporation, Japan)
o : Success of a smartcard composite TOE evaluation performed by
NTTDATA
o : David Martin(CESG, U.K.)
o : ACO Composition in v3.0, AVA updates in v3.0
o : Ronald Bottomly(U.S. Common Criteria Evaluation and Validation
Scheme, U.S.A.)
o : ADV - v3.0
o : David Martin(CESG, U.K.)
o : ACO Composition in v3.0, AVA updates in v3.0
o : Hirohisa Nakamura(Japan Electronics and Information Technology
Industries Association (JEITA), Japan)
- 61 -
(4) 7 ICCC ( )
o : Dr.Albert Jeng(Taiwan Telecom Technology Center)
o : Analysis of the composition problems in CC v3.0 with some
suggested solutions
o :
- CC 3.1 ACO
, TOE augmentation
- CAP
-
-
o : Francoise Forge(Gemplus)
o : CCV3 Supporting document for composite product evaluation
o :
- CC 3.1
- ,
- (ETR_COMP)
y
y
y ( , , )
y
y
y , ,
y
o : Kai Naruki(IPA)
o : Strategic ST Evaluation/Confirmation
- 62 -
o :
- ST /(confirmation)
- ST / (
, 2005 12)
SW ST/
- SW 42% /
24%, ST
.
- EAL1 2006 5 ASE (29
/ ), 2006 6 ASE, ADV_FSP.1 ADV_RCR.1
.
- 3 ISO/IEC/TR
19791 .
. ICCC
2000 1 ICCC
CCMRA CCRA 2006
7 ICCC . ICCC
CCRA 2005 ICCC
2003
(CAP)
CCRA .
7 ICCC (2006
) . , CC 3.1
. 2005
2006 1 .
[ 2-18] ICCC (ICCC 2005, 2006 ) CC 3.x
- 63 -
[ 2-18] ICCC
ICCC 2005
ICCC 2006
CC 3.X
27
6
29
3
ISO/IEC 19791
3
1
65
61
CCRA CAP( ) , 8
ICCC (2007 9 26~27).
7 ICCC CC v3.1
(CC v3.1 ACO, ADV ),
,
. ,
,
. ,
, (STOE) .
, 5 9 (CCRA)
11 (CAP) .
4.
.
,
CC . CC IT
, IT
. CC IT
IT CC
.
( , , A, B )
- 64 -
.
(1) (ISMS, B)
GB/T 18336-2001(, CC) "IT, , IT "
, //
(CC) &
(C&A) . /
CC CC Part2
, SSE-CMM 5 ,
.
(2) (FTA/SYS, A)
() SYS
SYSn MoD
, HMG IS1 EAL2, EAL3, EAL4
CESG , ITSEC CC
, . SYSn
SYS
. CC/CEM ,
.
() FTA(Fast Track Assessment)
FTA Inforsec Inforsec
(CESG ) ,
- . CESG (, )
, (suitable)
.
- 65 -
FTA (, CC ) ,
.
, .
() (FAA, 5 )
2000 1 National Information Assurance Acquisition Policy, NSTISSP
#11 , 2002 7 (FAA)
CC .
, FAA 18 PP , ,
, CC - (C&A) (,
) .
FAA PP FAA ()
(ISMS)
(KISA)
, , , , ,
.
, ,
, , 5
, .
.
(1)
.
o FISMA &(C&A)
() .
.
o
(ISMS)
.
- 66 -
o : CC, (CMM)
.
o : PP/ST
. 19791 .
(2)
o CMVP, CC
.
o (: ISP )
(ISMS), ,
(CIIP) .
o (: )
(SW) (integration) ,
.
o (operational) ,
.
o , ,
, , , , ,
().
o
(, ; SST) , SST ,
SST .
o SST
.
o : .
( )
, . ,
( SI)
. , CC
/ ,
. ,
/ . ,
.
(3) 19791
o CC
Enhanced CC 19791 .
o 19791 2006 5 TR .
o CC .
o .
- 67 -
o 19791 , SPP/SST,
.
o , 19791
.
o 19791 : (: ISO/IEC 17799, NIST SP
800-53A, )
. , (; SP 800-53A
19791 ).
. CEM
.
[ 2-19]
(
)
ISO/IEC TR 19791
(ISIA)
(ISMS) (KISA) FTA/SYS
FAA
- ()
:
,
, ,
,
,
,
,
- : ,
, - IT - IT
IS, , , - IT : CC
, : CC (CC
,
, ,
)
,
,
, ,
,
,
,
,
- : CC
- : ,
- : CC ,, ,
,
, ,
- : ,
, , , ,
CC CC
, , - ()
)
, , - :
, , ,
, , ,
, ,
)
(
)
- 68 -
FAA
N/A
ST
21
,
, ,
,
,
,
,
)
N/A
N/A
(PP
)
/
EAL1 ~
EAL4
EAL1 ~
EAL4
17799(),
13335()
CC
CC
N/A
N/A
N/A
ML1 ~ ML5 ()
CC, 17799(),
SP 800-53(FISMA),
17799(),
13335(),
13335(),
CMM(), 15443
()
CMM(), IATF
15446(PP/ST
Release 3.1
), IT-BaseLine
()
N/A
N/A
SSP
- 69 -
2003. 10
[9] NIST SP 800-70, "Security Configuration Checklists Program for IT
Products: Guidance for Checklists Users and Developers", 2005. 5.
[10] NIST SP 800-50, "Building an Information Technology Security Awareness
and Training Program", 2003. 10.
[11] NIST SP 800-16, "IT Security Training Requirements: A Role- and
Performance-Based Model", 1998. 4.
[12] NIST SP 800-53A second public draft, "Guide for Assessing the Security
Controls in Federal Information Systems", 2006. 5
[13] NIST SP 800-26, "Security Self-Assessment Guide for IT Systems", 2001.
11.
[14] NIST SP 800-26 Revision 1, "Guide for Information Security Program
Assessments and System Reporting Form", 2005.8.
[15] NIST SP 800-37, "Guide for the Security Certification and Accreditation of
Federal Information Systems", 2004. 5.
[16] NIST SP 800-55, "Security Metrics Guide for Information Technology
Systems", 2003. 7.
[17] NIST SP 800-80, "Guide for Developing Performance Metrics for
Information Security", 2006. 5,
[18] NIST SP 800-64, "Security Considerations in the Information System
Development Life Cycle", 2003. 10.
[19] NIST SP 800-65, "Integrating Security into the Capital Planning and
Investment Control Process", 2005. 1.
[20] http://csrc.nist.gov/publications/nistpubs/index.html
[21] http://csrc.nist.gov/publications/fips/index.html
[22] ISO/IEC TR 15443, Information technology - Security Techniques - A
Framework for it Security Assurance
- 70 -
1
[ 3-1] .
,
.
[ 3-1]
1 ~
4
EAL1
EAL4
- ,
(KCMV)
(FIPS 140-2)
- CC 2.3
- CEM 2.3
(KECS)
- 92
() (06.1
)
(CISSVP)
- ()
(
CC ),
- ISP
- , ,
,
-
-
(8)
- ISP
,
ISMS (02 5)
(ISMS)
- 71 -
7
-
,
3
( , ,
)
(
5 (
, ,
)
, ,
)
(CIIP)
.
o : , ,
()
o : , ,
,
( 3-1) .
.
o CC : ,
o :
(, ) ,
(, ,
). CC
.
o :
BS7799 ISMS
o : (CIIP)
- 72 -
"
'' "
PP
(
)
CC
(PP/ST = TOE ?)
(
)
(TOE)
()
(, )
X
(STOE)
(ISMS)
(ISMS, ICSC, CIIP,
)
( 3-1)
o , ,
, ()
.
o ( ,
, )
.
o -
,
. ,
-.
- 73 -
,
(verification) (,
)
( ) (validation)
. ,
(, ) .
2
. [ 3-2]
.
[ 3-2]
C&A
FISMA
FAA SSP
SYS
FTA
, ,
, , ,
CC , SSP, DID
CC , SYS
CC ,
TSS
ISIA
SRS
CC , PP
- 74 -
. .
o
o (, PP/ST) -
o .
o ISO/IEC 19791 ,
19791 ,
.
o - ( )
o CC(6 , )
, .
o CC
. , , , .
o .
2
1.
(KISSES;
Korean
Information
System
( ) CC
(operational
system)
O-TOE .
KISSES , , (),
(sponsor), , ) /
. ( 3-2) ( 3-4) KISSES ,
SST( ) .
- 75 -
KISSES
/
(19791)
, &
,
( )
( )
(( ) )
( 3-2) KISSES
ST
(SST)
KISSES
(COTS)
(COTS)
(---
( )
(SST = O-TOE
)
()
(O-TOE)
( 3-3) KISSES
- 76 -
(COTS)
/
SPP
SST
TOE , ,
(SST)
(O-TOE)
(KISSES)
SRS-Tool
,
FAA (SPP), FISMA
(SP-60(),
SP-53(),
SP-37(),
FIPS-199()
()
SP 800-53A(),
CEM, CC 3.0, 19791
KISSES
/
.
o : (, O-TOE) (, ST SST)
.
o : (, O-TOE) (, ST)
.
o : O-TOE ( )
(risk) .
KISSES (; , ) ,
,
(KISA)
, /
.
KISA
- 77 -
() . CC
. KISSES
(: KOLAS )
, . KISSES
(,
) .
KISSES ,
. ,
. .
O-TOE (SST) , SST
. ( 3-5) / .
()
(KISA)
O-TOE
( 3-5) KISSES
O-TOE (
)
( 4) ).
.
4) 19791-DTR
- 78 -
()
.
.
.()
/ .
O-TOE / , /
. /
.
2. KISSES
KISSES .
, , , .
.
/ ,
.
/ .
,
.
.
o ( )
o
o
o
o KISSES
o : , ,
KISSES
o
o
- 79 -
o
o KISSES
.
O-TOE .
o
o KISSES
o 19791 KISSES
o
o ()
o (confirm)
o KISSES
o KISSES (certify)
o
o
o (, )
o ,
o (CC, 17799 )
.
, .
CC . KOLAS
.
,
.
.(
- 80 -
) ,
.
.
(,
). , O-TOE ,
.
.
3.
(sponsor) .
O-TOE
. , O-TOE ,
.
(, O-TOE
),
,
. ,
.
.
.
o (SST) . SST O-TOE
( G). , O-TOE
. , SST
.
o , , O-TOE
(, ) .
- 81 -
o ,
.
o ,
.
o KISSES .
o
.
o .
o , (, , )
.
o , SST /
.
o / /
.
o O-TOE /
.
o O-TOE .
O-TOE
.
.
o O-TOE .
o SST
.
o .
o O-TOE
.
o
.
- 82 -
o .
- SST
- 5) (,
, , , )
- O-TOE
- (, , , )
- (composed) O-TOE ,
O-TOE
6)
- O-TOE (effectiveness) (, , ,
)
- , ,
- , ,
-
o O-TOE
o O-TOE
o (,
) .
o
.
o (SEWP)
.
o SST
5) 19791-DTR .
6) CC 3.0 ACO .
- 83 -
.
o .
o .
o .
o O-TOE .
o (6
) .
o O-TOE , SST /
.
o , ,
. ()
o
.
o .
o .
o
.
o
.
-
-
-
- O-TOE
-
- O-TOE / .
o .
- 84 -
4.
O-TOE(, O-TOE )
. ,
(, ) .
O-TOE (, )
.
,
. .
.
o (19791) .
o ,
.
o , .
o /
.
o O-TOE /
.
o O-TOE O-TOE
.
o , O-TOE .
o ,
.
o O-TOE
.
o
- 85 -
.
o .
- (,
, , , ).
- O-TOE
- (, , , )
- O-TOE (effectiveness) (, , ,
)
- , ,
- , ,
-
o O-TOE
o (,
)
o ()
.
o .
o O-TOE .
o O-TOE , /
.
o , ,
.
o (6 )
- 86 -
. ()
o .
o O-TOE
.
o
.
-
O-TOE
O-TOE /
.
(accreditor) .
. O-TOE
,
. .
o ST
o O-TOE
o O-TOE
.
(appointment)
. ,
.
.
KISSES
- 87 -
.
o O-TOE /
o
o /
KISSES .
.
KISSES .
[ 3-3] .
[ 3-3] KISSES
ITSEC
.
O-TOE
O-TOE
,
, ,
O-TOE
O-TOE
O-TOE ,
, ,
,
,
KISSES
/
(,
19791)
KISSES .
,
, ,
(,
- 88 -
5.
KISSES .
SST , [ 3-4] (,
) O-TOE .
.
O-TOE , ,
( ) . ,
. O-TOE
. .
[ 3-4]
( O-TOE )
( O-TOE )
- ( - O-TOE
-
)
- ()
-
""
-
-
-
-
-
- ( -
-
)
-
,
-
- O-T
OE
-
- O-TOE
-
, .
o O-TOE :
- 89 -
- O-TOE
,
o :
o :
/
O-TOE KISSES
. ,
.
.
KISSES
. ,
.
. ,
.
. (SST)
O-TOE
. . ,
,
, , (SSP) .
SST 19791 .
SST .
(, CC)
(, ) .
SST .
.
.
O-TOE , ,
- 90 -
.
. O-TOE
, .
,
()
.
,
,
.
,
.
. ( 3-6) [
3-5] KISSES .
.
SST ,
.
.
.
.
SST
/ .
.
, RFP( ) .
- 91 -
O-TOE
-
-
SEWP
-
()
-
-
- (
)
-
SEWP
- EWP
( )
-
- SST,
-
-
</>
( )
-
-
- (determine)
<>
-
- -
(SST)
-
< >
- PR
- O-TOE
- SEWP
/
<>
-
- SETR
SETR
( )
- CCR
(PR)
CCR
- CCR
-
-
- 92 -
-
- SETR
SETR
- SETR
- ( ) (
)
(PR)
CCR
- CCR
- (PR )
-
-
-
-
SETR
- SETR
CCR
,
CCR
1.
2. SSF
3. SSF
,
1.
2.
3.
4.
5.
6.
1. SSF
2. SSF
3. SSF
4.
5.
6.
7.
8.
1.
2.
1.
2.
3. PP
4.
1. SSF
2. SSF
3. SSF
4.
5.
6.
8.
9.(1,2,3)
1.
2. (1,2,3,4)
1.
2. SSF
3. STOE
- 93 -
1.
2. SSF
3. SSF
1.
2.
3. PP
4.
1.
1.
2. SSF
3.
1. (1,2)
2. (1,2)
3. SSF
4.
1.
1.
1.
1.
2. (1,2,3,4)
4 .
.
.
(, , )
.
- 94 -
, SST,
(SEWP)
. ()
.
.
o
.
o
.
()
,
. ,
.
6.
, (SEPR) .
(, 19791) O-TOE SST
. , O-TOE
SST .
O-TOE SST .
.
,
.
.
(,
19791) 7). ,
O-TOE
- 95 -
.
. , O-TOE
.
.
(interaction)
, .
, .
, /
.
,
.
o : E0 .
o
o O-TOE
.
(, 19791) .
. (,
, , )
, .
KISSES
7) CEM, FIPS 53 .
- 96 -
, .
.
, /
. , , O-TOE
. .
7.
(certification)
.
(issue) .
.
SST
, SEWP .
.
. , KISSES
. , .
, , O-TOE
() .
, .
O-TOE SST , O-TOE
, O-TOE
. , O-TOE
.
O-TOE O-TOE
. ,
. .
- 97 -
, O-TOE
. .
, .( 19791
)
,
.
o SST
o
o
o
. O-TOE ()
. , (, )
.
,
,
. .
,
.
.
.
KISSES
. O-TOE
, .
, ,
.
- 98 -
NSRI , 2003 11
.
[7] ,
, 2004 11.
[8] CC, , 2.3, , 2005 8.
- 99 -
NSRI
1
3 (KISSES)
. KISSES ISO/IEC 19791-TR(2006 5
) NIST SP 800-53A . 19791 (SPP/SST,
, ) , 800-53A
.
H I 19791-TR
800-53A ,
KISSES . (
4-1) ( 4-2) .
19791
()
(
)
SST
SST
19791
- - - - - - :
:
(, )
, (SETR)
, ,
( 4-1)
- 100 -
SST
"Specification"
""
" "
""
/
" "
19791
CC
( 4-2)
KISSES SPP/SST ,
. H .
1. SPP/SST
. PP
SPP SPP SPP
- 101 -
STOE SPP
. SSP .
o ASP_INT: SPP ;
o ASP_CCL: ;
o ASP_SPD: ;
o ASP_OBJ: ;
o ASP_ECD:
o ASP_REQ: ;
o ASP_DMI: ;
o ASP_DMC: ;
o ASP_DMP: ;
o ASP_DMO: ;
o ASP_DMR: .
SPP SPP .
STOE STOE .
STOE STOE .
STOE STOE
- 102 -
(identification) ,
,
.
(2) (ASP_CCL)
o ASP_CCL.1
PP STOE CC CC
(-conformant) (-augmented)
SPP .
(demonstration) .
SPP
.
SPP
- 103 -
SPP
.
SPP SPP
PP
.
(3) (ASP_SPD)
o ASP_SPD.1
STOE .
(tolerated), (accepted), (avoiding), (transferred)
(unacceptable) .
.
, , (adverse) .
OSP .
(4) (ASP_OBJ)
o ASP_OBJ.1
- 104 -
OSP
.
ASP_OBJ.1.5C
OSP
.
ASP_OBJ.1.6C
OSP
.
ASP_OBJ.1.7C
ASP_OBJ.1.8C OSP
(5) (ASP_ECD)
o ASP_ECD.1
CC , ,
.
CC , ,
.
-
.
(6) (ASP_REQ)
- 105 -
o ASP_REQ.1 (stated)
SSF SSA .
o ASP_REQ.2 (Derived)
SSF SSA .
SSF STOE
.
SSA STOE
STOE STOE
SSF SSA
.
(7) (ASP_DMI)
o ASP_DMI.1
, ,
.
- 106 -
/
.
(8) (ASP_DMC)
o ASP_DMC.1
SPP, PP,
.
(-conformant) (-augmented)
.
SPP, PP, .
SPP, PP,
.
SPP, PP,
.
SPP, PP,
SPP, PP, .
(9) (ASP_DMP)
o ASP_DMP.1
- 107 -
(accepted),
(unacceptable) .
.
, , .
OSP .
(10) (ASP_DMO)
o ASP_DMO.1
OSP .
OSP
.
OSP
.
OSP
.
- 108 -
(11) (ASP_DMR)
o ASP_DMR.1 (stated)
SSF SSA .
o ASP_DMR.2 Derived
SSF SSA .
,
.
SSF .
SSA .
SSF SSA
.
. ST
ST(SST : System Security Target)
. SST SST
- 109 -
SPP SST
. SST SPP .
STOE SST .
.
o ASS_INT: SST ;
o ASS_CCL: ;
o ASS_SPD: ;
o ASS_OBJ: ;
o ASS_ECD:
o ASS_REQ: ;
o ASS_TSS: STOE ();
o ASS_DMI: ;
o ASS_DMC: ;
o ASS_DMP: ;
o ASS_DMO: ;
o ASS_DMR: .
SST SST .
STOE STOE .
STOE STOE .
STOE STOE .
STOE STOE
- 110 -
STOE STOE .
STOE STOE .
STOE
STOE .
,
.
,
.
(2) (ASS_CCL)
o ASS_CCL.1
SST .
(-conformant) (-augmented)
SST .
- 111 -
(3) (ASS_SPD)
o ASS_SPD.1
STOE .
. ,
, (adverse) .
(4) (ASS_OBJ)
o ASS_OBJ.1
- 112 -
' ' .
STOE
OSP .
OSP .
OSP .
OSP .
(5) (ASS_ECD)
o ASS_ECD.1
CC ,
.
CC , ,
.
-
.
(6) (ASS_REQ)
o ASS_REQ.1
SSF SSA .
- 113 -
o ASS_REQ.2 (derived)
SSF SSA .
SSF STOE
.
SSF STOE
.
SSF SSA
STOE STOE
.
STOE SSF .
STOE SSA .
- 114 -
(8) (ASS_DMI)
o ASS_DMI.1
, ,
.
/ .
(9) (ASS_DMC)
o ASS_DMC.1
(-conformant) (-augmented)
.
SPP, PP,
ST, .
- 115 -
(10) (ASS_DMP)
o ASS_DMP. 1
.
(accepted) (unacceptable) .
.
, , .
OSP .
(11) (ASS_DMO)
o ASS_DMO.1
OSP
.
OSP
.
OSP
- 116 -
OSP
(enforce) .
(12) (ASS_DMR)
o ASS_DMR.1 (stated)
SSF SSA .
o ASS_DMR.2 (Derived)
SSF SSA .
,
.
SSF .
SSA .
SSF SSA
- 117 -
(13) () (ASS_DMS)
o SSF .
o SSA
2.
.
CC 19791 8) . , CC
, 19791
,
. BS-7799 .
KISSES E 19791-TR
, .
.
[ 4-1] .
CC , (, )
. (19791)
. 5
(, ) .
5 . ,
17799
.
8) CC , 19791 (control) .
- 118 -
[ 4-1] 19791-TR
FOD:
(adm.)
DTR
FOD_POL:
FOD_PSN:
FOD_RSM:
FOD_INC:
FOD_ORG:
FOD_SER:
FOS_POL:
FOS:
FOS_CNF:
FOS_NET:
FOS_MON:
FOS_PSN:
FOS_OAS:
FOA:
FOB:
FOS_RCD:
FOA_PRO:
FOA_INF:
FOB_POL:
FOB_BCN:
- 119 -
1.
2.
1.
1.
2.
1.
1.
2.
1.
1.
2.
3.
4.
5.
1.
2.
1.
2.
1.
2.
3.
4.
1. (authorization)
2.
1.
2.
1.
1.
1.
1.
1.
FOP:
FOT:
FOP_MOB:
FOP_RMM:
FOP_RMT:
FOP_SYS:
FOP_MNG:
FOT_MNG:
FOM_PRM:
FOM:
(mgmt.)
FOM_CLS:
FOM_PSN:
FOM_ORG:
FOM_INC:
1.
1.
1.
1. (equipment)
1.
2.
3.
1.
2.
1.
2. (segregation)
1. (categorization)
2.
1.
2.
1.
1.
3.
.
KISSES 19791 . 19791
CC . AOT_DPT(
), AOT_IND() AOV_VLA() CC
.
.
[ 4-2] 19791-TR .
H .
- 120 -
[ 4-2] 19791-TR
(19791-TR)
1. SPP
ASP_INT: SPP
ASP:
SPP
2. SPP
ASP_CCL:
1.
ASP_SPD:
1.
ASP_OBJ:
1.
ASP_ECD:
1.
1. (stated)
ASP_REQ:
2. (derived)
ASP_DMI:
1. (overview)
ASP_DMC:
1.
ASP_DMP: 1.
ASP_DMO:
ASP_DMR:
1.
2.
1. SST
ASS_INT: SST
2. SST
ASS_CCL:
1.
ASS_SPD:
1.
ASS_OBJ:
1.
ASS_ECD:
1.
1.
ASS_REQ:
ASS:
SST
1.
2.
ASS_TSS: STOE ()
1. STOE ()
ASS_DMI:
1.
ASS_DMC:
1.
ASS_DMP:
ASS_DMO:
ASS_DMR:
ASS_DMS:
- 121 -
1.
2.
1.
1.
2.
1.
AOD_OCD:
AOD_ADM:.
AOD:
1.
2.
1. SSF
2. SSF
AOD_USR: 1. SSF
2. SSF
AOD_GVR:
1.
ASD_SAD:
1.
ASD_IFS: ()
ASD:
ASD_SSD:
ASD_CMP:
ASD_IMP:
ASD_CON.:
ASD_GVR:
1.
1.
1.
1.
1.
1.
AOC_OBM: 1.
2.
AOC_ECP:
AOC:
1.
2.
1. PP
AOC_PPC: PP
2. PP
AOC_NCP 1.
2.
AOT_FUN:
AOT_COV:
1. SSF
1. SSF
2. SSF
1.
AOT:
AOT_DPT:
2.
3.
4.
1. -
2. -
AOT_IND:
3. -
AOT_REG:
1.
- 122 -
AOV_MSU:.
AOV:
1.
2.
1. /
2.
AOV_VLA.
3.
4.
AOL:
AOL_DVS:
1.
2.
1.
ASI_AWA: .
2.
ASI:
ASI_CMM.:
1. SSF
2. SSF
1. STOE
ASI_SIC:
2.
ASO_RCD:
ASO:
ASO_VER:
1.
2.
1.
2.
1. SSF
ASO_MON:
2.
3
1. (EWP)
[ 4-3] 9)
topological sort [ 4-4] 6
.
. , 3
ASD_CMP.1: ASD_CON:
9) (dependency) . , A B
B A .
- 123 -
ASD_SSD: .
.
[ 4-3]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
1 2 3 4 5 6 7 8 9 1011121314151617181920212223 24 25 26
AOD_OCD.1/2
- - X
X
AOD_ADM.1/2
X
AOD_USR.1/2
X
AOD_GVR.1
X X X
- - - ASD_IFS.1
X
ASD_SSD.1
X
X
ASD_CMP.1
X X
ASD_IMP.1
- - X
ASD_GVR.1
X X X
X X
AOC_ECP.1/2
X
AOC_PPC.1/2
X
AOC_NCP.1/2
X
AOT_COV.1/2
X
X
AOT_DPT.1
X
X
AOT_DPT.2
X X
X
AOT_DPT.3
X X X
X
AOT_DPT.4
X X X X
X
AOT_IND.1
X X
X
AOT_IND.2/3
X X
X
X
AOV_MSU.1/2
X X
AOV_VLA.1
X X
X X
- X
AOV_VLA.2/3/4
X X
X X - X
- X
ASD_SAD
ASD_CON
AOC_OBM
AOT_FUN
Topological sort
Loop
(Stage I);
;
I = I + 1;
Until (no-more nodes)
- 124 -
[ 4-4]
3
4
5
6
z AOD_GVR.1: ,
z ASD_GVR.1: ,
z AOC_ECP.1/2: , AOC_PPC.1/2: PP ), AOC_NCP.1/2:
,
z AOT_COV.1/2: , AOT_DPT.1:
, AOT_DPT.2: , AOT_DPT.3:
, AOT_DPT.4: , AOT_IND.1: :,
AOT_IND.2/3: : , ,
z AOV_MSU.1/2: , AOV_VLA.1: / ,
AOV_VLA.2/3/4: ,,
z AOD_OCD.1/2:
z AOD_ADM.1/2: )
z AOD_USR.1/2:
z ASD_IMP.1:
z AOC_OBM:
z AOT_FUN: SSF
z ASD_CMP.1:
z ASD_CON:
z ASD_SSD:
z ASD_IFS:
z ASD_SAD:
2.
.
4 [ 4-5]
.
.
- 125 -
[ 4-5]
(19791-TR)
1.
2. SSF
3. SSF
,
1.
2.
3.
4.
5.
6.
1. SSF
2. SSF
3. SSF
4.
5.
6.
7.
8.
1.
2.
1.
2.
3. PP
4.
1. SSF
2. SSF
3. SSF
4.
5.
6.
7.
8. (1,2,3)
1.
2. (1,2,3,4)
1.
2. SSF
3. STOE
- 126 -
1.
2. SSF
3. SSF
1.
2.
3. PP
4.
1.
1.
2. SSF
3.
1. (1,2)
2. (1,2)
3. SSF
4.
1.
1.
1.
1.
2. (1,2,3,4)
[ 4-6]
1. SPP
1.1 SPP
(ASP_INT)
- SPP
- STOE , , ,
- CC .
2.
2.1 - SPP / , , ,
(ASP_CCL)
STOE, .
- 127 -
- STOE
3. 3.1
-
(ASP_SPD) (ASP_SPD)
- OSP
- STOE,
4.
3.2
- .
(ASP_OBJ)
(ASP_OBJ)
- OSP
-
5. 5.1
-
(ASP_ECD)
(ASP_ECD) - CC , ,
- /(SSF/SSA)
6.1 -
-
- /(SSF/SSA)
6.
(ASP_REQ)
-
6.2
- "" ,
""
- SSF STOE
- STOE
SSF SSA
7.
7.1
- , , ,
(ASP_DMI)
- SPP, PP,
8.
8.1 - / .
- SPP, PP, STOE , , ,
(ASP_DMC)
-
9.
9.1
-
(ASP_DMP)
- OSP
-
- ,
10.
-
10.1
- /
(ASP_DMO)
OSP
- /OSP /
- 128 -
- SSF SSA
11.1
- .
11.
-
(ASP_DMR)
11.2 - SSF SSA
-
[ 4-7]
1. SST
1.1 SST
(ASS_INT)
- SST , STOE , , ,
- SST
2.
2.1
(ASS_CCL)
- SST
- STOE
3. 3.1
-
(ASS_SPD)
- OSP
- STOE
4.
4.1
(ASS_OBJ)
- ,
- STOE
OSP
- /OSP /
-
5.
5.1
- CC ,
(ASS_ECD)
- 129 -
- SSF SSA
6.1 -
6.
(ASS_REQ)
- SSF SSA
-
6.2
- SSF STOE
7. STOE 7.1 STOE - STOE SSF
(ASS_TSS)
- STOE SSA
8.
8.1
- , ,
(ASS_DMI)
- SPP, PP, ST,
-
9.
9.1
- , ,
(ASS_DMC)
SPP, PP, ST,
-
10.
10.1
-
(ASS_DMP)
- OSP
-
11.
-
11.1
(ASS_DMO)
-
/OSP / .
12.1 - SSF SSA .
-
-
12.
- SSF SSA
(ASS_DMR) 12.2
-
- ,
- SSF
13.
13.1
- SSA
(ASS_DMS)
- 130 -
[ 4-8]
- STOE
- STOE
1.1
-
-
- STOE
1.
(AO
D_OCD)
- STOE
1.2
-
- STOE
-
- STOE
2.1
-
- STOE
2.
(AOD_ADM)
-
- STOE
-
- STOE
-
2.2
- STOE
-
-
- 131 -
- STOE
-
3.1 - STOE
3.
(AOD_USR)
- STOE
.
-
3.2 .
- STOE
4.
4.1
(AOD_GVR)
-
.
- ,,
.
[ 4-9]
- ,
1.
1.1
-
(ASD_SAD)
- -
2.
2.1 -
()
(ASD_IFS)
-
- , ,
3.
3.1
-
(ASD_SSD)
-
- 132 -
- , ,
4. 4.1
-
(ASD_CMP)
-
-
-
5.
5.1
(ASD_IMP)
-
HW, , SW
- ,
6. 6.1 - (, )
(ASD_CON)
- SSF SFRs
7.
- ,
7.1
(ASD_GVR)
[ 4-10]
- CM STOE , ,
1.1
- CM
1.
- CM STOE , ,
(AOC_OBM) 1.2
- CM
- 133 -
- CM
2.1
-
ST
2.
- CM
- CM
(AOC_ECP)
2.2
-
ST
- CM
- CM PP
3.1
3.
PP
-
(AOC_PPC)
ST
- CM .
4.1 - CM
4.
- CM
4.2 - CM
(AOC_NCP)
- CM
.
[ 4-11]
- SST
-
1.
1.1
(AOT_FUN)
-
-
-
- 134 -
- ()
2.1 SSF
- SSF
2.
- ()
(AOT_COV)
SSF
2.2
- ()
SSF
3.1 :
-
SSF
3. 3.2 : - ,
SSF
(AOT_DPT) 3.3 : - ,
SSF
3.4 : - ,
SSF
4.1 - TOE
- STOE
4. 4.2 -- / SSF
(AOT_IND)
- STOE
4.3 - / SSF
- ,
-
5.
5.1
(AOT_REG)
-
.
- /
SSF
-
- 135 -
[ 4-12]
- STOE ( / )
1.1 - , ,
-
1.
(AOV_MSU)
-
- STOE
1.2
-
-
2.1 /
- STOE
2.2 - STOE
2.
- STOE
(AOV_VLA) 2.3
2.4
-
- STOE
- STOE
(address)
- 136 -
[ 4-13]
- , ,
1.1
- STOE
(follow)
1.
- STOE , ,
(AOL_DVS) 1.2 , , ,
- STOE
(follow)
[ 4-14]
1.1 -
- , , ,
1.
(ASI_AWA)
1.2 -
- , , ,
2.1
2.
(ASI_CMM)
2.2
-
- , ,
-
- , ,
3.1 - STOE
3.
3.2
- STOE
(ASI_SIC)
- 137 -
[ 4-15]
1.1 -
1.
- , ,
(ASO_RCD) 1.2 -
- , ,
-
2.1
- , ,
2.
(ASO_VER)
2.2 -
- , ,
3.1 -
3. - , ,
(ASO_MON) 3.2 -
- , ,
3. (53-A)
NIST SP 800-53A . [
4-15] SP 800-53A . SP
800-53A I . , [ 4-16] SP
800-53A . 19791
. , 19791 800-53A
.
[ 4-16] NIST SP 800-53A
FOD:
(adm.)
ISO/IEC TR 19791
FOD_POL:
1.
SP 800-53A
Enhaced-CC
AC-1,AT-1,CA-1
2.
PPD_DSP,
PPD_RAR
-
FOD_PSN:
1.
AC-5,PS-2,
PPS_DIS,
PPS_PSP
FOD_RSM:
1.
RA-1
PSI_DSO,
PSI_PSP
- 138 -
2.
PS-7
FOD_INC:
1.
IR-1,IR-2,IR-3,IR4,IR-5,IR-6,IR-7
FOD_ORG:
1.
AU-1
FOD_SER:
FOS:
2.
1.
1.
FOS_POL:
FOS_CNF:
FOS_NET:
2.
3.
4.
5.
1.
FOS_PSN:
FOS_OAS:
FOA:
FOS_RCD:
FOA_PRO:
FOA_INF:
PEM_SEL,
PEM_DET,
PEM_RTE,
PEM_REC,
PEM_REA
PPD_RAR,
PSI_DSO
SA-1,SA-2,SA-3,
SA-4,SA-5,SA-6,
SA-7,SA-8
SI-3
SC-18
IA-7,SC-12,SC-13
SA-10,SA-11
PPD_ASC
FMT_MSA
PCM_DEV,
PCM_INT
2.
CM-1,CM-2,CM3,CM-4,CM-5,C
M-6,CM-7
CP-8,SC-10,SC-2
0,SC-21
CA-3,SC-5,SC-7,
SC-8,SC-9,SC-11
AU-2,AU-1,AU-2,
AU-3,AU-4,AU-5,
AU-6,AU-7,AU-8,
AU-9,AU-11
SI-5
SI-4
AC-2,AC-3,AC-6,
AC-8
IA-1,IA-2,IA-4,IA
-5,IA-6
AC-11,AC-12,SA6,SA.7
CP-5
1.
AU-3, PE-8
PBC_CON
1.
PL-5
PAD_OWN
1.
AU-9,MP-1,MP-2,
MP-3,MP-4,MP-5,
MP-6
2.
1.
2.
1.
FOS_MON:
2.
3.
4.
1.
(authorization)
2.
1.
- 139 -
PPS_PSM,
PSP_PSP
PAD_TYP,
PAD_ASA,
-
FOB:
FOP:
FOT:
FOM:
(mgmt.)
FOB_POL:
FOB_BCN:
1.
FOP_MOB:
FOP_RMM:
FOP_RMT:
FOP_SYS:
FOP_MNG:
1.
1.
1.
AC-6
PAD_ASA,
PAD_CTS
1.
1.
(equipment)
1.
CP-2,CP-10,IR-4
AC-19
MP-6
MIA-4
MA-1,MA-2,MA3
PE-1,PE-2,PE-3
2.
3.
1.
2.
1.
2.
(segregation)
1.
(categorization)
2.
PE-6,PE-9,PE-11
SC-7
SA-9
SA-7
IA-7
AC-6
AC-16
AU-11,SI-12
PAD_TYP,
PAD_OWN,
PAD_CCA
FOM_PSN:
1.
2.
PS-4,PS-5
PAD_OWN
PPS_PSM,
PPS_PSP
FOM_ORG:
FOM_INC:
1.
AT-1,AT-2,AT-3,
AT-4
PSI_DSO,
PSI_DFR
AU-7,IR-6
FMT_MOF
FOT_MNG:
FOM_PRM:
FOM_CLS:
1.
AC-1
AC-2
AC-3
AC-4
AC-5
AC-6
AC-7
AC-8
AC-9
(Access Control) :
(Access Control Policy and Procedures)
(Account Managemen)t
(Access Enforcement)
(Information Flow Enforcement)
(Separation of Duties)
(Least Privilege)
(Unsuccessful Login Attempts)
(System Use Notification)
(Previous Logon Notification)
- 140 -
- 141 -
Contingency Planning :
(Contingency Planning Policy and Procedures)
(Contingency Plan)
(Contingency Training)
(Contingency Plan Testing)
(Contingency Plan Update)
(Alternate Storage Sites)
(Alternate Processing Sites)
(Telecommunications Services)
(Information System Backup)
(Information System Recovery and
CP-10
Reconstitution)
(Identification and Authentication) :
- 142 -
PE-3
PE-4
PE-5
PE-6
PE-7
PE-8
PE-9
PE-10
PE-11
PE-12
PE-13
PE-14
PE-15
PE-16
PE-17
PE-18
PE-19
PL-1
PL-2
PL-3
PL-4
PL-5
PL-6
PS-1
PS-2
PS-3
PS-4
PS-5
PS-6
PS-7
PS-8
RA-1
RA-2
RA-3
RA-4
RA-5
SA-1
SA-2
SA-3
SA-4
SA-5
SA-6
- 143 -
SA-7
SA-8
SA-9
SA-10
SA-11
4.
- 144 -
CC .
. , 19791
CEM .
[ 4-18] CEM .
, CEM
.
[ 4-18]
ISO/IEC TR 19791
(19791-TR)
CEM
1. SPP
APE_INT.1
ASP_INT: SPP 2. SPP
APE_INT.1
ASP_CCL:
1.
ASP_SPD:
1.
ASP_OBJ: 1.
APE_OBJ.1
RA-2
RA-1
1. (stated)
APE_REQ.1
SA-1,SA-2,S
A-3,SA-4,S
A-5,SA-6,S
A-7,SA-8
2. (derived)
SA-1,SA-2,S
A-3,SA-4,S
A-5,SA-6,S
A-7,SA-8
ASP_DMI: 1.
(overview)
1.
1.
ASP_REQ:
ASP_DMC:
ASP_DMP:
ASP_DMO:
ASS:
SST
53A
ASP_ECD: 1.
ASP:
SPP
Enhanced
CC
1.
ASP_DMR: 1.
2.
1. SST
ASE_INT.1
ASS_INT: SST 2. SST
ASE_INT.1
ASS_CCL:
1.
ASS_SPD:
1.
- 145 -
ASE_ENV.1
AST_PPP
AST_PPP
ASC_PPO
AST_SCI
RA-2
ASS_OBJ: 1.
ASE_OBJ.1
ASS_ECD:
1.
ASE_SRE.1
ASS_REQ:
SA-1,SA-2,S
A-3,SA-4,S
A-5,SA-6,S
A-7,SA-8
SA-1,SA-2,S
A-3,SA-4,S
A-5,SA-6,S
A-7,SA-8
1.
ASE_REG.1
2.
ASE_REQ.1
1. STOE () ASE_TSS.1
1.
ASS_TSS: STOE
()
ASS_DMI:
ASS_DMC:
RA-1
1.
ASS_DMP: 1.
2.
ASS_DMO:
1.
ASS_DMR: 1.
2.
ASS_DMS: 1.
1.
AOD_OCD:
2.
1.
AOD_ADM:.
SSF
AOD:
2.
SSF
1.
AOD_USR:
SSF
SSF
2.
AOD_GVR:
1.
ASD_SAD:
1.
ASD_IFS: 1.
()
ASD_SSD: 1.
ASD:
ASD_CMP: 1.
ASD_IMP: 1.
ASD_CON.: 1.
- 146 -
AST_PPP
AST_PPP
ACM_CAP.1 ASC_PPO
CM-1
ACM_CAP.2
CM-2
AGD_ADM.1 AGD_ADM
SA-1,SA-5
AGD_ADM.1
SA-1, SA-5
AGD_USER.
AGD_USR
1
AGM_USER.
AGD_USR
1
-
SA-1,SA-5
SA-1,SA-5
SA-1,SA-5
ADV_HLD.1 ASD_SAD
SA-8
ADV_FSP.1
SA-5
ASD_IFS
ADV_HLD.2 ASD_SSD
ADV_IMP.1
-
ASD_CMP
CM-2
ASD_IMP
CM-2
ASD_COM
RA-2
ASD_GVR:
1.
AOC_OBM: 1.
2.
1.
AOC_ECP:
2.
AOC:
1. PP
AOC_PPC: PP 2. PP
1.
AOC_NCP
2.
AOT_FUN:
1. SSF
AOT_COV: 1. SSF
2. SSF
1.
2.
AOT_DPT:
AOT:
3.
AOT_IND:
ACM_CAP.1 AST_PPP
CM-1
ACM_CAP.2 AST_PPP
CM-2
ADO_IGS
ADO_IGS
ASE_PPC.1
ASE_PPC.1
ATE_EUN.1
ATE_FUN
ATE_EUN.1
ATE_COV
ATE_EUN.1
ATE_COV
AOT_DPT.1
ATE_DPT
AOT_DPT.1
ATE_DPT
AOT_DPT.1
ATE_DPT
ATE_DPT
1.
AOL:
AOL_DVS:
2.
ASI_AWA: . 1.
2.
- 147 -
RA-3
SA-5
ATE_IND
SI-6
ATE_IND
SI-6
ATE_IND
SI-6
PE-18
AVA_MSU.1 AVA_MSU
SA-5
AVA_MSU.2 AVA_MSU
RA-5
1. /
AVA_VLA.1 AVA_VLA
AVA_VLA.2 AVA_VLA
2.
AOV_VLA.
3.
AVA_VLA
4.
ASI:
CM-3
4.
AOT_DPT.1
1. -
ATE_IND.1
2. -
ATE_IND.2
3. -
AOT_REG: 1.
1.
AOV_MSU:.
2.
AOV:
ADV_LLD.1 ASD_RCR
AVA_VLA
ALC_DVS.1
ALC_OPS
ALC_DVS.1
ALC_OPS
RA-5
RA-5
RA-5
RA-5
MA-1,MA-2
MA-3,PL-1,P
L-2,PL-3
-
AT-1,AT-2,A
T-3
AT-4
ASI_CMM.:
ASO:
1. SSF
PS-1,PS-3
2. SSF
PS-6,
IA-1,IA-2,IA5,IA-6
1. STOE
ASI_SIC:
2.
ASO_RCD: 1.
2.
1.
ASO_VER:
2.
1. SSF
ASO_MON:
2.
- 148 -
ADO_DEL
SA-6,SA-7
ADO_DEL
SA-7
AST_SOT
AU-3, PE-8
AU-6,AU-7
SC-13,SI-6
AST_SOT
SC-13,SI-6
AU-2,AU-3,A
U-5
AU-6,AU-7,A
U.9,AU-11
1 PP/ST
1.
, (SW) SW
(, , )
(, ) ,
(requirement analysis) .
(requirement specification)" .
SW
.
, (: , VPN, IDS)
(PP),
(ST) . CC ITSEC
. PP ST .
o (, , )
o .
o , .
o .
o ()
.
, 10)( )
10) , (operational system) (application system) .
- 149 -
(: , , , )
PP/ST
. ,
PP (SPP),
ST (SST) .
SPP/SST PP/ST .
o SPP/SST 1
(PP ).
o .
o , .
o SPP/SST .
o .
o (, , ) PP/ST
.
PP/ST ,
SPP/SST .
. , PP/SS SSP/SST
SSP/SST
.
2. SPP SST
. FAA SPP
(1)
2000 1 National Information Assurance Acquisition Policy, NSTISSP
#11 , 2002 7 (FAA)
CC .
, FAA 18 PP , ,
, CC - (C&A) (,
) .
- 150 -
FAA PP FAA ()
.
o , ,
o (what)
o
o
SPP PP , SPP
, SPPT (NAS) FAA
, CC ,
, .
(2)
FAA PP 18 .
o : (a) Mission Critical (NAS), (b) Mission Support/Administrative
o : (a) Wide Area Network (WAN), (b) Local Area
Network (LAN)/Facility Communications, (c) Applications System
o : (a) High Risk/Critical System, (b) Moderate Risk/Essential System,
(c) Low Risk/Routine System. ,
NAS-SR-1000 3.8.5 FIPS PUB 199 .
FAA PP .
o : NAS-SR-1000 3.8.5 10
( ) PP
- 151 -
. , 10 ,
, , , , , , ,
.
o FAA : CC FAA
83%(=20/24) , CC
NIST SP 800-37 C&A 65.5%(=19/29) .
o (SOW) (DID) :
, DID
, , , ,
, , .
. SPP
(1) Digital Bond Control Center Protection Profile (CCPP 0.5)
2004
NIST
PCSRF
(Process
Control
Security
Requirements Forum) , PP . (
5-1) CCPP . ,
, . ,
CCPP PP Field Device
Protection Profile FDPP) .
- 152 -
( 5-1) CCPP
. ISO
, SPP SST , SPP
.
o
o ,
o , , ,
- 153 -
-
MMI)
,
,
(actuator)
(disturbance)
( 5-2) NIST PP
. SRS
(1) SRS
2003 2005 PP
SRS (security requirement specification)
11).
SRS PP
(RFP) (, )
. SRS (SRS-Process)
(SRS-Tool) .
11) , , 9
(SIS)-2004, pp. 477-498, 2004 7.
y , , NSRI , 2003 11.
y , , NSRI , 2004
11.
y Sang-soo Choi, Soo-young Chae, and Gang-soo Lee, SRS-Tool: A Security Functional
Requirement Specification Development Tool for Application Information System of
Organization, Lecture Notes in Computer Science(LNCS), Vol. 3081, Part 2, pp.458-467,
May. 2005 (ISSN 0302-9743).
- 154 -
-,
, .
SRS .
o (: ) SRS ,
.
o SRS-Process SRS-Tool SRS
SRS .
o
.
o 15 CC PP
.
o SRS
.
o SRS
, SRS . (
5-3) SRS . , , ,
- 155 -
,
,
(H/M/L)
(H/M/L)
(H/M/L)
SRS
(H/M/L)
CC
( 5-3) SRS
SRS .
o SRS : ()
, (, , , , , )
,
SRS
o : SRS
SRS .
o ( )
o ()
o
o (HW, SW, , SW) (
)
o
o (IT, )
o
o ( )
- 156 -
. ,
, , ,
, CC PP
. SRS-Tool .
SRS-Tool 2006 3.0 .
.
(TC260) WG5
Information technology - Security techniques - Evaluation criteria for
information systems security assurance (ISIA .) 2005 3
ISIA
CC
(,
),
ISO/IEC-19977 (, ) SSE-CMM
(, )
.
ISIA ISPP ISST . PP/ST
, () .
, ISST ISPP 2 .
. 19791 SPP/SST
(1) 19791 SPP
() SPP
2005 6 ISO/IEC DTR 19791( 19791-3 ),
. SPP O-TOE
. [ 5-1] PP SPP .
- 157 -
[ 5-1] PP SPP
PP
PP (PPP)
19791-3 SPP
IT
(,
OSP,
)
- ,
- IT (, ) ,
TOE
IT
/ ,
() SPP
SPP SPP
- .
. SPP .
o (O-TOE)
o , O-TOE
.
o SPP () SPP O-TOE
.
o SPP SPP .
o STOE SPP ,
- 158 -
, ,
, , .
1 ,
. ,
,
.
.
2) : SPP SPP PP
. SPP SPP PP
.
3)
o (OSP): , , ,
(, (ISA) (MOU)
o : SPP
, O-TOE
.
4) : (,
) (,
) .
5) :
.
.
- 159 -
o ,
o SPP
o SPP
o , SPP
,
o SPP ,
o , ,
,
o , ,
,
o O-TOE
6) SPP : SPP .
7) : SPP
.
o
o
o
o
- 160 -
o
o
(2) ST (SST)
SST SPP . [ 5-2] [ 5-3] CC ST 19791 SST
O-TOE .
[ 5-2] ST
CC ST
O-TOE
19791 SST
- STOE IT
TOE
-
-
STOE IT
IT
- STOE STOE IT
-
TOE
STOE
PP
SPP, PP / ST
IT/
OSP
IT
TOE
- 161 -
- IT
-
SPP, PP / ST
[ 5-3] ST SST
ST
19791 ST (SST)
CC ST
IT: - .
- (, , )
- IT ( ) ,
TOE
IT
, ,
IT
(; )
-
-
3.
SPP/SST CC PP/ST
, (, ,
) .
[ 5-4] SPP/SST .
- 162 -
[ 5-4] SPP/SST
y
FAA SPP
y
Digital Bond CCPP 0.5 y
NIST SPP for ICS 1.0
y
y
SRS
y
y
ISPP/ISST
y
y
19791 SPP/SST
18 PP
(: PP, PP )
SRS
, ()
( )
SPP/SST
SPP/SST CC PP/ST
. [ 5-5] [ 5-6] SPP SST
.
[ 5-5] SPP
CC v2.2
1. ST
a. ST
b. ST
c. CC
2. TOE
3. TOE
a.
b.
c.
4.
a. TOE
b.
5. IT
a. TOE
b. IT
6. TOE
a. TOE
b.
7. PP Claim
a. PP
b. PP
c. PP
8.
a.
b.
c. TOE
d. PP Claim
1. ST
a. ST
b. TOE
c. TOE
d. TOE
2.
a. CC Claim
b. PP Claim
c. Claim
3.
a.
b.
c.
4.
a. TOE
b.
c.
d.
5.
a.
6.
a.
b.
c.
7. TOE
a. TOE
- 163 -
CC v2.2
1. PP
a. PP
b. PP
2. TOE
3. TOE
a.
b.
c.
4.
a. TOE
b.
5. IT
a. TOE
b. IT
6. PP
7.
a.
b.
19791-1 SPP
1. SPP
a. SPP
b. SPP
2.
3.
a.
b. (OSP.
c.
4.
a.
b.
5.
6.
a.
b.
a. PP
b. TOE
2.
a. CC
b. PP Claim
c. Claim
3.
a.
b.
c.
4.
a. TOE
b.
c.
d.
5.
a.
6.
a.
b.
c.
19791-2,3 SPP
1. SPP
a. SPP
b. SPP
2. (conformance claims)
3.
a.
b.
4. (security objectives).
5. (security requirements)
6. SPP (SPP rationale)
7.
, , ,
,
- 164 -
ISPP
1. PP
PP
PP
2. TOE
PP/ST
-
- ,
-
-
-
-
-
-
-
3. TOE
4.
TOE
5.
6. PP
7.
NIST SPP
NIST System PP (SPP for
ICS 1.0.. 004 4, 1.0
1. disturbance
1.1 SPP
1.2 SPP
2. STOE
2.1 STOE
2.2 STOE
2.3
2.4
3. STOE
3.1
3.2
3.3
4.
4.1 STOE
4.2
5.
5.1 STOE
5.2
6.
6.1 STOE
6.2 STOE
6.3
6.4 -
7. SPP
7.1 SPP
7.2 SPP :
7.3 SPP : SPP
7.4 SPP : SST
8.
8.1
8.2
8.3
8.4
8.5
- 165 -
[ 5-6] SST
CC v2.2
1. ST
a. ST
b. ST
c. CC
2. TOE
3. TOE
a.
b.
c.
4.
a. TOE
b.
5. IT
a. TOE
b. IT
6. TOE
a. TOE
b.
7. PP Claim
a. PP
b. PP
c. PP
8.
a.
b.
c. TOE
- d. PP Claim
19791-1 SST
1. SST
a. SST
b. SST
2.
3.
a.
b. (OSP)
c.
4.
a.
b.
5.
6.
7. SSP
8.
a.
b.
c.
d. SPP
1. ST
a. ST
b. TOE
c. TOE
d. TOE
2.
a. CC Claim
b. PP Claim
c. Claim
3.
a.
b.
c.
4.
a. TOE
b.
c.
d.
5.
a.
6.
a.
b.
c.
7. TOE
a. TOE
19791-2,3 SST
1. SST
a. SST
b. SST
2. (conformance claims_
3.
a.
b.
4.
5.
6. STOE
7. SST (SST rationale)
8. : ,
, , , ,
,
- 166 -
1. PP
PP
PP
2. TOE
PP/ST
-
- ,
-
-
-
-
-
-
-
SST
3. TOE
4.
TOE
5.
6. TOE
7. PP
8.
9.
TOE
4. SPP/SST
.
SPP/SST . (
5-4) SPP
SPP ,
. (; . SPP
SST(
) . SST
.
, SST
. SST
/, , .
- 167 -
, ,
()
,
,
CC ,
CC
SPP
SPP
PP
PP
SST
(SPP)
SPP
( 5-4) SSP/SST
(1)
ISO/IEC TR 19791 (operational) Enhanced
CC(2004 12), WE 19791(2003 7), PDTR 19791(2004.12)
CC 19791 ,
19791 . ,
( K
).
(2) SPP/SST
19791 19791 SPP/SST
. 19791 SPP/SST .
(3) SPP/SST
. SPP/SST (SRS-Tool)
12) (), PP , :
, , 2005 11.
(), , : , ,
2004 11.
- 168 -
[ 5-7] SRS-Tool
Intel Pentium 2.54GHz PC
768MB DDR RAM
120GB HDD
Windows (98/ME/2000/XP)
Power Script
Power Builder 9.0
3.51.07
5-5)
SRS-Tool
DB
Intel Pentium 2.54GHz PC
768MB RAM
120GB HDD
Windows (98/ME/2000/XP)
Power Script
Power Builder 9.0
MySQL 4.0.18 for Windows
2000/XP
MySQL ODBC Driver Version
3.51.07
()
SRS-Tool .
o :
o :
, SRS
o SRS CC , CC
- 169 -
[ 5-8] SRS-Tool
//
/
PKB
PKB
PKB
PKB
PKB
/ (SOF) (EAL)
SRS
SRS
SRS-Tool
(b)
(c)
( 5-5) SRS-Tool
5.
. , CC
- 170 -
. SPP/SST .
SPP/SST ,
19791 , ,
19791 SPP/SST . , SPP/SST
SRS-Tool .
(TOE) .
o (Product TOE; P-TOE): CC .
P-TOE
o (Operational TOE; O-TOE): 19791
P-TOE C-TOE ( ) ,
O-TOE , , , . ,
. C-TOE
() , O-TOE
. , O-TOE
. ,
TOE .
- 171 -
( ST)
(---
(COTS)
(COTS)
(COTS)
( 5-6) , TOE
1.
ICCC-2005 Kurth & Karger
.
o
o
o
o
o
, .
o : ,
.
o : ,
, ,
, .
o : , ,
- 172 -
,
, .
.
(, ) . ,
. ACO E
.
(1) CAP
CC EAL1 ~ EAL7 ,
TOE(C-TOE) 3 . CAP-A, CAP-B, CAPC
.
, (:
). ,
.
o CAP-B ( ) : TOE
,
. ,
.
, TOE , ,
.
13) Albert B. Jeng and Yu-Min Yu, Analysis of the composition problems in CC v3.1 rev.1
with some suggested solutions, ICCC 2006, , 2006.9.
- 173 -
o CAP-C ( , ) : TOE
.
.
TOE,
,
.
CAP-A
CAP-B
ACO_COR.1
ACO_CTT.1
ACO:
AGD:
ALC:
CAP-C
ACO_CTT.2
ACO_DEV.1
ACO_DEV.2
ACO_DEV.3
ACO_REL.1
ACO_REL.2
ACO_VUL.3 -
ACO_VUL.2
ACO_VUL.1
AGD_OPE.1
AGD_PRE.1
ALC_CMC.1 TOE
ALC_CMS.2 TOE CM
ASE_CCL.1
ASE_ECD.1
ASE_INT.1 ST
ASE:
ST
ASE_OBJ.1
ASE_REQ.1
ASE_OBJ.2
ASE_REQ.2
ASE_TSS.1 TOE
ASE_SPD.1
()
(2) ACO
[ 5-10] CC 3.1 CAP
- 174 -
-
ACO_COR.1
.
- -
ACO_DEV.1 . -
.
- -
.
ACO_DEV.1 -
. ,
ACO_DEV
- TSF -
.
- -
.
ACO_DEV.3 -
. -
-
TSF
.
ACO_REL.1 - -
. C-TOE
ACO_REL
ACO_REL.2 . TOE
TSFI ,
C-TOE -
.
ACO_CTT.1 - -
ACO_CTT
.
TOE ACO_CTT.2
- -
ACO_COR
ACO:
ACO_VUL.1
ACO_VUL.2
ACO_VUL
ACO_VUL.3
-
- 175 -
AGD:
TOE
(, , TOE , TOE
)
. TSF
AGD_OPE AGD_OPE.1 .
TSF , -
, - .
.
AGD_PRE
TOE
AGD_PRE.1 .
TOE
(transition) .
ALC:
ALC_CMS.2
, TOE
ASE_CCL ASE_CCL.1 . , ST
PP .
ASE_ECD ASE_ECD.1 CC (ST
)
.
ASE_INT
ASE_INT.1 3 (TOE , TOE , TOE )
ST
ST
TOE
ASE_OBJ.1
ASE_OBJ
(ASE_SPD)
.
ASE_OBJ.2
ASE:
ST
ASE_REQ ASE_REQ.1
SFR , -
. , TOE
ASE_REQ.2 , .
ASE_TSS
ASE_TSS.1
TOE
TOE
TOE
.
(3)
ITSEC , - -
,
- 176 -
.
o -: , , OS, (peer)
o -: , , SW,
) . C-TOE
, ST C-TOE
.
: ( 5-7)
. , a b
. .
b (, ST FIA SFR )
, a .
, .
E
E
TSF-a
ACO-REL
(-a)
ADV-FSP
(-b)
TSFI-b
C
TSF-b
- -a
-TSF-a
ACO-DEV
(-b)
D
-TSF-b
D
- -b
( , , , )
( 5-7)
- 177 -
. CC 3.1 - -
ITSEM 3 .
D .
()
o P :
o 2 (I/F): ( I/F),
( I/F)
o :
o
() -
C1 C2 .
I/F C1 . C2 C1 I/F
. , . ( 5-8-(a))
.
(b) -
(a) -
- 178 -
(c)
( 5-8)
() -
C1(: DBMS) C2(: ) .
C1 C2 I/F (VMM) I/F
()
C1 C2 , C2 C1
()
C3 C1 C2 . C3 P3(, C3
) , C1 C2 . C3 ()
.
[ 1] C1 (, P1 True) (C1 C2
)
[ 2] C2 (, P2 True) (C1 C2
)
[ 3] C1 I/F = C2 I/F
[ 4] P3 = P1 P2
[ 5] P2 C2 True .
C2 P2 .
- 179 -
[ 6] P1 C1 True .
C1 P1 .
[ 7] C2 P1 .
[ 8] C1 , C2 .
(2) 19791
.
o . ,
()
.
o .
o .
.
o .
o
.
19791, ,
,
, , ()
.
. O-TOE
C-TOE .
- 180 -
1
. , PP/ST . ,
.
(3) CC (ADV )
o ADV_FSP(TSFI ) TOE (boundary) (TSF)
(TSFI) .
o ADV_IN.() TOE . TSF
SFR-(enforcement) TSF SFR-
. TOE 1 1
.
C-TOE
PP/ST( PP ST )
.
o IT TOE( )
PP/ST. C-TOE
(: -IT , PP/ST
14) Guide for the protection profile and security targets, ISO/IEC PDTR 15446, Version 0.9,
January 4, 2000.
- 181 -
.)
:
o ST
, C-TOE ST . , C-TOE ST ,
.
o C-TOE PP
PP . C-TOE PP
. , C-TOE ST PP
.
.
C-TOE PP/ST C-TOE
. E .
(5) CCEVS
ETR . ST
VR(Validation Report) .
. D .
o
(ST,
VR)
CRD(Composition
Requirements
Definition) .
( ) .
o TOE (HLD) (LLD)
.
o "" (
- 182 -
).
o
o TOE
o TOE
CRD .:
o
o
o .
,
. (
) .
.
o
. .
o CRD
2.
- 183 -
.
(C-TOE)
1 (
)
.
C-TOE = <COM, REL>
o REL: REL = {-, }
o COM = { I/F, ST } = { I/F, {AS, PO, TH, SO, SF, EAL} }
COM: (COM1, COM2)
I/F: COM
ST: COM ((AS), (PO), (TH),
- - .
-(BCOM) (DCOM) .
BCOM
DCOM
()
BCOM
o
- .
.
-
(DCOM)
TSF-a
(I/F)
TSF-a
-TSF-a
-
(BCOM)
-TSF-a
(a)
- 184 -
DCOM
(COM1)
TSF-a
(I/F)
TSF-a
-TSF-a
(COM2)
-TSF-a
(b) (peer)
( 5-9)
COM ST
. , , , ,
. COM .
.
o [ 1] .
C-TOE ,
, .
o [ 2] C-TOE
.
CC.3.1 ( 5-9) 4
, - -
[ 5-11] 16 .
16 4
- 185 -
. I/F ( 5-8) ~ .
o I/F : I/F
o I/F : I/F (- ). I/F
( )
o I/F : I/F
o I/F : I/F
[ 5-11] (- )
#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
- 186 -
I/F
( 5-8)
I/F
O
X
O
X
O
X
O
X
O
X
O
X
O
X
O
X
[ 5-12] 4 (- )
O
O
O
O
O
O
#
1
5
3
7
9
13
11
15
I/F
- , .
o (-) : I/F I/F
o (-): - .
o (-): - . .
o (-): - .
.
o
, .
o (-) :
o (-): - .
o (-): - . .
o (-): - .
.
,
o [1] EAL1 -(OS) EAL4 -(
) C-TOE EAL1. ()
o [2] EAL4 -(OS) -(
) , - (EAL2) C-TOE
EAL2 . , . ( )
o [3] -(OS) EAL4 -(
- 187 -
) , - (EAL2 ) C-TOE
EAL2. .( )
o [4] -(OS) -(
) , .
( )
.
ITSEM CC 3.1 .
.
.
(1)
1964 Petri net
.
( ) (executable)
UML activity diagram
.
1992
( , ) ,
15). (
5-10) .
(2)
o (security block-diagram: SBD)
NODE
()
15) Gang-soo Lee, Jin-seok Lee, Petri Net based model fpr Specification and Analysis of
Cryptographic Protocols, Journal of Systems Software, Vol. 37, 1997, pp. 141-159.
- 188 -
EDGE NODE (, ) .
o SBD
(: ) .
o RBD Fault Tree
16) ,
.17)18)19)
o Fault Attack Tree
20).
16)
17)
18)
19)
20)
http://BlockSim.ReliaSoft.com.
http://www.reliasoft.com/newsletter/3q2002/rbd.htm
http://www.isograph-software.com/rwboverrbd.htm
http://www.mtain.com/relia/relmod.htm
Bruce Schneier, Modeling security threats Attack Trees Dr. Dobb's Journal
December 1999.
- 189 -
Ci
Cij
(= CiCj)
Cj
Cij
(= CiCj)
Ci
Cj
Cij
(= CiCj)
Cij
(= CiCj)
Cij
(= Ci Cj)
Cij
(= CiCj)
Cij
(= CiCj)
( 5-10)
( 5-10)
.
.
- 190 -
COM1
COM1
COM1
COM1
COM2
COM1
COM1
COM2
(1)
(b)
(3)
( 5-11)
3
1.
(TOE) .
CC TOE
(, TOE)
.
o TOE (Product TOE: P-TOE): CC
TOE .
o TOE (Composed TOE: C-TOE): CC 3.1
TOE .
o TOE (Operational TOE: O-TOE): 19791
TOE .
P-TOE ,
, .
. 1980 B. Boehm
,
21)22) .
(: ) ( 5-13)
21) , 2005-22, 2006. 4. 27 .
22) 2003 , S/W, 2005.12.
- 191 -
( )
( ) (CBSE)
.
(outsourcing). ( 5-12) ( 5-13) TOE ,
TOE TOE .
O-TOE
( ST)
(---
(COTS)
(COTS)
(COTS)
( 5-12)
- 192 -
COM1
COM2
COM3
()
COM4
" TOE"
COM1
COM2
COM4
" TOE"
COM3
" TOE"
( 5-13) , TOE (
PP/ST )
2. TOE
KISA 2
(2003 2005 ).
. P-TOE
, C-TOE O-TOE
.
. 03 CC
( 5-14) P-TOE
23).
23) ,
(), KISA, 2003.11.
- 193 -
SW (COCOMO )
SW (Function point)
SW (ISO 9126,
14598)
(PERT/CPM )
CC, CEM
KISA
EAL7
1
2
3
....
n
1
m
CC
( 5-14) 03
(1)
o CC (EAL1 ~ EAL7) : EAL PP, ST
, , . ([ 4-13])
[ 5-13] CC 2.2
PP
ST
(*)
6
9
32
14
8
11
41
45
EAL1
( EAL2 EAL3
)
7
13
17
7
18
22
23
47
63
10
20
27
- 194 -
EAL4
EAL5
EAL6
EAL7
23
33
94
39
23
33
90
39
25
40
132
44
25
45
135
47
Work ST
unit
(EAL1)
32
8
40
41
11
52
23
3
26
47
7
54
63
12
75
94
23
117
108
35
143
132
40
172
135
50
185
40
78
106
127
169
195
225
237
0.51
1.35
1.63
2.17
2.5
2.88
3.04
(*) ST
(:
0.54 6.11)([ 5-14]
), , EAL PP, ST .
[ 5-15] .
[ 5-14]
( )
1.
2.
3.
()
4.
5.
6.
(confirm)
7.
-
8.
9.
10.
11.
12.
13.
14. ,
(determine) 15.
-
16.
17.
18.
(check)
0.3
0.5
1
1.5
0.54
0.78
2
(
)
0.54
0.78
1.00
1.00
1
1
1
1
1
1.3
1
1
1
1
4
2.5
3
3
5
3
3
5
2
5
1.50
1.47
1.38
1.44
1.54
1.74
1.67
1.60
1.29
1.52
1.41
1.46
1.34
1.40
1.41
1.68
1.63
1.47
1.33
1.38
1.9
2.34
2.15
1
4
7
1.5
7
10
15.26
6
2.75
6.03
9.85
2.65
2.61
5.92
9.71
2.53
- 195 -
14. ,
(determine) 15.
-
16.
17.
18.
19.
20.
21.
(test)
22.
23.
()
24.
25.
26.
27.
()
1.9
2.34
2.15
1
4
7
1.5
1.5
1.5
2
3.9
7
10
15.26
6
4
4
12.5
8
2.75
6.03
9.85
2.65
2.47
2.60
5.28
5.07
2.61
5.92
9.71
2.53
2.35
2.40
5.24
4.97
5.50
5.45
2
1
1
4
9
2
2
10
5.29
1.51
1.44
5.87
5.26
1.48
1.49
6.11
[ 5-15] ,
(ST )
PP
(ST70.25) 51.94
0.48
(EAL1 1)
0.51
( 2-1)
EAL1
(
)
106.9
EAL2
EAL3
EAL4
EAL5
255.99
EAL6
EAL7
287.75 298.81
1.39
1.62
2.15
2.39
2.69
2.80
1.35
1.63
2.17
2.5
2.88
3.04
o : 2003 8 33
PP 67 ST . ([ 5-16] )
[ 5-16] ,
DB
(
)
VPN
OS
1.00
0.92
1.88
1.50
1.71
1.68
1.65
1.24
0.93
1.25
- 196 -
DB EAL1 1 .
[ 5-17]
DB
VPN
OS
1.00
0.92
1.88
1.50
1.71
1.68
1.65
1.24
0.93
1.25
1.38
PP
0.48
0.48
0.44
0.90
0.72
0.82
0.81
0.79
0.60
0.45
0.60
0.66
EAL1
1.00
1.00
0.92
1.88
1.50
1.71
1.68
1.65
1.24
0.93
1.25
1.38
EAL2
1.39
1.39
1.28
2.61
2.09
2.38
2.34
2.29
1.72
1.29
1.74
1.91
EAL3
1.62
1.62
1.49
3.05
2.43
2.77
2.72
2.67
2.01
1.51
2.03
2.23
EAL4
2.15
2.15
1.98
4.04
3.23
3.68
3.61
3.55
2.67
2.00
2.69
2.96
EAL5
2.39
2.39
2.20
4.49
3.59
4.09
4.02
3.94
2.96
2.22
2.99
3.29
EAL6
2.69
2.69
2.47
5.06
4.04
4.60
4.52
4.44
3.34
2.50
3.36
3.70
EAL7
2.80
2.80
2.58
5.26
4.2
4.79
4.70
4.62
3.47
2.60
3.50
3.85
1.81
1.81
1.67
3.41
2.73
3.11
3.05
2.99
2.25
1.69
2.27
(2)
(, Man-Month), 3
, . ,
.
(3)
KISA
()
2 7 .
5~7
, 5
. KISA 2(VPN CC 3 ) 100%
, CC
100% 3 (, , 1)
- 197 -
.
.
()
()
2003 , K4
1 8 800 , CC VPN
EAL3+ 3 2600(
).
, . ,
(CC
) , . ,
- 198 -
()
o : EAL4
2 2160(177$). .
o : EAL4 10
(4)
[ 5-17] [ 5-18]
[ 5-18] ()
DB
VPN
OS
1.00
0.92
1.88
1.50
1.71
1.68
1.65
1.24
0.93
1.25
PP
EAL1
EAL2
EAL3
EAL4
EAL5
EAL6
EAL7
0.48
1.00
1.39
1.62
2.15
2.39
2.69
2.80
5,372
4,924
10,073
8,058
9,177
9,065
8,842
6,715
5,036
6,715
7,387
11,192
10,297
21,041
16,788
19,138
18,802
18,467
13,878
10,408
13,990
15,445
15,557
14,326
29,211
23,391
26,637
26,189
25,629
19,250
14,438
19,474
21,377
18,131
16,676
34,135
27,196
31,002
30,442
29,882
22,496
16,900
22,720
24,958
24,063
22,160
45,215
36,150
41,186
40,403
39,731
29,882
22,384
30,106
33,128
26,749
24,622
50,252
40,179
45,775
44,992
44,096
33,128
24,846
33,464
36,821
30,106
27,644
56,631
45,215
51,483
50587
49,692
37,381
27,980
37,605
41,410
31,337
28,875
58,869
47,006
53,609
52,602
51,707
38,836
29,099
39,172
43,089
- 199 -
[ 5-19] ()
DB
VPN
OS
1.00
0.92
1.88
1.50
1.71
1.68
1.65
1.24
0.93
1.25
1.38
PP
EAL1
EAL2
EAL3
EAL4
EAL5
EAL6
EAL7
0.48
1.00
1.39
1.62
2.15
2.39
2.69
2.80
2.4
2.2
4.5
3.6
4.1
4.1
4.0
3.0
2.3
3.0
3.3
5.1
4.6
9.5
7.6
8.6
8.5
8.3
6.3
4.7
6.3
7.0
7.0
8.2
10.9
12.1
13.6
14.1
6.5
7.5
10.0
11.1
12.5
13.0
13.2
15.4
20.4
22.7
25.6
26.2
10.6
12.3
16.3
18.1
20.4
21.2
12.0
14.0
18.6
20.7
23.2
24.2
11.8
13.7
18.2
20.3
22.8
23.7
11.6
13.5
17.9
19.9
22.4
23.3
8.7
10.2
13.5
14.9
16.9
17.5
6.5
7.6
10.1
11.2
12.6
13.1
8.8
10.3
13.6
15.1
17.0
17.7
9.6
11.3
14.9
16.6
18.7
19.4
() : EAL4 10)
. 05 CC
2005 ( 5-15) P-TOE
24)
25).
KISA
CC 2.3
EAL1 EAL2 EAL3 EAL4
z
z
z
( 5-15) 05
24) , , KISA,
2005.12.
25) 2005 , , , , 2005.8
- 200 -
(1)
KISA, , , (:
, )
.
(2)
[ 5-20]
.
[ 5-20] CC 2.3
ST
ASE
()
ADV_FSP
ADV_HLD
ADV_LLD
ADV
()
ADV_RCR
ADV_SPM
ADV_IMP
ATE_COV
ATE
ATE_DPT
()
ATE_FUN
AVA_MSU
AVA
AVA_SOF
()
AVA_VLA
ACM_AUT
ACM
ACM_CAP
()
ACM_SCP
ADO_DEL
ADO
( )
ADO-IGS
ALC_DVS
ALC
ALC_LCD
()
ALC_TAT
AGD_ADM
AGD
()
AGD_USR
EAL1
EAL2
EAL3
EAL4
65(12)
65(12)
65(12)
65(12)
8
10
8
12
12
12
5
7
10
9
12
12
4
8
4
4
4
12
10
7
16
7
18
1
4
2
4
2
3
8
6
222(12)
2.4
7
10
3
2
2
14
1
2
2
8
6
98(12)
1
8
6
141(12)
1.5
8
6
158(12)
1.7
(3)
- 201 -
[ 5-21] CC 2.3 ()
ST
ADV
()
ATE
()
AVA
( )
ACM
()
ADO
( )
ALC
()
AGD
()
ASE
AVD_FSP
AVD_HLD
AVD_LLD
AVD_RCR
AVD_SPM
AVD_IMP
ATE_COV
ATE_DPT
ATE_FUN
AVA_MSU
AVA_SOF
AVA_VLA
ACM_AUT
ACM_CAP
ACM_SCP
ADO_DEL
ADO_IGS
ALC_DVS
ALC_LCD
ALC_TAT
ALC_FLR.1
ALC_FLR.2
ALC_FLR.3
AGD_ADM
AGD_USR
ADO_IGS
ATE_IND
EAL1
20(10)
7
EAL2
20(10)
7
8
EAL3
20(10)
7
9
8
3
1
6
1
6
1
2
6
3
6
8
10
3
3
5
10
3
3
10
10
3
3
10
10
3
3
10
60(50)
1
99(89)
1.6
116(106)
1.9
187(177)
3.1
AVA_VLA
ETR
4
5
2
6
EAL4
20(10)
8
10
15
5
3
15
8
5
8
6
1
10
5
5
5
3
6
5
3
3
() ST
- 202 -
(4)
, .
o = (/30)
( 30 )
o : [ 5-22] .
[ 5-22]
0.8
1.2
IT
IT
IT
, OS, ,
, SW ,
PC, , , , ,
, HW,
OS, OS, IC
(5)
SW .
o = {()}
o : 7%
o : 110%
3. TOE
. TOE
(1)
o 30 26) CC
.
o 30 3
26) CC
- 203 -
(2)
C-TOE ()
o CAP : C-TOE (CAP-A, CAP-B, CAP-C )
o FUN : COMi FUNi (FUN = FUNi /n)
o IF: C-TOE ( n , IF = 4n(n-1)/2. : n=2
0.8
1
1.2
8 (2 )
12 (3 )
40 (4 )
[ 5-24] (FUN)
0.8
1
1.2
25
305
36
- 204 -
[ 5-25] (CAP)
0.7
1
1.1
CAP-A ( )
CAB-B ( )
CAP-C ( , )
(3)
o C-TOE (IF): 5 2 ( 5-6) 2
(IF) 4,
. , n , IF = 4n(n-1)/2.
, n=2 IF=4, n=3 IF=12, n=4 IF=24, n=5 IF=40. 3
(=1) , 2 0.8, 4 1.2
.
. * .
o (FUN): 2005 KISA
27), (,
) 30, 30 5 0.8
, 1.2 . 2005
(30) , 3
. TOE
.
.
(CAP): CC 7(EAL1 ~
EAL7) , CC 3.1 TOE 3
27) , , KISA,
2005.12.
- 205 -
, . CC 3.1
CAP .
. (CAP)
(1) CAP
CAP-A, CAP-B, CAPC EAL-2, EAL-3, EAL-4 .29)
o CAP-A ( ) : C-TOE
.
, (:
). ,
.
o CAP-B ( ) : C-TOE
,
. ,
.
, TOE , ,
.
o CAP-C ( , ) : C-TOE
.
.
C-TOE,
,
.
(2) CAP
2003 CC (,
29) Albert B. Jeng and Yu-Min Yu, Analysis of the composition problems in CC v3.1 rev.1
with some suggested solutions, ICCC 2006, , 2006.9.
- 206 -
) CC 3.1 ACO() [
5-27] 30). [ 5-26] CC 3.1 (CAP)
. [ 5-27]
. E
CC 3.1 (ACO) (CAP)
.
CAP , CAP
.
CAP-A : CAP-A : CAP-A = 31 : 43 : 46
CAP-A
CAP-B
ACO_COR.1 (1)
ACO_CTT.1
(5.93)
ACO:
AGD:
ALC:
CAP-C
ACO_CTT.2 (6.93)
ACO_DEV.3
(5.15)
ACO_REL.1 (1)
ACO_REL.2 (2)
ACO_VUL.1
ACO_VUL.2
ACO_VUL.3 -
(8.6)
(14.71) (15.71)
AGD_OPE.1 (1)
AGD_PRE.1 (1)
ALC_CMC.1 TOE (1)
ACO_DEV.1
(3.15)
ACO_DEV.2
(4.15)
30) ,
(), KISA, 2003.11.
- 207 -
ASE_CCL.1 (1)
ASE_ECD.1 (2)
ASE_INT.1 ST (2)
ASE:
ST
ACO
)
ASE_OBJ.1
ASE_OBJ.2 (1)
(1)
ASE_REQ.1
ASE_REQ.2 (2)
(1)
ASE_TSS.1 TOE (2)
ASE_SPD.1 (1)
30.68 (18.68)
42.79 (27.79)
45.79 (30.79)
()
(ACO_COR)
ACO_COR.1
ACO_DEV.1
(ACO_DEV)
(ACO_REL)
()
(1)
(1),
(2.15)
3.15
, (1+),
,
,
(2.15+)
, ,
ACO_DEV.3 , (1++),
,
(2.15++)
,
ACO_REL.1
, ,
(1)
,
ACO_DEV.1
ACO_REL.2
, ,
,
(1+)
(1),
ACO_CTT.1 ,
(), (2.53),
()
TOE
(2.4)
, (1+),
ACO_CTT.2
(ACO_CTT)
( ),
(2.53),
( )
(2.4)
- 208 -
3.15++
==> 4.15
3.15+++
==> 5.15
1
1+
==> 2
5.93
5.93+
==> 6.93
(ACO_VUL)
ACO_VUL.1
(1),
(2.15),
(5.45)
8.6
ACO_VUL.2
(1),
(2.15),
(5.45), basic
(6.11)
14.71
ACO_VUL.3
-
(1),
,
(5.45), extended
basic
(6.11+)
14.71+
==> 15.71
(1)
(1)
(1)
(1)
(1)
1(1), 2(1)
1(1), 2(1)
(1)
(1)
(1)
(1)
1+
==> 2
1(1), 2(1)
(1)
AGD_OPE
AGD_OPE.1
AGD_PRE
AGD_PRE.1
ALC_CMC
ALC_CMC.1
TOE
ALC_CMS.2
ALC_CMS
TOE
ASE_CCL.1
ASE_CCL
ASE_ECD
ASE_ECD.1
ASE_INT
ASE_INT.1
ST
ST
ASE_OBJ.1
ASE_OBJ
ASE_OBJ.2
ASE_REQ.1
ASE_REQ.2
ASE_REQ
ASE_TSS.1 TOE
ASE_SPD.1
4. TOE (19791-TR)
. TOE
- 209 -
(1)
o 19791 O-TOE (composit) TOE .31)
(2)
O-TOE TOE, C-TOE
.
O-TOE COM COM = {COM1, COM2, ...,
COMn} , O-TOE (TIME) .
TIME = BASE EAL FUN IF OPE
o BASE : 30 3
C-TOE ()33)
o EAL : O-TOE (5, 7)
o FUN : COMi FUNi (FUN = FUNi /n)
o IF: O-TOE ( n , IF = n(n-1)/2. : n=2
IF=1, n=3 IF=3, n=4 IF=6, n=5 IF=10)
o OPE:
IF, FUN, EAL, OPE . EAL
. , O-TOE OPE
" 11" 34). OPE
.
- 210 -
0.8
1
1.2
2 (2 )
3 (3 )
4 (4 )
0.8
1
1.2
25
305
36
EAL1
EAL2
EAL3
1
1.4
1.5
EAL1
EAL2
EAL3
EAL4
1.7
EAL4
EAL5
1.9
EAL5
EAL6
EAL7
2.0
2.2
EAL6
EAL7
L1
L2
L3
1
1.4
1.5
CMM Level1
CMM Level1
CMM Level1
L4
L5
1.7
2.1
CMM Level1
CMM Level1
- 211 -
[ 5-32] (OPE)
1.0
1.2
1.7
1.7
1.9
2.0
2.2
1.3
, , ,
, , , , OR, CAE
, , ,
,
, , ,
, , DBMS,
, , CASE,
, , , GPS
, CAM, CIM, , , ,
,
(3)
o O-TOE (IF): (IF) ,
. , n , IF =
4n(n-1)/2. , n=2 IF=4, n=3 IF=12, n=4 IF=24, n=5
IF=40. 3 (=1) , 2
0.8, 4 1.2 .
.
o O-TOE () (FUN): 2005 KISA
35), (,
) 30, 30 5
0.8 , 1.2 . 2005
(30) ,
3 . TOE
. .
o O-TOE (EAL): 19791
. , 3 ~ 5(CMVP, CMM,
35) , , KISA,
2005.12.
- 212 -
, ) 7(CC) .
CMM36) 37) 38)
5 CC 7
. O-TOE
(1) 19791-3
2003 39) CC (,
) CC 3.1 ACO()
[ 5-22] . [ 5-33] 19791-TR
.
[ 5-33] 19791-TR
ASP_INT: SPP
ASP_CCL:
ASP_SPD:
,
1. SPP
2. SPP ,
,
1.
,
1.
,
1.
1+1.63()
= 2.63
1+1.63()
= 2.63
1+1.63 = 2.63
ASP_OBJ:
ASP:
SPP ASP_ECD: 1. ,
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
ASP_DMI: 1. ,
(overview)
1+1.63 = 2.63
1+1.63 = 2.63
ASP_REQ:
1. (stated)
2. (derived)
ASP_DMC: 1.
- 213 -
ASP_DMP:
1.
ASP_DMO: 1.
1.
ASP_DMR:
2.
1. SST
ASS_INT: SST ;
2. SST
ASS_CCL:
1.
ASS_SPD:
1.
ASS_OBJ: 1.
ASS_ECD:
1.
1.
ASS_REQ:
2.
ASS:
SST ASS_TSS: STOE
1. STOE ()
()
ASS_DMI:
1.
ASS_DMC: 1.
ASS_DMP: 1.
2.
1.
2.
1.
AOD_OCD:
2.
AOD:
1.
AOD_ADM:.
SSF
2. SSF
AOD_USR:
,
,
,
,
,
,
1.
SSF
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
,
,
,
,
,
,
ASS_DMO:
1.
ASS_DMR:
1+1.63 = 2.63
,
,
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1+1.63 = 2.63
1
,
1+2.15() = 3.15
(verify)
,
1+2.15() = 3.15
(verify)
- 214 -
AOD_GVR:
ASD_SAD:
ASD_IFS:
()
ASD: ASD_SSD:
ASD_CMP:
ASD_IMP:
ASD_CON.:
ASD_GVR:
2. SSF
,
1+2.15() = 3.15
(verify)
1.
,
(determine)
1. ,
(determine)
1. ,
(determine)
1. ,
(determine)
1. ,
(determine)
,
1.
(determine)
1.
1.
AOC_OBM: 1.
2.
AOT:
AOT_DPT:
AOT_IND:
1+2.15() = 3.15
1+2.15() = 3.15
1+2.15() = 3.15
1+2.15() = 3.15
1+2.15() = 3.15
1
1
,
1+2.15() = 3.15
(verify)
1
1,
1
2
1
1,
1+1 = 2
2
1
1,
1+1 = 2
2
1.
AOC_ECP:
2.
AOC:
1. PP
AOC_PPC: PP 2. PP
AOC_NCP 1.
2.
AOT_FUN:
1. SSF
AOT_COV: 1. SSF
2. SSF
1.
1+2.15() = 3.15
1
1
1
2.
1
3.
1
4.
1
, 1+2.35() =
1. -
3.35
1+2.35()+2.
,
2. -
4() = 5.
,
75
3. -
,
,
- 215 -
1+2.35()+2.
4()+5.24
() = 10.
99
AOT_REG:
1.
1.
AOV_MSU:.
AOV:
,
, ,
2. ,
, , ,
1. /
2.
,
AOV_VLA.
3.
, +
4.
, ++
1.
AOL:
AOL_DVS:
2.
1.
ASI_AWA: .
2.
1. SSF
ASI:
ASI_CMM.:
2. SSF
1. STOE
ASI_SIC:
2.
1.
ASO_RCD:
2.
ASO:
ASO_VER:
1.
,
,
,
,
1
1+1.48()+2.
15(
)+1.46(
) = 6.09
1+1.48()+2.
15(
)+1.46(
)+4.97(
) = 11.06
1+5.45() =
6.45
1+5.45+2.61(
) = 9.06
1+5.45+5.92(
) = 12.37
1+5.45+9.71(
) = 16.16
1
1
2. ,
1. SSF
ASO_MON:
2. ,
1
1
1
1
1
1
()
(2)
CMM-SSE 5
- 216 -
.
o 7 : CC
7(EAL1 ~ EAL7) . ,
EAL1 ~ EAL4 .
EAL1:
EAL2:
EAL3:
EAL4: ,
EAL5:
EAL6: ,
EAL7: ,
7 , [ 5-24]
EAL1 : EAL2 : EAL3 : EAL4 :EAL5 : EAL6 : EAL7 =
70.0 : 97.6 : 104.7 : 132.2 : 138.0 : 141.8 : 150.8
= 1 : 1.4 : 1.5 : 1.7 : 1.9 : 2.0 : 2.0 : 2.2 .
CC 19791-3 ,
.
o 5 : CMM-SSE 5
. 40).
1 ( ):
.
2 ( ): ,
.
3 ( ):
.
- 217 -
4 ( ):
.
5 ( ):
5 , [ 5-34] Level 1 1
() .
Level1 : Level2 : Level3 : Level4 : Level5
70.0 : 97.6 : 104.7 : 132.2 : (138.0 + 141.8 + 150.8)/3
= 1 : 1.4 : 1.5 : 1.7 : 2.1
. CC 19791-3
,
.
[ 5-34] 19791-TR (
)
()
EAL
Level
1. SPP (2.63)
ASP_INT: SPP
2. SPP (2.63)
1. (2.63)
ASP_CCL:
ASP_ECD: 1.
(2.63)
ASP_SPD: 1. (2.63)
ASP_OBJ:
1. (2.63)
1 . ( s t a t e d )
(2.63)
ASP_REQ:
2. (derived)(*
ASP
CC.3.1) (2.63)
(SPP
) ASP_DMI: 1. (overview)
(2.63)
ASP_DMC:
1. (2.63)
ASP_DMP:
1. (2.63)
ASP_DMO: 1. (2.63)
ASP_DMR: 1. (2.63)
2. (2.63)
- 218 -
1
1
1
1
1
1
1
1
1
1
1
1
1. SST (2.63)
2. SST (2.63)
1. (2.63)
ASS_CCL:
ASS_ECD: 1.
(2.63)
ASS_SPD: 1. (2.63)
1. (2.63)
ASS_OBJ:
1. (2.63)
ASS_REQ:
2. (2.63)
ASS_TSS: STOE
1.STOE () (2.63)
()
ASS_DMI:
1. (2.63)
ASS_DMC:
1. (2.63)
ASS_DMP: 1. (2.63)
2. (2.63)
ASS_DMO: 1. (2.63)
ASS_DMR: 1. (2.63)
2. (2.63)
ASS_DMS 1. ()
()
(2.63)
1.
(1)
AOD_OCD:
2.
(3.15)
1.
AOD_ADM:.
SSF (1)
2. SSF
(3.15)
1.
AOD_USR:
SSF (1)
SSF
2.
(3.15)
AOD_GVR:
1. (1)
ASS_INT: SST ;
ASS
(SST
)
AOD
(
1
1
1
1
1
1
1
1
1
1
1
1
ASD_SAD: 1. (3.15)
ASD_IFS:
ASD
()
(
ASD_SSD:
ASD_CMP:
ASD_IMP:
)
ASD_COM.:
ASD_GVR:
AOC
( AOC_OBM:
1. (3.15)
1. (3.15)
1.
(3.15)
1. (3.15)
1. (3.15)
1. (1)
1. (1)
2. (3.15)
- 219 -
AOC_ECP:
AOC_PPC: PP
AOC_NCP
AOT_FUN:
AOT_COV:
AOT
(
AOT_DPT:
AOT_IND:
AOT_REG:
AOV_MSU:
AOV
(
) AOV_VLA.
AOL_DVS:
(AOL)
ASI_AWA:
ASI_CMM.:
(ASI)
ASI_SIC:
ASO_RCD:.
ASO_VER:
(ASO)
ASO_MON:
1. (1)
2.
(1)
1.PP (1)
2. PP
(2)
1. (1)
2.
(2)
1.SSF (1)
1. SSF (1)
2. SSF
(1)
1.
2.
(1)
3. (1)
4. (1)
1. - (3.35)
2. - (5.75)
3. - (10.99)
1. (1)
1.
(6.09)
2.
(11.06)
1./
(6.45)
2. (9.06)
3. (12.37)
4. (16.16)
1. (1)
2.
(1)
1. (1)
2. (1)
1. SSF (1)
2.SSF
(1)
1. STOE
(1)
2.
(1)
1. (1)
2. (1)
1. (1)
2. (1)
1.SSF (1)
2. (1)
() CC
- 220 -
4
(/, , , )
4
(, TOE TOE)
(scoping rule) ,
. 19791 , CC 3.1 (composed)
(C-TOE ) 19791 (operational
system) (O-TOE 41)) . ,
C-TOE O-TOE .
1.
. 19791-3
19791 O-TOE .
. , O-TOE 1
, PP ST
. ,
.
O-TOE . O-TOE
. , O-TOE
. , .
. CC/CEM
CC/CEM S-TOE TOE
- 221 -
o . , TOE
.
o ADV_TDS TOE 1
1 ( )
.
.
O-TOE TOE
(scoping rule) . F
TOE .
(1) 42)
IT (UK-ITSEC)
.
(sponsor) ST .
o ( )
o (TOE ):
PC TOE .
.
o ( ): TOE
. TOE
. TOE HW SW
. TOE
TOE .
o TOE ( ): TOE
42)
http://www.cesg.gov.uk/site/iacs/itsec/media/formal-docs/TOEscoping_1.0.pdf
- 222 -
.
o ( ): TOE
. TOE
.
o TOE , , ,
o , ,
o TOE ( ): , ,
TOE .
o TOE (): TOE
.
.
TOE
SW HW
HW SW
TOE (:
;
OS )
o ,
( 5-16) (context diagram) . TOE
TOE .
, .
- 223 -
(
)
(
)
TOE , TOE
(: , ,
, SW , , , , )
TOE (, )
(, )
. .
(usage)
IDS
/
?
TOE
()
.
,
OS
( 5-16) TOE
- 224 -
()
o : ,
( 5-17) . ,
SW
.
SW .
COTS
GUI
GUI SW
SW
IDS
SW
SW
COTS OS
SW
SW
SW
SW
COTS OS
OS
( 5-17) 2 ( )
. ,
. COTS(, )
. ,
o : (,
) . ( 5-18)
.
(2) 43)
() .
43) , 1.0 , January 2006.
- 225 -
<CC >
o CCP1. TOE . ,
.
o CCP2. IT
PC
PC
GUI
IDS
SW
SW
GUI
PC
SW
GUI
SW
COTS OS
COTS OS
SW
COTS OS
OS
SW
OS
<SW PC , PC HW . (,
PC PC .)
( . )
( 5-18) SW HW
< >
o EP1. TOE SFR
.
o EP2. TOE
.
o EP3. IT
IT .
<CC >
o SP1. TOE .
- 226 -
o SP2. TOE .
o SP3. TOE IT
. TOE
, IT
.
o SP4. -CC
. (: )
o SP5. .
o SP6.
() TOE .
<>
o
o 3 (; )
o 3 C-TOE
o TOE
<DB>
o OS
OS
o OS , TOE
TOE
<>
o (, , ,
)
o
- 227 -
OS .
< >
o
<>
o , , ,
IT
() CC TOE
o
TOE: ( ).
()
o TOE : TOE
.
o : TOE . ,
. TSFI45) TSF
. TSFI 46)
TOE .
TSFI TSF
.
45) CC 2.2 TSFI (TOE ) TSF
. CC 3 TSFI (TOE )
. TSFI .
46) TSFI TOE CC ,
. CCP1 .
CC .
- 228 -
. , CC TSF
TSFI TSF TSFI TSF
.
o ( ) : CC
TOE .
.
. TOE TOE
.
(3) TOE
< >
o : TOE .
o TOE : TOE
.
o : IT
IT .
- 229 -
< (viability)>
o IT : TOE IT
.
TOE , IT
.
o : -CC
. (: ) CC
TOE .
o (State of the Art):
.
< >
o :
TOE
.
2.
,
,
47)
. , O-TOE
. , (,
) O-TOE .
(: O-TOE)
(; )
. ,
UML(Unified Modeling Language) Use-case diagram, Class diagram,
47) -
. ,
- 230 -
Sequence diagram 20 .
O-TOE ,
( 5-19) , () ()
3 .
O-TOE1
O-TOE2
( 5-19) 3
[ 5-35] 3 O-TOE
( )
( )
O-TOE1
06 11
19()
HW
O-TOE2
051
( )
O-TOE3
044
( )
OS
TOE
. (temporal scope)
(, ----)
(duration) (time point) .
o : ,
( ,
6). O-TOE , ,
- 231 -
( , ,
2).
o : O-TOE snapshot
. 19791 , . ,
,
. (ISMS)
.
. () (spatial scope)
(, , )
.
:
, , , , , (LAN), WAN,
,
PP48) 19791
. , O-TOE
. ,
, (: )
. ( 5-20) WAN
O-TOE() . ( 5-21)
. , 19791
.
48) Control Center Protection Profile For Industrial Control Systems, Version 0.50, Submitted
To: Process Control
Security Requirements Forum (PCSRF), By: Digital Bond, Inc.
February 17, 2004. http://www.digitalbond.com/SCADA_security/PP_05.pdf
- 232 -
( 5-20) O-TOE
O-TOE
A
D
DB
B
COTS
F
( )
. () (functional scope)
O-TOE . O-TOE
- 233 -
(view) . ( 5-22)
O-TOE ,
.
o : O-TOE
. , ,
, ,
O-TOE .
o : O-TOE ( ,
) . CC 3.0
TOE .
o : CC TOE (
) , O-TOE
(, , ) .
O-TOE ,
. ,
.
o 49): O-TOE 1
, .50).
,
. A B
, A B ,
A B .
- 234 -
(: )
IS
SW
()
SW
(OS, DBMS)
(DB)
OS
HW()
O-TOE
(a) (architecture)
O-TOE
(EAL4)
(EAL1)
(b)
( : H )
1 ()
2 ()
3 ()
4 ()
TSF
TOE
/
(c)
- 235 -
O-TOE
A (X )
B ()
p2
A
C ()
p3
B
p1
D ()
p4
(d)
( 5-22) ()
3.
O-TOE
. O-TOE
. O-TOE . ,
TOE , ,
.
CC 3.0 TOE
, 19791 O-TOE . ,
O-TOE , TOE CC (: EAL4
X ) .
[ O-TOE ]
o R1(). TOE (encapsulated) (information hiding)
().
o R2( ). TOE(, ) TOE(,
O-TOE) .
o R3( ): TOE PP ST . ,
, , , .
o R4( ): TOE .
- 236 -
o R5( ): TOE .
o R6( ): .
o R7( ): TOE () TOE
.
o R8( ): TOE TOE
. CC .
<>
( 5-21-(d))
o TOE-A(, A) TOE-B TOE-D TOE-B
TOE-C .
o p1 TOA-A p3 TOE-C
( ).
o TOE-B TOE-D EAL4 EAL5, TOE-A
- 237 -
<Control PP>
[1] Dale Peterson, Control Center Protection Profile Made Easy, Presented to
PCSRF, Digital Bond, peterson@digitalbond.com.
[2]
Control
Center
Protection
Profile,
http://www.digitalbond.com/SCADA_security/FAQ.htm#question1digitalbond.com.
[3] Control Center Protection Profile For Industrial Control Systems, Version
0.50, Submitted To: Process Control
By:
Digital
Bond,
February
17,
2004.
http://www.digitalbond.com/SCADA_security/PP_05.pdf
[4] System Protection Profile - Industrial Control Systems, Version 1.0, NIST,
Decisive Analytics, 2004 4.
<IATF PP>
[5] The Information Assurance Technical Framework (IATF), Release 3.1,
National
Security
Agency,
information
Assurance
Solutions,
Technical
- 238 -
LAN/Facility Communication
- 239 -
Risk NAS
: , , 2005 11.
[36] (), , : ,
, 2004 11.
- 240 -
(KISSES)
KISSES
19791-TR SP 800-53A
. 19791-TR 19791
, KISSES .
, .
o :
. , (,
) ,
. ,
. .
o 19791 : 19791
. ,
BS 7799 , CC CC
. , KISSES 19791 .
o :
(CC ) .
, KISSES
.
o KISSES : 19791
KISESS .
o :
CC 3.1 .
- PP/ST
- 241 -
-
-
-
CC 19791
. CC 4.0 19791
.
.
o :
o : ( ),
,
. ,
,
, .
.
. , , 19791-TR(20065),
SP 800-53A,
, , ,
. , 4 4
.
- 242 -
A.
A.
ITSEC CC ,
CC CC ( )
. EAL4
,
. , 19791
.
(2)
o STSn FTA . ,
, (HMG)
Infosec Standard No.1 (IS1) Residual Risk Assessment Method ,
JSP440 for residual risks 11.5 ~14.4 .
o , .
o ,
.
o SE IT
.
(3)
FTA 4 .
o : ST WP(Work Plan) .
o : / .
o : (ER) CESG letter .
51) http://www.cesg.gov.uk/
- 243 -
A.
o : (AMP) .
(4)
o 11.5 ~ 14.4
- 2 ~ 4
- SYS2 ~ SYS4 : , & ,
&, & , ,
o
- (: Standard Assurance):
, (IS1) 3 ( 1 ~
5 )
- ( : Developed Assurance): ,
(credible) , 5
( 6 7 )
- .
o ,
barriers) .
(5)
/ ,
.
CESG
. ,
- 244 -
A.
o , CESG ,
, toolbox . toolbox()
.
-
-
- &
-
-
-
-
o . ,
trade-off .
(7) TAS
o , .
. (, .),
, / . ST
( ), ST .
o (Task Start up Review): , & .
o (assurance maintenance): .
(8)
o (EWP): .
o (ER: Evaluation Report): , ,
.
/ ,
.
o CESG letter: ,
, (aim) . IS1
. .
o (OR): .
(9)
. ,
,
, .
(tailored assurance) ,
. ,
.
- 245 -
A.
o
. .
o ,
.
o ,
.
o SYS .
o SYS , .
o , .
o .
o : , (pragmatic
agreement), COTS
o CC CEM .
(2)
SYSn
, , .
ST MoD
.
- 246 -
A.
SYSn .
. , TOE
.
o
CLEF -
. ,
[JIL] '
' . :
- ( ) TOE(, )
- ST ( ST
)
- AVA( )
.
-
- , (TOE
)
.
o
SYSn EAL ETR ,
, ,
.
(
. TOE
.
o TOE , , (,
) .
o , .
TOE ,
.
- 247 -
A.
.
ETR CB
. , ETR
.
a) '-'
b) TOE .
c) (, , )
d)
(3)
SYS2
SYS2 AVA_VLA.1+
CC EAL2 . SYS2
.
Class ACM:
ACM_CAP.2
ADO_DEL.1
Class ADO:
ADO_DEL.1
ADO_IGS.1 , ,
Class ADV:
ADV_FSP.1
ADV_HLD.1
ADV_RCR.1
Class AGD:
AGD_ADM.1
AGD_USR.1
Class ATE:
ATE_COV.2
ATE_FUN.1
ATE_IND.2 :
Class AVA:
AVA_SOF.1 TOE
AVA_VLA.1+
- 248 -
A.
SYS3
SYS3 AVA_VLA.1+
CC EAL2 . SYS3
.
Class ACM:
ACM_CAP.3
ACM_SCP.1 TOE
Class ADO:
ADO_DEL.1
ADO_IGS.1 , ,
Class ADV:
ADV_FSP.1
ADV_HLD.2 Security enforcing high-level design
ADV_RCR.1
Class AGD: Guidance
AGD_ADM.1
AGD_USR.1
Class ALC:
ALC_DVS.1
Class ATE:
ATE_COV.2
ATE_DPT.1
ATE_FUN.1
ATE_IND.2 :
Class AVA:
AVA_MSU.1
AVA_SOF.1 TOE
AVA_VLA.1+
SYS4
SYS4 CC EAL4
.
(4)
ST
o , , (ASE_INT.1)
TOE ,
- 249 -
A.
a) ST TOE .
b) ST ST(CC 2, CC 3, PP
) .
o TOE (ASE_DES.1)
TOE , TOE
(- ) .
TOE
.
o TOE (ASE_ENV.1)
TOE
TOE
TOE .
(OSPs) .
o (ASE_OBJ.1)
TOE .
a) TOE (
.) TOE
b) . , ,
(OSPs), .
o PP (ASE_PPC.1)
TOE ST PP
.
o IT (ASE_REQ.1, ASE_SRE.1)
TOE .
a) IT (SFRs)
.
b) IT TOE , IT
, TOE
.
o TOE (ASE_TSS.1)
TOE .
a) IT .
b) IT SFRs
.
- 250 -
A.
c) .
(ADO)
o , , (ADO_IGS.1)
TOE , ,
TOE .
(AGD)
o (AGD_ADM.1)
ST , ,
TOE .
o (AGD_USR.1)
ST , ,
TOE .
(ATE)
o (ATE_FUN.1)
TOE
.
a) (,
.)
.
b) ( , , )
.
o (ATE_IND.2)
TOE TOE .
(AVA)
o TOE (AVA_SOF.1)
TOE .
- 251 -
A.
(1) FTA
FTA Inforsec Inforsec
(CESG ) , -
. CESG (, )
, (suitable)
.
FTA (, CC ) ,
. ,
.
FTA :
- FTA
- FTA TOA
FTA (FTAC) - FTA (oversee)
- TOA ST FTA
FTAC () FTA
. FTA .
o - TOA ST , /
, FTAC
(AWP)
o - AWP ST FTA . FTA
. ST AWP
, TOA ,
(culminate).
o - FTAR FTAC . FTAC
.
o
o
o
o
(2)
, FTA
.
TAO . (
)
FTA CC . ST
.
FTA TOA
.
- 252 -
A.
TOA , .
CC ,
.( ) ,
, ,
( ) TOA
. CC CC CEM
.
, , ,
(gleaned) , .
.
. ,
- . , FTA
.
,
.(CEM soundness' ). .
,
(commensurate) .
TOA . ,
:
, TOA TOA
FTA .
o (verbally) - , FTAC,
o (written) -
, . , EAL1 (
) EAL4
.
( TOA ),
, (bearing on)
.
(impartiality)
.
- 253 -
A.
CC
(objectivity)
.
CC .
FTA FTAC
(oversight) .
.
TOA ( )
.
(, TOA, ST,
), ,
. FTAC .
o FTA AWP ;
o FTA ;
o TOA FTA
,
, FTA . ,
UKAS . ,
, , , .
.
o ST ( ) -
o - FTA
- 254 -
A.
FTAC ,
, .
(validity)
FTA TOA .
ST FTA . TOA ,
FTA . FTA
.
TOA , CC FTA -
. , ST (impose)
(adhered) , TOA TOA
TOA .
(3)
FTA (FTAC)
FTAC . , FTAC FTA
(FTAR ), , TOA
.
, , 1
. , FTAR FTAC
, . FTAR FTA
,
.
CC , FTAR
TOA .
()
FTA .
( ) FTA , ST ,
.
.
.
- 255 -
A.
- . .
, - .(:
). .
.
(4) (EAL4 )
ST (ASE)
ST FTA CC ST
. , (SFR) CC 2
. (
). CC 2
(FTA ). CC 2
ST .
ST FTA
.
1. ST ?
2. TOA , ?
3. , ?
4.
(uphold)
5. TOA ?
6. , ?
- 256 -
A.
7. TOA ?
, .
, .
FTAR ST
. , ASE
.
ACM
CM (ACM_AUT)
ACM_AUT.1, .
1. TOA
?
2. TOA (
TOA )?.
CM (ACM_CAP)
ACM_CAP.1 ACM_CAP.2, .
1. TOA ( )?
2. TOA ? (TOA TOA
)
ACM_CAP.4, .
5. (upholding) CM
?
6. TOA TOA
?
CM (ACM_SCP)
ACM_SCP.1 ACM_SCP.2, .
1. TOA
?
- 257 -
A.
CM .
(ADO)
ADO_DEL.1, .
1. , TOA
?
ADO_DEL.2,
2.
?
3. (masquerade)
ADO_IGS.1, .
1. TOA TOA , TOA ,
?
TSF (ADV)
(ADV_FSP)
ADV_FSP.1, TSF .
.
1. ?
2. ?
3. ?
FTA ADV_FSP.1 ADV_FSP.2. .
TSP (ADV_SPM)
.
(ADV-HLD)
ADV_HLD.1, TOA
.
1. TOA (TSF ) ?
2. TSF , ST
TSF (co-operate) ?
3. TSF , TAF
?
4. SW, HW
- 258 -
A.
5. ( ) ST ( )
? , (; ATE_IND, AVA_VLA)
?
6. TSF ,
?
7. TSF TSF
( ) ,
?
8. TAF TAF
( ) ,
( )
?
ADV_HLD.2, .
9. TOA TSP- ?
?
(ADV_LLD.1)
ADV_LLD.1, TOA
.
1. TSF ?
2. TSF (, TSF )
3. TSP- TSP- ? ,
TSP- ?
4. TSP- ?
5. ( ) ST ( )
? , (; ATE_IND, AVA_VLA)
?
6. , TSF
?
7. ,
?
8. ,
?
(ADV_IMP)
- 259 -
A.
ADV_IMP.1, .
1. ?
2. ?
(ADC_RCR)
FTA ADV .
(AGD)
(AFD_ADM.1)
.
1. ?
2. , , ST
?
(ALC)
(ALC_DVS)
ALC_DVS.1, .
1. , TOA
?
(ALC_LCD)
ALC_LCD.1, .
1. , TOA ,
?
(ALC_TAT)
ALC_TAT.1, .
1. (; )
, ?
.
(ATE)
(ATE_COV)
ATE_COV.1
.
. FTA ATE_COV.1 ATE_COV.2.
- 260 -
A.
,
(ATE_DPT)
ATE_DPT.1
TAF
.
.
ATE_FUN.1, .
1.
(, , )
2. (, ),
, ?
(ATE_IND)
ATE_IND.1,
TOA . TOA ,
TOA , .
ATE_IND.2, ,
. TOA
.
, TOA
.
(AVA)
(AVA_MSU)
AVA_MSU.1
1. TOA , ,
(
TOA )
2. TOA ,
AVA_MSU.2
3.
- 261 -
A.
TOA (AVA_SOF)
AVA_SOF.1
1. ST SOF SOF ,
permutational . (
AVA_VLA.1
1.
2. , TOA
3.
AVA_VLA.2
4. (gleaned)
TOA ,
5.
6. TOA
- 262 -
B.
B.
(TC260) WG5
o
o
o
o
Part 1.
Part 2. (CC Part2 )
Part 3 :
Part 4 : (= )
/ CC
CC Part2 , SSE-CMM 5
, .54)
B.1 (ISIA)
(1)
o GB/T 18336-2001(, CC) "IT, , IT " ,
, ,
. (CC) &
(C&A)
(Evaluation):
(TCSEC, CTCPEC, ITSEC GB/T 18336 idt ISO/IEC 15408)
(C&A): , ,
. (DITSCAP, SSE-CMM, ISO/IEC 17799)
o : IT IT
, IT IT
,
, ,
, .
o ==> ISIA
54) IT=, IA=
- 263 -
B.
o CC "ISIA"
o :
, , , , , ,
,
o ISIA
o
ISIA : ISIA (ISPP)
ISIA ISIA : ISIA (ISPP)
ISIA (ISST)
ISIA
(IA) : ISIA (ISST) ISIA
(ISPP)
:
ISIA (ISST) ISIA
IS ISIA :
IS ISIA [ISST] ISIA , ,
ISIA ISIA ISIA
o
GB/T 9387.2-1995 2:
(idt ISO 7498-2: 1989)
GB/T 18336.1-2001 IT IT 1:
GB/T 18336.2-2001 IT IT 2:
GB/T 18336.3-2001 IT IT 3: IA
- 264 -
B.
( B-1)
(2) ISIA
o ISIA : "ISIA"
, , , ,
, , ,
.
o 3 (): 3
: (M), (T), (),
: , , , ,
: , ,
o
"ISIA" .
. ,
( )
, , , "ISIA"
. , , "ISIA"
.
- 265 -
B.
, .
( B-2) "ISIA"
o
:
. ,
,
.
:
. , ,
.
,
"ISIA"
- 266 -
B.
. , ,
, , .
:
. . ,
, . , ,
,
.
3
.
"ISIA"
.
:
. ,
, ,
.
:
.
.
: ,
.
"ISIA"
.
- 267 -
B.
( B-3) "ISIA"
(3) (ISAL)
o ,
, ,
, , IA
IA "ISIA" .
o IA , , IA , ,
, .
o ,
, ,
,
- 268 -
B.
( B-4) "ISIA"
ISST
PP
1.
PP PP
ST
1.
ST ST
PP/ST
-
2. TOE
- ,
-
-
-
-
-
-
3. TOE
TOE
4.
PP/ST
-
2. TOE
- ,
-
-
-
-
-
-
3. TOE
4.
TOE
5.
5.
- 269 -
B.
6. TOE
7. PP
8.
6. PP
9.
TOE
7.
(5)
1) :
, .
2) : .
o : .
, ,
.
o : ,
o :
.
o "ISIA" : (
), (
) ( )
.
3) : , ,
.
o : ,
: ////
.
, :
: (
, , ) ( ,
- 270 -
B.
, ,
,
, , )
o : . ,
.
,
.
:
: .
: .
o : ,
,
.
: .
: .
:
.
.
( B-5)
- 271 -
B.
(6) "ISIA"
o : ,
.
[ B-2]
.
, ,
,
.
.
, ,
,
.
.
: , , B(Basic), M(-Middle),
H(High) . , (:
) .
o : 7
( B-3)
T1
,
T2
T3
T4
T5
T6
T7
o ISAL : "ISIA"
.
- 272 -
B.
[ B-4] "ISIA"
T1
ISAL1
ISAL1
ISAL1
ISAL2
ISAL3
T2
ISAL1
ISAL1
ISAL2
ISAL3
ISAL3
T3
T4
ISAL1
ISAL2
ISAL1
ISAL2
ISAL2
ISAL3
ISAL4
ISAL4
ISAL4
ISAL4
T5
ISAL2
ISAL3
ISAL3
ISAL4
ISAL5
T6
ISAL2
ISAL3
ISAL4
ISAL5
ISAL5
o ISAL : ISAL , , ,
. // ///
"ISIA" .
ISAL, ,
. "ISIA" ,
.
[ B-5] "ISIA"
ISAL1
ISAL2
ISAL3
ISAL4
ISAL5
TCML1
TCML2
TCML3
TCML4
TCML5
MCML1
MCML2
MCML3
MCML4
MCML5
PCML1
PCML2
PCML3
PCML4
PCML5
"ISIA"
(CQI) .
B.2
CC Part 2 ()
B.3 ISIA
- 273 -
B.
( B-6) "ISIA"
o "ISIA"
: ,
, , , 5
.
:
"ISIA" .
(1)
---------------------------------------------------------------------------------------------------------------- (MOA)
- (MOA_ORG)
- (MOA_MLC)
- (MOA_LCP)
- (MOA_OKR)
- IA (MOA_DRV)
- 274 -
B.
(MSP)
- (MSP_ISP)
- (MSP_RPG)
- 3
(MSP_TFR)
- (MSP_MSD)
(MSR)
- (MSR_SRE)
- (MSR_ISN)
- (MSR_ISP)
- (MSR_ISC)
- (MSR_TSR)
(MCP)
- (MCP_LCP)
- (MCP_LOG)
- (MCP_CCK)
- (MIP)
- (MIP_IOP)
- (MIP_LRP)
- (MIP_SRP)
- (MIP_LPC)
- (MIP_CIP)
-
(MIP_MEP)
- (MIP_AES)
(MPB)
- (MPB_IAP)
- (MPB_AOB)
- (MPB_CPC)
- (MPB_CPD)
(MPS)
- (MPS_SCR)
- (MPS_SAW)
- (MPS_SED)
- (MPS_ACI)
- (MPS_IAT)
- (MPS_SMP)
(MAD)
- (MAD_ASR)
- (MAD_AFS)
(MAD_DMS)
- (MAD_EPY)
(MAS)
- (MAS_ASL)
- (MAS_DMT)
- (MAS_AMG)
- (MAS_SDC)
- (MAS_DCC)
- (MAS_DLP)
- (MAS_DMP)
- (MAS_PCM)
(MPH)
- (MPH_SAR)
- (MPH_ZIP)
- (MPH_ZPP)
- (MPH_ARU)
- (MPH_PAC)
- (MPH_ASR)
- , (MPH_DMP)
- (MPH_CAS)
(MCO)
- (MCO_OER)
- (MCO_MAC)
(MCO_LCS)
- (MCO_CUS)
- (MCO_MFC)
- (MCO_VPT)
- E-Mail (MCO_EMS)
- OA (MCO_OAS)
- (MCO_SRE)
- (MCO_DOP)
- (MCO_STO)
- (MCO_INM)
- (MCO_AUD)
- (MCO_MCB)
- 275 -
B.
(MCC)
- (MCC_NEC)
- (MCC_CCC)
- (MCC_SDC)
- (MCC_TIC)
(ADM)46
- (ADM_DRP)
-
(ADM_MRP)
----------------------------------------------------------------------------------------------------------------(2) (CMM-SEI)
SSE-CMM 55)
o 0
.
.
.
o 1
.
.
.
.
.
1.1 :
. ,
.
1) GP 1.1.1 : ,
.
o 2
- - 3 .
,
- 276 -
B.
.
.
.
2.1- : .
IA .
IA
, IT
(: , , ).
1) GP2.1.1- :
2) GP2.1.2- : IA
3) GP2.1.3- :
4) GP2.1.5- : IA
2.2- :
.
1) GP 2.2.1-
.
2.3- , : IA
.
1) GP 2.3.1- :
.
o 3
. .
,
.
.
3.1 :
.
1) GP 3.1.1 :
.
3.2 :
- 277 -
B.
.
, ,
.
.
1) GP 3.2.1 :
.
2) GP 3.2.2 :
.
3) GP 3.2.3 :
.
3.3
1) GP 3.3.1 :
2) GP 3.3.2 :
3) GP 3.3.3 :
o 4
, , .
. .
.
.
.
4.1 :
.
.
.
1) GP 4.1.1 :
.
4.2 :
.
.
1) GP 2.4.1 :
2) GP 2.4.2 : ,
.
o 5
- 278 -
B.
.
, .
, .
.
5.1 :
, .
,
.
,
.
.
1) GP 5.1.1 :
.
2) GP 5.1.2 :
.
5.2 :
, .
1) GP 5.2.1 : .
2) GP 5.2.2 :
.
3) GP 5.2.3 :
.
(DPN)
- ,
,
.
-
- 279 -
y
y
y
y
(PSD)
(PAT)
(PAV)
(PAI)
B.
(DSR)
(DSA)
(DSD)
(ISS)
(APE)
.
.
-
.
,
.
-
,
,
,
.
-
, .
-
.
.
-
,
.
.
-
, ,
.
-
.
- ,
, , ,
.
y (PAR)
y (PSR)
y (PPI)
y
(PHD)
y
(PDD)
y
y
y
y
(PEI)
(PCS)
(PMS)
(PAS)
y
(PVV)
y
(PBA)
o .
--------------------------------------------------------------------------------------------------------------- (DPN)
- DPN_PAT.3
1. (DPN_PSD)
- DPN_PAT.4
- DPN_PSD.1
- DPN_PAT.5
2. (DPN_PAT)
- DPN_PAT.6
- DPN_PAT.1
3. (DPN_PAV)
- DPN_PAT.2
- DPN_PAV.1
- 280 -
B.
- DPN_PAV.2
- DSA_PHD.2
- DPN_PAV.3
- DPN_PAV.5
(DSD)
9. (DSD_PDD)
4. (DPN_PAI)
- DSD_PDD.1
- DPN_PAI.1
- DSD_PDD.2
- DPN_PAI.2
- DSD_PDD.3
- DPN_PAV.4
- DSD_PDD.4
- DPN_PAI.3
- DPN_PAI.4
- DPN_PAI.5
(ISS)
- DPN_PAI.6
10. (ISS_PEI)
5. (DPN_PAR)
- ISS_PEI.1
- DPN_PAR.1
- ISS_PEI.2
- DPN_PAR.2
- ISS_PEI.3
- DPN_PAR.3
- ISS_PEI.4
- DPN_PAR.4
- ISS_PEI.5
- DPN_PAR.5
- ISS_PEI.6
- DPN_PAR.6
11. (ISS_PCS)
- ISS_PCS.1
(DSR)
- ISS_PCS.2
6. (DSR_PSN)
- ISS_PCS.3
- DSR_PSN.1
- ISS_PCS.4
12. (ISS_PMS)
- DSR_PSN.2 ,
- ISS_PMS.1
- ISS_PMS.2
- DSR_PSN.3
- ISS_PMS.3
- DSR_PSN.4
- ISS_PMS.4
- DSR_PSN.5
- ISS_PMS.5
- DSR_PSN.6
- ISS_PMS.6
- DSR_PSN.7
- ISS_PMS.7
13. (ISS_PAS)
(DSA)
- ISS_PAS.1
7. (DSA_PPI)
- ISS_PAS.2
- DSA_PPI.1
- ISS_PAS.3 ,
- DSA_PPI.2
- ISS_PAS.4
- DSA_PPI.3
8. (DSA_PHD)
- DSA_PHD.1
(APE)
- 281 -
B.
14. (APE_PVV)
15. (APE_PBA)
- APE_PVV.1
- APE_PBA.1
- APE_PVV.2
- APE_PBA.2
- APE_PVV.3
- APE_PBA.3
- APE_PVV.4
- APE_PBA.4
- APE_PVV.5
- APE_PBA.5
----------------------------------------------------------------------------------------------------------------(2) ()
o 0
.
.
.
o 1
.
, .
.
,
. .
.
1.1 :
. ,
.
1) GP 1.1.1 :
.
o 2
. .
.
.
.
.
2.1: 1
.
- 282 -
B.
.
(, , ) .
1) GP2.1.1 : (, ,
) .
2) GP2.1.2 :
.
3) GP2.1.3 :
.
4) GP2.1.4 :
.
5) GP2.1.5 :
.
6) GP2.1.6 : .
2.2 : 2
.
1) GP 2.2.1 , : ,
.
2) GP 2.2.2 :
.
2.3 : 2
.
1) GP 2.3.1 : .
2) GP 2.3.2 :
.
2.4 :
, .
, .
1) GP 2.4.1 :
.
2) GP 2.4.2 :
.
- 283 -
B.
o 3
,
.
, .
.
.
3.1 :
.
.
.
,
.
.
1) GP 3.1.1 :
.
2) GP 3.1.2 :
.
3.2 :
.
, ,
.
.
1) GP 3.2.1 :
.
2) GP 3.2.2 :
.
3) GP 3.2.3 :
.
3.3
1) GP 3.3.1 :
2) GP 3.3.2 :
- 284 -
B.
3) GP 3.3.3 :
o 4
.
. ,
.
.
.
4.1 :
. .
.
1) GP 4.1.1 :
.
4.2 :
,
.
.
.
1) GP 4.2.1 :
.
2) GP 4.2.2 : ,
.
o 5
.
.
.
.
5.1 :
,
. ,
- 285 -
B.
.
,
, .
.
1) GP 5.1.1 :
.
2) GP 5.1.2 :
.
5.2 :
.
1) GP 5.2.1 : .
2) GP 5.2.2 :
.
3) GP 5.2.3 :
.
- 286 -
C.
C.
y
,
.
ISO/IEC 19791 (
, SP 800-53A
ISO/IEC 19791 .).
C.1 19791-TR
C.2 ISMS , KISA
C.3 (, 2005, )C.4 CC 2.3
C.5 ACSI 33(19 September 2005) -
C.6 SP 800-53 (20063)
C.7 ISO/IEC 17799:2000
C.8 ISO/IEC 17799:2005
C.9 COBiT Domains PROCESS
C.10 NIST 800-12(An Introduction to Computer Security: The NIST Handbook)
C.11 DIACAP ( I&A) DoD 8500.2, 2004
C.12 SP 800-26 ()
C.13
C.14 SSE-CMM
C.15 IT Baseline Protection Manual (BPM)
19791-3
1. Administration (FOD)
ISMS
1.1.2 :
1.
1.1
1.2
I.
1.1
1.1.1
1.1.2
1.2
1.2.1
1.2.2
1.3
1.3.1
1.2 (Personnel
2.
2.1
4.
4.2
1.1 (Policy
administration, FOD_POL)
1.1.1 : ,
(goal) ,
- 287 -
ASCI 133
1.
1.1
1.1.1
1.1.2
2.1
2.1.1
2.1.2
2. (Personnel)
C.
administration, FOD_PSN)
1.2.1 ():
(disciplinary action) ,
(agreement) ,
,
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.2 2.1
5.
4.3 (Awareness)
5.1
2.2
5.1.1
2.2
5.1.2
2.3
2.2.1
5.1.3
2.2.2
5.2
2.3
2.3.1
2.3.2
2.3.3
13.
13.1
13.1.1
13.1.2
1.4 (Incident
management administration,
13.2
FOD_INC)
13.2.1
1.4.1 :
, 13.2.2
13.2.3
13.3
13.3.1
2.
2.1
1.5 (Security
2.
1.2
organization administration,
2.1
1.2.1
2.1.1
FOD_ORG)
1.2.2
2.1.2
1.5.1 :
1.2.3
2.2
2.2.1
2.2.2
1.6 (Service
agreements administration,
FOD_SER)
1.6.1 :
,
2. IT Systems (FOS)
3.
3.1 7.2
7.2.1
3.1.1 7.2.2
7.2.3
- 288 -
3
6.3.1
6.3.2
6.3.3
6.3.4
7.4
C.
2.1.2 : ,
2.1.3 :
8.3
8.3.1
2.2
8.3.2 8.2
(Configuration of IT systems,
8.3.3
8.2.1
FOS_CNF)
2.2.1 : 11.
8.2.2
11.1
8.2.3
11.1.1
7.1
2.2.2 : 11.1.2
11.1.3
11.1.4
11.1.5
2.3 (Network
security of IT systems, FOS_NET)
2.3.1 : 11.3
11.3.1
11.3.2
2.3.2 : 11.3.3
, ,
10.
10.1
6.2
10.2
6.2.1 10.3 Gateways
10.4 Firewalls
6.2.2
10.5 Diodes
6.2.3
10.6
6.2.4
10.7
6.2.5
10.8 VPN
6.2.6
10.9 Peripheral
6.2.7
Switches
10.10 LANs
10.11
4. ,
2.4 ( of IT 14.1
systems, FOS_MON)
14.1.1
2.4.1 . , 14.1.2
, , 14.1.3
(Active)
14.2 2.4
7.6
7.1 IDS
14.2.1
7.6.1
2.4.2 . 14.2.2
7.2
7.6.2
14.2.3
7.6.3
2.4.3 (alarm) . 14.3
7.3
14.3.1
14.3.2
7.4
(response)
14.3.3
2.4.4 . 14.4
14.4.1
14.4.2
2.5
10.2
(Personnel control of IT systems,
10.2.1
(FOS_PSN)
10.2.2
2.5.1 (authorization) : 10.2.3
10.2.4
10.2.5
10.3
2.5.2 : 10.3.1
10.3.2
2.5.3 : 10.3.3
10.3.4
5.1
-
6.
6.1
6.4
6.1
6.4.1
6.2
6.4.2
6.4.3
(Privileged and
6.4.4
System Accounts)
6.5 6.3
(Authorisation)
2.6 11.2
11.2.1
(Operational system assets of IT
7.7
- 289 -
3. (ICT)
C.
systems, FOS_OAS)
2.6.1 :
, ,
2.6.2 : SW
(housekeeping)
11.2.2
11.2.3
11.2.4
11.2.5
11.2.6
11.2.7
11.2.8
4. Business (FOB)
4.1 (Business
policies, FOB_POL)
4.1.1 :
,
,
(),
() .
4.2 (Business
continuity, FOB_BCN)
4.2.1 : ,
restore
,
15.
15.1
15.1.1
15.1.2
15.2
15.2.1
15.2.2
15.2.3
15.3
15.3.1
15.3.2
11.6.1
- 290 -
3.1 DSD
3.2 Product
Selection
Acquiring
Products Installing
and Using
Products
3.3
5.2 DB
5.3
5.4 E-mail
5.5 E-Mail -
(Protective)
C.
,
.
(unattended)
5.2 (Removable
equipment, FOP_RMM)
5.2.1 :
,
,
3.3
1.1
(Removable)
8.
(Comsec.)
8.1
8.2
8.3
8.4
8.5
8.6 IP Telephony
8.9 Pagers
8.10
5.4 (System
equipment, FOP_SYS)
5.4.1 :
(fallback) ,
,
1.2
1.3
4. HW
4.1 HW ,
4.2 HW
4.3 HW
4.4
(Sanitisation)
4.4
(Destruction)
4.5
PDA
7.
7.1
5.5 (Facility
7.1.1
management, FOP _MNG)
5.5.1 : , 7.1.2
7.2
7.2.1
. 7.2.2
7.2.3
. , 7.3
, 7.3.1
(separation) 7.3.2
7.3.3
7.3.4
5.5.2 : 7.3.5
7.3.6
7.4
6. Third Parties (FOT)
- 291 -
5.
5.1
5.1.1
5.1.2
5.1.3 .
5.1.4
5.1.5
5.2
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
1.
Physical security
1.4
1.5
1.7
(Seals)
1.8
1.9
C.
8.3
3.1.2 3 7.3
6.2.2 : 3.2
7.3.1
3.2.1
. 3.2.2 3
7.3.2
.
.
7. Management (FOM)
9.
9.1
9.1.1
9.1.2
9.1.3
9.2
9.2.1
9.2.2
9.2.3
9.3
9.3.1
9.3.2
9.4
7.1
(Management of security
parameters, FOM_PRM)
7.1.1 . 9.
9.2
(recovery) 9.3
, .
7.1.2 .
(segregation).
2.
7.2 (Management 2.2
4.
of asset classification, FOM_CLS) 4.1
7.2.1 :
.
4.1.1
7.2.2 : 4.1.2
4.2
.
4.2.1
4.2.2
6.
7.3
6.1
(Management of personnel security 6.1.1.
6.1.2
responsibilities, FOM_PSN)
7.3.1 : 6.2
().
6.2.1
7.3.2 : 6.2.2
6.3
(assignment)
6.3.1
7.4 (Management
2.
of security organization,
2.1
FOM_ORG)
2.1.1
7.4.1 () : 2.1.2
2.2
7.4.2 : 2.2.1
2.2.2
7.5 (Management 5.
of security reporting, FOM_INC) 5.1
7.5.1 : 5.2
- 292 -
3.
3.1
3.1.1
3.1.2
3.1.3
3.2
3.2.1
3.2.2
3.2.3
9.
9.1
9.2 DSD
(DACAs)
9.3 DSD
(DACPs)
9.4 SSL/TLS
9.5 Secure Shell
(SSH)
9.6 Secure
Multipurpose
Internet Mail
Extension
(S/MIME)
9.7 FIPS 140
9.8
C.
5.3
4.
4.1
7.5 PC
8.
8.1
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.2
8.2.1
8.2.2
8.2.3
8.2.4
8.
8.1
8.1.1 5.6 SW
8.1.2
8.1.3
12.
12.1
12.2
12.3
12.4
12.5
C.1 19791-TR
(mgmt.)
adm.
IT
1. Administration (FOD) :
administration, FOD_RSM)
1.4 (Incident management
(adm.)
administration, FOD_INC)
1.5 (Security
FOD_POL)
organization administration,
FOD_ORG)
1.6 (Service agreements
administration, FOD_SER)
- 293 -
C.
FOP_MOB)
5.2
(Removable
equipment, FOP_RMM)
systems, FOS_POL)
5.3
2.2 (Configuration of
(Remote
equipment,
FOP_RMT)
IT systems, FOS_CNF)
2.3 (Network
FOP_SYS)
2.4 ( of IT
FOP _MNG)
systems, FOS_MON)
2.5 (Personnel
6.2
(Third
party
management (FOT_MNG):
systems, FOS_OAS)
systems, FOS_RCD)
(management)
7.1 (Management
of security parameters, FOM_PRM):
7.2 (Management
of
protection, FOA_PRO)
3.2 (User assets
7.3 (Management
of personnel security responsibilities,
FOM_PSN):
4. Business (FOB) :
7.4 (Management
of
FOB_POL)
4.2 (Business
7.5 (Management of
continuity, FOB_BCN)
- 294 -
C.
SPP (ASP)
ASP_INT: SPP ;
(ASD),
ASP_CCL: ;
ASD_IMP.1
ASP_ECD: ;
ASD_SSD.1
ASP_SPD: ;
ASD_CMP.1
ASP_OBJ: ;
ASP_REQ: ;
ASP_DMI: ;
ASD_IFS.1
ASP_DMC: ;
ASD_SAD.1
ASP_DMP:
ASD_COM.1
ASP_DMO: ;
ASP_DMR: .
(AOD)
AOD_USR.1
SST (ASS)
SSF
ASS_INT: SST ;
AOD_USR.2 SSF
ASS_CCL: ;
ASS_ECD: ;
AOD_ADM.1
ASS_SPD: ;
SSF
ASS_OBJ: ;
AOD_ADM.2 SSF
ASS_REQ: ;
AOD_OCD.1
ASS_DMC: ;
AOD_OCD.2
ASS_DMP:
AOD_SIC.1 STOE
AOD_SIC.2
ASS_DMO: ;
ASS_DMR: .
(AOC)
AOC_OBM.1
(AOL)
AOL_DVS.1
AOL_DVS.2
AOC_OBM.2
AOC_ECP.1
AOC_ECP.2
(
AOC_CPP.1 PP
AOC_CPP.2 PP
- 295 -
C.
AOV_MSU.2
AOC_NCP.1
AOC_NCP.2
AOV_SOF.1 STOE
AOV_VLA.1-4
(ASI),
(AOT)
AOT_FUN.1 SSF
ASI_AWA.1
(Awareness
AOT_FUN.2
training)
AOT_DPT.1
ASI_AWA.2
AOT_DPT.2
ASI_CMM.1 ()
AOT_DPT.3
ASI_CMM.2 () SSF
AOT_DPT.4
AOT_IND.1~3 SSAOT_REG.1
(Regression testing)
ASO_RCD.1 SSF
ASO_RCD.2 SSF
(AOV),
ASO_VER.1 SSF
ASO_VER.2 SSF
ASO_MON.1 SSF
AOV_MSU.1
AOV_MSU.2
ASO_MON.2
2.1
2.2
3
3.1
3.2
- 296 -
C.
3.3
3.4
3.5
6.3
4.
4.1
4.2
7.
7.1
7.2
7.3
7.4
5.
5.1
5.2
5.3
II.
1.
1.1
1.2
1.3
8.
8.1
8.2
8.3
9.
9.1
9.2
9.3
2.
2.1
2.2
10.
10.1
10.2
10.3
3.
3.1
3.2
4.
4.1
4.2
5.
5.1
5.2
6.
6.1
6.2
11.
11.1
11.2
11.3
11.4
11.5
11.6
12.
12.1
12.2
12.3
12.4
12.5
- 297 -
C.
13.
13.1
13.2
13.3
14. ,
14.1
14.2
14.3
14.4
15.
15.1
15.2
15.3
C.3 2005() -
1.
6.1
1.1
6.2
1.2
6.3
6.4
2.
6.5
2.1
2.2
7.
2.3
7.1
2.4
7.2
7.3
3.
7.4
3.1
7.5 PC
3.2
7.6
3.3
7.7
4.
8.
4.1
8.1
4.2
8.2
4.3
8.3
5.
9.
5.1
9.1
5.2
9.2
9.3
6.
9.4
- 298 -
C.
C.4 CC 2.3
1. (FAU)
1.1 (FAU_ARP)
1.2 (FAU_GEN)
1.3 (FAU_SAA)
1.4 (FAU_SAR)
1.5 (FAU_SEL)
1.6 (FAU_STG)
5. (FIA)
5.1 (FIA_AFL)
5.2 (FIA_ATD)
5.3
(FIA_SOS)
5.4 (FIA_UAU)
5.5 (FIA_UID)
5.6 - (FIA_USB)
2. (FCO)
2.1 (FCO_NRO)
2.2 (FCO_NRR)
3. (FCS)
3.1 (FCS_CKM)
3.2 (FCS_COP)
4. (FDP)
4.1 (FDP_ACC)
4.2 (FDP_ACF)
4.3 (FDP_DAU)
4.4 TSF
(FDP_ETC)
4.5 (FDP_IFC)
4.6 (FDP_IFF)
4.7 TSF
(FDP_ITC)
4.8 TOE (FDP_ITT)
4.9 (FDP_RIP)
4.10 (FDP_ROL)
4.11
(FDP_SDI)
4.12 TSF
(FDP_UCT)
4.13 TSF
(FDP_UIT)
6. (FMT)
6.1 TSF (FMT_MOF)
6.2 (FMT_MSA)
6.3 TSF (FMT_MTD)
6.4 (FMT_REV)
6.5 (FMT_SAE)
6.6 (FMT_SMF)
6.7 (FMT_SMR)
7. (FPR)
7.1 (FPR_ANO)
7.2 (FPR_PSE)
7.3 (FPR_UNL)
7.4 (FPR_UNO)
8. TSF (FPT)
8.1 (FPT_AMT)
8.2 (FPT_FLS)
8.3 TSF
(FPT_ITA)
8.4 TSF
(FPT_ITC)
8.5 TSF
(FPT_ITI)
8.6 TSF (FPT_ITT)
8.7 TSF (FPT_PHP)
8.8 (FPT_RCV)
- 299 -
C.
8.9 (FPT_RPL)
8.10
(FPT_RVM)
8.11 (FPT_SEP)
8.12 (FPT_SSP)
8.13 (FPT_STM)
8.14 TSF TSF
(FPT_TDC)
8.15 TSF
(FPT_TRC)
8.16 TSF (FPT_TST)
9.2 (FRU_PRS)
9.3 (FRU_RSA)
10. TOE (FTA)
10.1
(FTA_LSA)
10.2 (FTA_MCS)
10.3 (FTA_SSL)
10.4 TOE (FTA_TAB)
10.5 TOE (FTA_TAH)
10.6 TOE (FTA_TSE)
11. /(FTP)
11.1 TSF (FTP_ITC)
11.2 (FTP_TRP)
9. (FRU)
9.1 (FRU_FLT)
1.1 (Removable)
3.3
1.2
1.3
4. HW
1.4
4.1 HW ,
1.5
4.2 HW
1.7 (Seals)
4.3 HW
1.8
4.4 (Sanitisation)
1.9
4.4 (Destruction)
4.5 PDA
2. (Personnel)
2.1 (Awareness)
5. SW
2.2
5.1 -
2.3
5.2 DB
5.3
3. (ICT)
5.4 E-mail
3.1 DSD
5.5 E-Mail -
- 300 -
(protective)
C.
5.6 SW
9.
9.1
6.
9.2 DSD
6.1
(DACAs)
6.2 (privileged
and system accounts)
6.3 (authorisation)
7. (Active)
Extension (S/MIME)
7.1 IDS
7.2
9.8
7.3
7.4
10.
10.1
8. (Comsec.)
10.2
8.1
10.3 Gateways
8.2
10.4 Firewalls
8.3
10.5 Diodes
8.4
10.6
8.5
10.7
8.6 IP Telephony
10.8 VPN
8.9 Pagers
8.10
10.10 LANs
10.11
I. (management)
1. (Risk Assessment; RA)
2. (Planning: PL)
RA-1.
PL-1.
RA-2. (categorization)
PL-2.
RA-3.
PL-3.
RA-4.
PL-4.
RA-5.
PL-5.
- 301 -
C.
PL-6.
PS-5. (transfer)
PS-6. (Access Agreements)
3. (Acquisition;
PS-7.
SA)
PS-8. (sanctions)
SA-1.
6. (Physical and
SA-2.
SA-3.
PE-1.
SA-4.
SA-5.
PE-2. (authorizations)
SA-6. SW
PE-3.
SA-7. SW
PE-4.
SA-8.
PE-5.
SA-9.
SA-10.
PE-6.
SA-11.
PE-7.
PE-8.
4. ,
PE-9.
PE-10. Shutoff
PE-11.
CA-1. ,
PE-12. (Lighting)
PE-13. (protection)
CA-2.
PE-14.
CA-3.
PE-15. (protection)
CA-4.
PE-16.
CA-5.
PE-17.
CA-6.
PE-18.
CA-7.
PE-19.
II. (operational)
7.
()(Contingency
Planning; CP)
PS-1.
CP-1.
CP-2.
CP-3.
PS-4. (termination)
CP-4.
- 302 -
C.
CP-5.
SI-7. SW
CP-6.
SI-8.
CP-7.
SI-9.
CP-8.
SI-10. ,
CP-9.
SI-11.
CP-10.
SI-12.
(reconstitution)
(retention)
8. (Configuration Management;
11. (Media Protection; MP)
CM)
CM-1.
MP-1.
CM-2.
MP-2.
CM-3.
MP-3.
CM-4.
MP-4.
CM-5.
MP-5. (Transport)
CM-6.
MP-6. (sanitization)
(disposal)
CM-7.
9. (Maintenance; MA)
MA-1.
IR-1.
MA-2.
IR-2.
MA-3.
IR-3.
MA-4.
IR-4.
MA-5.
IR-5.
MA-6.
IR-6.
IR-7.
(Awareness
and
Training; AT)
SI-1.
AT-1.
SI-2.
AT-2.
SI-3 . (protect)
AT-3.
SI-4. IDS
AT-4.
SI-5. (Alerts)
AT-5.
SI-6.
- 303 -
C.
III.
16.
(Audit
and
Accountability; AU)
AU-1.
Authentication; IA)
IA-1.
AU-2.
IA-2.
AU-3.
IA-3.
AU-4.
IA-4.
AU-5.
IA-5.
AU-6. ,
IA-6.
AU-7. (reduction)
IA-7.
AU-8.
15. (Access Control; AC)
AU-9.
AC-1.
AU-10.
AC-2. (Account)
AU-11. (retention)
AC-3.
AC-4.
AC-5. (duty)
AC-6.
SC-1.
AC-7.
SC-2. (partitioning)
AC-8. (notification)
SC-3. (isolation)
AC-9.
SC-4. (remnants)
AC-10.
SC-5. (protection)
AC-11.
SC-6.
AC-12.
SC-7.
AC-13. (supervision)
SC-8. (transmission)
SC-9.
AC-14. w/o
SC-10.
AC-15.
SC-11.
SC-12. (establishment)
AC-16.
AC-17.
SC-13.
AC-18.
SC-14. (protection)
AC-19.
SC-15.
AC-20.
SC-16.
SC-17. PKI
- 304 -
C.
SC-18.
(authoritative source)
SC-21.
SC-19. VOIP
SC-20.
(resolution)
1.
3.2.2
1.1
1.1.1
4. (PERSONNEL)
1.1.2
4.1
(resourcing)
2. (ORGANIZATIONAL
4.1.1
4.1.2 (personnel screening)
SECURITY)
2.1.1
4.1.3 (confidentiality)
2.1.2 (co-ordination)
2.1
2.1.3
4.2
2.1.4
4.2.1
(authorization)
4.3
2.1.5
2.1.6
4.3.1
2.1.7
4.3.2 ()
4.3.3
2.2
2.2.1
4.3.4
2.2.2
2.3
2.3.1
5.
5.1
5.1.1
5.1.2
3.1
5.1.3 ,
5.1.4
3.1.1 (inventory)
3.2
5.1.5
3.2.1
- 305 -
C.
6.6.2
5.2.1 (siting)
6.6.3
5.2.2
6.6.4
5.2.3 (Cabling)
6.7 SW
5.2.4
6.7.1
5.2.5 (off-premises)
6.7.2
5.2.6
6.7.3
5.3
6.7.4
6.7.5
5.3.1
6.7.6
5.3.2 ()
6.
6.7.7
6.1
()
6.1.1
6.1.2
7.
6.1.3
7.1
6.1.4
7.1.1
6.1.5
7.2
6.1.6
7.2.1
6.2 (acceptance)
6.2.1
7.2.2
6.2.2
7.2.3
7.2.4
6.3 SW(protection)
6.3.1
6.4 (HOUSEKEEPING : )
7.3
6.4.1
7.3.1
6.4.2
7.3.2 (Unattended)
6.4.3
7.4
6.5
7.4.1
6.5.1
6.6
6.6.1
- 306 -
7.4.2
7.4.3
C.
7.4.4
7.4.5
8.2.4
8.3
7.4.6
8.3.1
7.4.7
8.3.2
7.4.8
8.3.3
7.4.9
8.3.4
7.5 OS
7.5.1
8.3.5
8.4
7.5.2
8.4.1
7.5.3
8.4.2
7.5.4
7.5.5
8.4.3
7.5.6 (safeguard
user)
8.5
7.5.7 (time-out)
8.5.1
7.5.8
8.5.2
7.6.1
8.5.3
7.6.2
7.6
8.5.4
7.7
8.5.5
7.7.1
7.7.2
7.7.3 (Clock)
7.8
9.
9.1
(teleworking)
9.1.1
7.8.1
9.1.2
7.8.2
9.1.3
9.1.4 ()
8.
9.1.5 ,
8.1
8.1.1
8.2
8.2.1 (validation)
10. (COMPLIANCE)
10.1
8.2.2
10.1.1
8.2.3
10.1.2 (IPR)
- 307 -
C.
10.1.3
10.2.1
10.1.4
10.2.2
10.3
10.1.5
10.3.1
10.1.6
10.3.2
10.1.7
10.2
5.
(adressing)
5.1
6.2.3
5.1.1
7.
5.1.2
7.1
6.
7.1.1
6.1
7.1.2
6.1.1
7.1.3 (Acceptable)
(commitment)
6.1.2
6.1.3
7.2
6.1.4
7.2.1
7.2.2
(athorization)
6.1.5
6.1.6 (contact)
8.
6.1.7
8.1
6.1.8
8.1.1
8.1.2 (screening)
8.1.3
6.2
conditions)
6.2.1
6.2.2
- 308 -
(terms
and
C.
8.2
10.1.4
8.2.1
8.2.2 ,
10.2
8.2.3
10.2.1
10.2.2
8.3
8.3.1
10.2.3
8.3.2
10.3 (acceptance)
8.3.3
10.3.1
9.
10.3.2
9.1
10.4
9.1.1
(protection)
9.1.2
9.1.3 ,
10.4.1
9.1.4
10.4.2
9.1.5
10.5
10.5.1
9.1.6 ,
10.6
9.2
10.6.1
9.2.1
10.6.2
9.2.2
9.2.3
10.7
9.2.4
10.7.1
9.2.5
10.7.2
9.2.6
10.7.3
9.2.7
10.7.4
10.8
10.
10.8.1
10.1
10.8.2
10.1.1
10.8.3
10.1.2
10.8.4
10.1.3
10.8.5
- 309 -
C.
11.4.5
10.9
11.4.6
10.9.1
11.4.7
10.9.2
10.9.3
11.5 OS
11.5.1
10.10
11.5.2
10.10.1
11.5.3
10.10.2
11.5.4
10.10.3
11.5.5
10.10.4
11.5.6
10.10.5
10.10.6
11.6
11.6.1
11.
11.6.2
11.1
11.1.1
11.7
(Teleworking)
11.7.1
11.2
11.7.2
11.2.1
11.2.2
12.
11.2.3
12.1
11.2.4
12.1.1
12.2
11.3
12.2.1
11.3.2
12.2.2
11.3.3
12.2.3
12.2.4
11.4
11.4.1
12.3
11.4.2
12.3.1
12.3.2
11.4.3
11.4.4
12.4
12.4.1 SW
- 310 -
C.
12.4.2
14.1.4
12.4.3
14.1.5 ,
12.5
15. (Compliance)
12.5.1
15.1
12.5.2
15.1.1
15.1.2 (IPR)
12.5.3
15.1.3
15.1.4
12.5.4 (Leakage)
12.5.5
15.1.5
12.6
12.6.1
15.1.6
13.
15.2
13.1
13.1.1
15.2.1
13.1.2
15.2.2
13.2
15.3
13.2.1
15.3.1
13.2.2
15.3.2
(Learning)
13.2.3
14.
14.1
14.1.1
14.1.2
14.1.3
<>
ISO17799:2000
ISO 17799:2005
- 311 -
C.
Clause Sec
3.1
Securit 3.1.
1
y
Policy 3.1.
2
Control Objective/Control
Information Security Policy
Information Security Policy
Document
Clause
4.1
4.1.
1
4.1.
2
4.1.
3
4.1.
4
4.1.
5
Organi
4.1.
zational
6
Securit
4.1.
y
7
6.1
Internal Organization
Management Commitment to
6.1.1
information security
5.
Security
Policy
6.2
External Parties
Inventory of Assets
Classification Guidelines
Information Classification
Control Objective/Control
Information Security Policy
6.2.1
4.3 Outsourcing
5.1
5.1.
1
Asset
Classifi 5.2
cation 5.2.
1
and
Control
5.2.
2
Sec
5.1
6.1
- 312 -
C.
Physica
l and
Enviro
nmenta
l
Securit
y
Comm
unicati
ons
and
Operati
ons
Manag
ement
7.1
7.1.
1
7.1.
2
7.1.
3
7.1.
4
7.1.
5
Security Areas
9.1
9.1.4
9.1.6
9.
Physical 9.2
and
Environm
9.2.1
ental
Security
9.2.2
Secure Areas
Protecting
against
environmental threats
and
Equipment Maintenance
external
Removal of property
Operational Procedures and
responsibilities
8.1.
Documented operating Procedures
1
8.1.
Operational change control
2
8.1. Incident Management procedure
10.
Communi
cations
and
Operation
s
Managem
ent
- 313 -
10.1
Operational
responsibilities
Procedures
10.1.
Documented operating Procedures
1
10.1.
Change Management
2
10.1. Segregation of Duties
and
C.
3
8.1.
4
8.1.
5
8.1.
6
3
10.1. Separation
of
development
and
4
Operations facilities
Third
Party
Service
Delivery
10.2
Management
10.2.
Service Delivery
1
10.2. Monitoring and review of third party
2
services
10.2. Manage changes to the third party
3
services
Segregation of Duties
Separation of development and
Operations facilities
External facilities Management
10.3
10.3.
Capacity management
1
10.3.
System acceptance
2
Protection against Malicious
10.4
Mobile Code
10.4.
Controls against malicious code
1
10.4.
Controls against Mobile code
2
8.4 Housekeeping
8.4.
Information back-up
1
8.4.
Operator logs
2
8.4.
Fault Logging
3
10.5
Back-Up
10.5.
Information Backup
1
8.5.
Network controls
1
10.6
8.6.
1
8.6.
2
8.6.
3
8.6.
4
Management of removable
computer media
10.6.
Network controls
1
10.6.
Security of Network services
2
Disposal of Media
10.7
- 314 -
10.7.
1
10.7.
2
10.7.
3
10.7.
4
and
Media Handling
Management of removable media
Disposal of Media
Information handling procedures
Security of system documentation
10.8
Exchange of Information
10.8.
1
10.8.
2
10.8.
3
10.8.
4
10.8.
Information
procedures
exchange
policies
Exchange agreements
Physical media in transit
Electronic Messaging
Business Information systems
and
C.
9.1
9.1.
1
9.2
9.2.
1
9.2.
2
9.2.
3
9.2.
4
9.3
9.3.
Access 1
control 9.3.
2
exchange
5
10.9
10.9.
1
10.9.
2
10.9.
3
10.10
10.10
.1
10.10
.2
10.10
.3
10.10
.4
10.10
.5
10.10
.6
11.1
Password Use
Unattended user equipment
11.1.
1
11.2
11.2.
1
11.2.
2
11.2.
3
11.2.
4
11.3
11.3.
1
11.3.
2
11.3.
3
Electronic Commerce
On-Line transactions
Publicly available information
Monitoring
Audit logging
Monitoring system use
Protection of log information
Administrator and operator logs
Fault logging
Clock synchronization
Business
Control
Requirement
Access
for
external
- 315 -
for
Enforced path
C.
6
9.4.
Network connection control
7
9.4.
Network Routing control
8
9.4.
Security of network services
9
5
11.4.
Network connection control
6
11.4.
Network Routing control
7
11.5 Operating System Access Control
11.5.
1
11.5.
2
11.5.
3
11.5.
4
11.5.
5
11.5.
6
Terminal time-out
Limitation of connection time
Application access control
Information access restriction
Sensitive system isolation
9.8.
Mobile computing
1
9.8.
Teleworking
2
- 316 -
12.1
12.1.
1
12.2
12.2.
1
12.2.
Control of internal processing
2
C.
10.2
.3
10.2
.4
10.3
10.3
.1
10.3
.2
10.3
.3
10.3
.4
10.3
.5
12.2.
3
12.2.
4
12.3
12.3.
1
12.3.
2
Message authentication
Output data validation
Cryptographic controls
Policy on the use of
cryptographic controls
Encryption
Digital Signature
12.4
12.4.
1
12.4.
2
12.4.
3
Non-repudiation services
Key Management
12.5
12.5.
1
12.5.
2
12.5.
3
12.5.
4
12.5.
5
12.6
Message integrity
Output data validation
Cryptographic controls
Policy on the use of cryptographic
controls
Key Management
Security of System Files
Control of Operational software
Protection of system test data
Access control to program source
library
Security in Development and Support
Processes
Change Control Procedures
Technical review of applications after
Operating system changes
Restrictions on changes to software
packages
Information Leakage
Outsourced Software Development
Technical Vulnerability Management
12.6.
Control of technical vulnerabilities
1
13.1
13.1.
Reporting Information security events
1
13.
13.1.
Reporting security weaknesses
Informati 2
on
Management of Information Security
Security 13.2
Incidents and Improvements
Incident
13.2.
Managem
Responsibilities and Procedures
1
ent
13.2. Learning for Information security
2
incidents
13.2.
Collection of evidence
3
Busines 11.1 Aspects of Business Continuity
Management
s
continu 11.1 Business continuity management
Information
Security
Aspects
14.
14.1
Business Continuity Management
Business
Continuit 14.1. Including Information Security
- 317 -
of
in
C.
.1
process
Business
process
continuity
14.1. Business
continuity
2 Assessment
management
and
Risk
y
Managem
developing
and
implementing
ent
14.1.
continuity plans including information
3
security
14.1. Business
continuity
planning
4 framework
14.1. Testing, maintaining and re-assessing
5 business continuity plans
- 318 -
C.
1.
PO1 IT
PO2
PO3
PO4
PO5 IT
PO6
PO7 OT
PO8
PO9
PO10
PO11
3.
DS1
DS2
DS3
DS4
DS5
DS6
DS7
DS8
DS9
DS10
DS11
DS12
DS13
2.
AI1
AI2
AI3
AI4
AI5 SW
AI6
4.
M1
M2
M3
M4
2.6 -
2.
2.1
2.2
2.3
2.4 -
2.5 -
3. (mgmt)
3.1 (assessment)
3.2 (mitigation)
3.3
4.
4.1
4.2
- 319 -
C.
4.3
4.4
4.5
5.
5.1
5.2
5.3
5.4
II.
6. /
6.1
6.2 (adm.)
6.3
6.4
11.
11.1
11.2
11.3 (utilities)
11.4
11.5 (interception)
11.6
7. (contingency)
Step 1: - -
Step 2:
Step 3:
Step 4:
Step 5:
Step 6:
8.
8.1
8.2
8.3
9. (awareness),
9.1
9.2
9.3
9.4
9.5
10.
10.1
10.2 SW
10.3
10.4
10.5
10.6
10.7
III.
12.
12.1
12.2
12.3
13.
13.1
13.2 :
(impetus)
13.3
13.4 (adm)
13.5 (coordinating)
14.
14.1
14.2
- 320 -
C.
15.
15.1
15.2
COAS-1,2 (A)
COBR-1 (A)
CODB-1,2,3 (A)
CODP-1,2,3 (A)
COEB-1,2 (enclave boundary)
(A)
COED-1,2 (A)
COEF-1,2 (A)
COMS-1,2 (A)
COPS-1,2,3 (A)
COSP-1,2 (A)
COSW-1 SW (A)
COTR-1 (A)
DCAR-1 (A)
DCAS-1 (C)
DCBP-1 (I)
DCCB-1 (I)
DCCS-1,2 (I)
DCCT-1 (A)
DCDS-1 (I)
DCFA-1 AIS (I)
DCHW-1 HW (A)
DCID-1 (I)
DCII-1 (I)
DCIT-1
(I)
DCMC-1 (I)
DCNR-1 (I)
DCPA-1 (I)
DCPB-1
(A)
DCPD-1 SW (A)
DCPP-1 , (A)
DCPR-1 (I)
DCSD-1 (A)
DCSL-1
(I)
DCSP-1 (I)
DCSQ-1 SW (I)
DCSR-1,2,3 (C)
DCSS-1,2 (I)
DCSW-1 SW (A)
EBBD-1,2,3 (C)
EBCR-1 (A)
EBPW-1 WAN (C)
EBRP-1 (C)
EBRU-1
(C)
EBVC-1 VPN (A)
ECAD-1 (affiliation) (C)
ECAN-1 Need-to-Know (C)
ECAR-1,2,3 (C)
ECAT-1,2, , ,
(I)
ECCD-1,2 (I)
ECCM-1 (COMSEC) (C)
ECCR-1,2,3 (
) (C)
ECCT-1,2 (
) (C)
ECDC-1 (I)
ECIC-1 (enclaves)
(C)
- 321 -
C.
PECF-1,2, (C)
PECS-1,2 (Clearing and
Sanitizing) (C)
PEDD-1 (C)
PEDI-1 (C)
PEEL-1,2 (A)
PEFD-1,2 (A)
PEFI-1 (A)
PEFS-1,2 (A)
PEHC-1,2 (A)
PEMS-1 (A)
PEPF-1,2 (C)
PEPS-1 (C)
PESL-1 (I)
PESP-1 (C)
PESS-1 (C)
PETC-1,2 (A)
PETN-1 (A)
PEVC-1 (C)
PEVR-1 (A)
PRAS-1,2 (C)
PRMP-1,2 (C)
PRNK-1 Need-to-Know
(C)
PRRB-1
(A)
PRTN-1 (I)
VIIR-1,2 (A)
VIVM-1 (A)
C.12 SP 800-26 ()
I.
1.
- 322 -
C.
1.1
1.2.
7.
7.1.
2.
7.2.
2.1
7.3.
2.2.
8. , /
8.1.
3.
8.2.
3.1.
3.2.
9.
9.1.
4. (authorize) (&)
9.2.
4.1. /
4.2.
10.
10.1. SW SW
4.2.1
10.2. HW
SW ,
10.3.
5.
5.1. ,
11.
11.1. SW
5.2.
11.2.
II.
6.
6.1.
6.2.
12.
12.1. SW/HW
- 323 -
C.
12.2.
15.2.
13. ,
16.
13.1.
16.1.
16.2. :
14.
14.1.
16.3. ,
14.2.
17.
III.
17.1.
15.
15.1. ,
I.
1. (MOA)
(MOA_ORG)
(MOA_MLC)
(MOA_LCP)
(MOA_OKR)
IA (MOA_DRV)
2. (MSP)
(MSP_ISP)
(MSP_RPG)
3
(MSP_TFR)
(MSP_MSD)
3. (MSR)
(MSR_SRE)
(MSR_ISN)
(MSR_ISP)
(MSR_ISC)
(MSR_TSR)
4. (MCP)
(MCP_LCP)
IS (MCP_LOG)
(MCP_CCK)
5. (MIP)
(MIP_IOP)
(MIP_LRP)
(MIP_SRP)
(MIP_LPC)
(MIP_CIP)
- 324 -
C.
(MIP_MEP)
(MIP_AES)
6. (MPB)
(MPB_IAP)
(MPB_AOB)
(MPB_CPC)
(MPB_CPD)
7. (MPS)
(MPS_SCR)
(MPS_SAW)
(MPS_SED)
(MPS_ACI)
(MPS_IAT)
(MPS_SMP)
8. (MAD)
(MAD_ASR)
(MAD_AFS)
(MAD_DMS)
(MAD_EPY)
9. (MAS)
(MAS_ASL)
(MAS_DMT)
(MAS_AMG)
(MAS_SDC)
(MAS_DCC)
(MAS_DLP)
(MAS_DMP)
(MAS_PCM)
10. (MPH)
(MPH_SAR)
(MPH_ZIP)
(MPH_ZPP)
(MPH_ARU)
(MPH_PAC)
(MPH_ASR)
,
(MPH_DMP)
(MPH_CAS)
11. (MCO)
(MCO_OER)
(MCO_MAC)
(MCO_LCS)
(MCO_CUS)
(MCO_MFC)
(MCO_VPT)
E-Mail (MCO_EMS)
OA (MCO_OAS)
(MCO_SRE)
(MCO_DOP)
(MCO_STO)
(MCO_INM)
(MCO_AUD)
(MCO_MCB)
12. (MCC)
(MCC_NEC)
(MCC_CCC)
(MCC_SDC)
(MCC_TIC)
13. (ADM)46
(ADM_DRP)
(ADM_MRP)
II. ()
(DPN)
1. (DPN_PSD)
- DPN_PSD.1
2. (DPN_PAT)
- DPN_PAT.1
- DPN_PAT.2
- 325 -
C.
- DPN_PAT.3
- DSR_PSN.4
- DPN_PAT.4
- DSR_PSN.5
- DPN_PAT.5
- DPN_PAT.6
- DSR_PSN.6
3. (DPN_PAV)
- DSR_PSN.7
- DPN_PAV.1
- DPN_PAV.2
(DSA)
- DPN_PAV.3
7. (DSA_PPI)
- DPN_PAV.4
- DSA_PPI.1
- DPN_PAV.5
- DSA_PPI.2
4. (DPN_PAI)
- DSA_PPI.3
- DPN_PAI.1
8. (DSA_PHD)
- DPN_PAI.2
- DSA_PHD.1
- DPN_PAI.3
- DSA_PHD.2
- DPN_PAI.4
(DSD)
9. (DSD_PDD)
- DPN_PAI.5
- DPN_PAI.6
- DSD_PDD.1
5. (DPN_PAR)
- DSD_PDD.2
- DPN_PAR.1
- DSD_PDD.3
- DPN_PAR.2
- DPN_PAR.3
- DSD_PDD.4
- DPN_PAR.4
- DPN_PAR.5
(ISS)
- DPN_PAR.6
10. (ISS_PEI)
- ISS_PEI.1
(DSR)
- ISS_PEI.2
6. (DSR_PSN)
- DSR_PSN.1
- DSR_PSN.2 ,
- DSR_PSN.3
- ISS_PEI.3
- ISS_PEI.4
- ISS_PEI.5
- ISS_PEI.6
11. (ISS_PCS)
- ISS_PCS.1
- ISS_PCS.2
- 326 -
C.
- ISS_PCS.3
- ISS_PCS.4
(APE)
12. (ISS_PMS)
14. (APE_PVV)
- ISS_PMS.1
- APE_PVV.1
- ISS_PMS.2
- ISS_PMS.3
- APE_PVV.2
- ISS_PMS.4
- APE_PVV.3
- ISS_PMS.5
- APE_PVV.4
- ISS_PMS.6
- APE_PVV.5
- ISS_PMS.7
15. (APE_PBA)
13. (ISS_PAS)
- APE_PBA.1
- ISS_PAS.1
- APE_PBA.3
- ISS_PAS.2
- APE_PBA.4
- ISS_PAS.3 ,
- APE_PBA.5
- APE_PBA.2
- ISS_PAS.4
III.
. CC
C.14. SSE-CMM
ISO/IEC 21827 Information technology Systems Security Engineering Capability
Maturity
Model (SSE-CMM), 2002. PA: Process Area, BP: Base Practice
PA01
BP.01.01:
BP.01.02:
BP.01.03:
, ,
BP.01.04:
PA02
BP.02.01: /
,
BP.02.02:
BP.02.03:
BP.02.04:
BP.02.05:
BP.02.06:
- 327 -
C.
PA03
BP.03.01:
, ,
BP.03.02: //
BP.03.03:
BP.03.04:
BP.03.05:
BP.03.06:
PA04
BP.04.01:
BP.04.02:
/
BP.04.03:
BP.04.04:
BP.04.05:
BP.04.06:
PA05
BP.05.01:
, ,
BP.05.02:
BP.05.03:
BP.05.04:
BP.05.05:
PA06
BP.06.01:
BP.06.02:
BP.06.03:
BP.06.04:
BP.06.05:
PA07
BP.07.01:
BP.07.02:
BP.07.03:
BP.07.04:
PA08
BP.08.01:
BP.08.02: , , , ,
BP.08.03:
BP.08.04:
BP.08.05:
BP.08.06:
BP.08.07:
PA09
BP.09.01:
, ,
BP.09.02:
BP.09.03:
- 328 -
C.
BP.09.04:
BP.09.05:
BP.09.06:
PA10
BP.10.01:
BP.10.02: ,
, ,
BP.10.03:
BP.10.04:
BP.10.05:
BP.10.06:
BP.10.07:
PA11
BP.11.01:
BP.11.02:
BP.11.03:
BP.11.04:
BP.11.05: /
PA12
BP.12.01:
BP.12.02:
BP.12.03:
BP.12.04:
BP.12.05:
BP.12.06:
BP.12.07:
PA13
BP.13.01:
BP.13.02:
BP.13.03:
BP.13.04:
BP.13.05:
PA14
BP.14.01:
BP.14.02:
BP.14.03:
BP.14.04:
BP.14.05:
BP.14.06:
PA15
BP.15.01:
BP.15.02:
BP.15.03:
BP.15.04:
BP.15.05:
BP.15.06:
PA16
BP.16.01:
BP.16.02:
BP.16.03:
- 329 -
C.
BP.16.04:
BP.16.05:
BP.16.06:
BP.16.07:
BP.16.08:
BP.16.09:
BP.16.10:
PA17
BP.17.01:
BP.17.02:
BP.17.03:
BP.17.04:
PA18
BP.18.01:
BP.18.02:
BP.18.03:
BP.18.04:
PA19
BP.19.01:
BP.19.02:
BP.19.03:
BP.19.04:
BP.19.05:
PA20
BP.20.01:
BP.20.02:
BP.20.03:
BP.20.04:
BP.20.05:
BP.20.06:
BP.20.07:
PA21
BP.21.01:
BP.21.02:
BP.21.03:
BP.21.04:
BP.21.05:
BP.21.06:
BP.21.07:
BP.21.08:
PA22
BP.22.01:
BP.22.02:
BP.22.03:
BP.22.04:
BP.22.05:
1.
standards/VDE specifications
regulations
1.7 Hand-held fire extinguishers
1.8 Room allocation, with due regard to
- 330 -
C.
fire loads
and printers
mobile use
supply lines
stationary use
protection
laptop PCs
protection
shielding
cabinets
irradiation
properties
servers
distributors
workplace
(UPS)
charges
infrastructure
1.53 Video surveillance
- 331 -
C.
extinguishing technology
staff/visitors
building plans
distributors
systems
media
Booklet
2.25 Documentation of the system
2.
configuration
separation of functions
users
2.30 Provisions governing the
rights
groups
passwords
2.12 Services and counselling for IT
environment
2.33 Division of administrator roles
users
2.13 Correct disposal of resources
under UNIX
2.34 Documentation of changes made to
requiring protection
2.14 Key management
an existing IT system
2.35 Obtaining information on security
- 332 -
C.
portable (laptop) PC
recorded messages
PC networks
policies
staff/factory council
usage
backup
procedure
communications partners
for dispatch
separation on an IT System
procurement
media
peer-to-peer networks
machines
firewall
2.72 Requirements on a firewall
messages
gateway
office hours
2.54 Procurement/selection of suitable
answering machines
2.55 Use of a security code
components
2.78 Secure operation of a firewall
- 333 -
C.
servers
Netware servers
software product
servers
software
remote console
Windows 95
software
usage of Windows 95
standard software
standard software
logging procedures
network
2.94 Sharing of directories under
concerning telecommuting
2.114 Flow of information between the
Windows NT
2.95 Obtaining suitable protective
cabinets
2.96 Locking of protective cabinets
facilities
2.117 Regulation of access by
Netware servers
telecommuters
- 334 -
C.
environment
2.140 Analysis of the existing network
environment
realisation plan
software
management concept
database
management protocol
concept
management tool
management system
system
information
database
networks
2.151 Design of an NDS concept
2.152 Design of a time synchronisation
concept
2.153 Documentation of Novell Netware
database
2.136 Observance of rules concerning
4.x networks
2.154 Creation of a computer virus
protection concept
2.155 Identification of IT systems
backup system
viruses
- 335 -
C.
strategy
server
infections
service provider
protection
fax servers
concept
measures
2.183 Performing a RAS requirements
analysis
cryptographic procedure
cryptographic product
system architecture
crypto modules
product
security guidelines
system
strategy
2.170 Requirements to be met by a
system management system
process
2.192 Drawing up of an Information
Security Policy
2.193 Establishment of a suitable
- 336 -
C.
infrastructure
2.214 Concept of IT operations
implementation plan
components
2.217 Careful classification and handling
issues
systems
on IT security
components
process
2.202 Preparation of an IT Security
Manual
2.203 Establishment of a pool of
information processing
2.220 Guidelines for access control
2.221 Change management
2.222 Regular checking of technical IT
information on IT security
2.204 Prevention of insecure network
security measures
2.223 Security objectives for the use of
access
2.205 Transmission and retrieval of
person-related data
standard software
2.224 Precautions against Trojan horses
2.225 Assignment of responsibility for
components
Lotus Notes
outside staff
in an intranet
2.210 Planning the use of Lotus Notes
in an intranet with browser access
Security Guidelines
2.229 Planning Active Directory
2.230 Planning of Active Directory
Administration
2.231 Planning of Group Policy under
Window2000
- 337 -
C.
structure
2000
Windows NT to Window2000
strategy
PCs
eDirectory
service provider
projects
operations
requirements analysis
concept
during archiving
archiving
procedure
archiving
systems
archiving
2.247 Planning the Use of
data resources
2.264 Regular regeneration of encrypted
Exchange/Outlook 2000
2.248 Definition of Security Guidelines
data in archiving
2.265 Proper use of digital signatures in
archiving
- 338 -
C.
IIS
administration staff
web server
signals
web access
use of faxes
of answering machines
3.17 Briefing personnel on modem usage
3.18 Log-out obligation for users
3.
Peer-to-Peer services
telecommuters as regards
security-related issues
program
of telecommuters
termination of employment
terms
problems
3.8 Avoidance of factors impairing the
organizational climate
- 339 -
C.
handling of IT equipment
console
administration
X Windows
security mechanisms
terminals
Novell eDirectory
facilities
under UNIX
4.15 Secure log-in
Security Mechanisms
and/or terminals
4.
of administrator rights
program
files
Removable Media
management
4.25 Use of logging in UNIX systems
4.26 Regular security checks of the
UNIX system
- 340 -
C.
laptop PCs
NT/2000
4.49 Protection of the Boot-Up
mobile use
System
under Windows NT
possibilities of Windows NT
data transmission
NT/2000
digital signatures
to be transferred
Windows NT
features
operating systems
recognition
computer microphones
Windows 95
product
in the IT application
4.43 Fax machine with automatic
by ISDN components
4.62 Use of a D-channel filter
4.63 Security-related requirements for
telecommuting computers
- 341 -
C.
information
crypto modules
software
modules
management
reference model
links
management system
management system
4.93 Regular integrity checking
Windows NT/2000
configurations
changes to information
4.100 Firewalls and active content
4.101 Firewalls and encryption
4.102 C2 security under Novell 4.11
4.103 DHCP server under Novell
in a network
4.82 Secure configuration of active
network components
Netware 4.x
4.104 LDAP Services for NDS
4.105 Initial measures after a Unix
standard installation
- 342 -
C.
Lotus Notes
access
workstations
Notes client
system
system
system
database
databases
mobile phones
system
authentication mechanisms
Notes server
server
Window2000
domain controller
Book
4.122 Configuration for browser access
server
4.140 Secure configuration of important
to Lotus Notes
4.123 Configuration of SSL-protected
Window2000 services
4.141 Secure configuration of DDNS
under Window2000
- 343 -
C.
2000 servern
under Window2000
Exchange 2000
under Window2000
2000
under Window2000
Exchange/Outlook 2000
Window2000
system
4.169 Utilisation of suitable archival
media
workstation
eDirectory
eDirectory
access authorisations
Novell eDirectory
eDirectory
with IIS
Exchange/Outlook 2000
- 344 -
C.
topography
cabling
IIS is used
4.189 Protection against unauthorised
program calls with IIS
- 345 -
C.
services
5.40 Secure integration of DOS-PCs to a
Windows NT network
rexec
NT
logs
telephone
Internet use
reception by telephone
Group
5.48 Authentication via CLIP/COLP
option
software
institution
modem
communications computers
and spam
5.55 Checking of alias files and
distribution lists
Functions in a Server-Supported
Network
- 346 -
C.
technology
network communications
response systems
network services
Window2000
Internet PCs
fax server
of Internet PCs
RAS communication
5.77 Establishment of Subnetworks
movement profiles
5.79 Protection against call number
identification during use of mobile
PCs
5.96 The Secure Use of Webmail
5.97 Protection of Communications with
phones
5.80 Protection against bugging of
Novell eDirectory
5.98 Missbrauch von kostenpflichtigen
Einwahlnummern
5.99 SSL/TLS Protection for Exchange
2000
5.100 Use of Encryption and Signature
- 347 -
C.
Communication optional)
incidents
IIS is used
of data transmission
with IIS
recovery plan
with IIS
server
media
mail server
(S/MIME)
of backups
6.23 Procedures in the event of
6.
6.1 Development of a survey of
availability requirements
disk
6.26 Regular backup of PBX
configuration data
6.27 Secure update of BIOS
6.28 Agreement on the delivery
requirements of IT applications
6.5 Definition of "restricted IT
operation"
6.6 Study of internally and externally
available alternatives
of system integrity
- 348 -
C.
network integrity
policy
data backup
cryptographic procedures
policy
procedures
incidents
NT
security incidents
NT/2000 Servers
security incident
security incidents
Windows 95
telecommuting
security incidents
database integrity
of security incidents
components
6.54 Procedures in case of a loss of
system
6.72 Precautions relating to mobile
- 349 -
C.
phone failures
outsourcing
e-mails
Window2000
the IIS
Directory Service
Novell eDirectory
e-mails
- 350 -
D. CC 3.1
D. CC 3.1
1.
2. (CAP)
3. (ACO)
4.
D.1
CC 3.1 ACO 2 (component) TOE
(composed) TOE" (C-TOE )
, C-TOE . C-TOE ,
,
o -56) C-TOE
o - -57) (compatible)
o - - C-TOE
o [ D-1] EAL1 ~ EAL7 ,
CC 3.1 C-TOE CAP-A, CAP-B, CAP-C .
[ D-1] CC CAP
56) OS TOE(dominant
peer).
57) TOE(minor peer ).
- 351 -
D. CC 3.1
ACO
ALC
ASE
ST
ACO_COR
ACO_DEV
ACO_REL
ACO_TBT
ACO_VUL
ALC_CMC
ALC_CMS
ALC_DEL
ALC_DVS
ALC_FLR
ALC_LCD
ALC_TAT
ASE_CCL
ASE_ECD
ASE_INT
ASE_OBJ
ASE_REQ
ASE_SPD
ASE_TSS
CAP-A
1
1
1
1
1
1
2
CAP-B
1
2
2
1
2
1
2
CAP-C
1
3
3
1
3
1
2
1
1
1
1
1
1
1
1
2
2
1
1
1
1
1
2
2
1
1
D.2 (CAP)58)
(CAP: composed assurance packages) C-TOE
. (-
, -) ,
.
(1)
(CAP) TOE ()
C-TOE . EAL ST
. EAL1 C-TOE
. ,
. (EAL1 TOE C-TOE
.) CAP C-TOE EAL1 EAL
.
- IT
- .
. , ,
58) CC 3.1 Part 3, 9
- 352 -
D. CC 3.1
. C-TOE
.
, C-TOE
CC . CAP CAP
. CAP CAP
(,
) (,
, , / ) .
TOE
.
CAP CC 3 7
. , CAP
.
CAP extended-basic (C-TOE )
.
,
ACO_DEV . , C-TOE
C-TOE
.
(2) A (CAP-A) -
CAP-A C-TOE
. -
- -
.
CAP-A
.
CAP-A C-TOE ST . C-TOE ST SFR
C-TOE TOE
TOE(: ST, ) .
, ,
, , -
- .
C-TOE .
CAP-A C-TOE ( IT TOE
).
- 353 -
D. CC 3.1
[ D-2] CAP-A
Class
ACO:
AGD:
ALC:
ASE: ST
ACO_COR.1
ACO_CTT.1
ACO_DEV.1
ACO_REL.1
ACO_VUL.1
AGD_OPE.1
AGD_PRE.1
ALC_CMC.1 TOE
ALC_CMS.2 TOE CM
ASE_CCL.1
ASE_ECD.1
ASE_INT.1 ST
ASE_OBJ.1
ASE_REQ.1
ASE_TSS.1 TOE
(3) B (CAP-B) -
CAP-B C-TOE TOE
.
-
CAP-B C-TOE ,
.
CAP-B C-TOE ST . C-TOE ST
SFR TOE ,
TOE , TOE(: ST, )
.
,
, (TOE ) , -
-
. basic
C-TOE .
CAP CAP-A
.
- 354 -
D. CC 3.1
[ D-3] CAP-B
ACO:
AGD:
ALC:
ASE: ST
ACO_COR.1
ACO_CTT.2
ACO_DEV.2
ACO_REL.1
ACO_VUL.2
AGD_OPE.1
AGD_PRE.1
ALC_CMC.1 TOE
ALC_CMS.2 TOE CM
ASE_CCL.1
ASE_ECD.1
ASE_INT.1 ST
ASE_OBJ.2
ASE_REQ.2 s
ASE_SPD.1
ASE_TSS.1 TOE
(4) C (CAP-C) - ,
CAP-C C-TOE
. -
.
CAP-C
,
.
CAP-C C-TOE ST . SFR
C-TOE ST TOE
(TSF ) TOE(: ST, )
.
, ,
, (TOE )
, - -
. basic basic-extended
C-TOE
.
CAP
CAP-B .
- 355 -
D. CC 3.1
[ D-4] CAP-C
ACO:
AGD:
ALC:
ASE: ST
ACO_COR.1
ACO_CTT.2
ACO_DEV.3
ACO_REL.2
ACO_VUL.3
AGD_OPE.1
AGD_PRE.1
ALC_CMC.1 TOE
ALC_CMS.2 TOE CM
ASE_CCL.1
ASE_ECD.1
ASE_INT.1 ST
ASE_OBJ.2
ASE_REQ.2 s
ASE_SPD.1
ASE_TSS.1 TOE
- 356 -
D. CC 3.1
. C-TOE EAL
.
, CAP
.
C-TOE
. -
- . -
(, ,
) C-TOE . ACO
TOE CAP
.
ACO
TOE ADV, ATE AVA
. C-TOE
. ,
-
(ACO_REL). - - SFR
-
. ACO_DEV
- . ACO_DEV
C-TOE
TSF ADV_TDS . ,
TOE .
ACO_DEV .
ACO_COR . ACO_COR ACO_DEV ACO_REL
,
. C-TOE
(ACO_VUL) (ACO_CTT) .
C-TOE C-TOE C-TOE SFR
. C-TOE
.
C-TOE
. C-TOE C-TOE
.
.
ACO ( B-1) .
,
- 357 -
D. CC 3.1
C-TOE SFR
.
( D-1) ACO
(1) (ACO_COR)
o : -
.
o : .
ACO_COR.1
o : ACO_DEV.1
ALC_CMC.1 TOE
ACO_REL.1
o :
ACO_COR.1.1D - .
o :
ACO_COR.1.1C , - - TSF
, -
- .
o :
ACO_COR.1.1E
(confirm).
- 358 -
D. CC 3.1
(2) (ACO_DEV)
o : - ((set
out). -
. (
)
o : ,
.
o
- TSF
. - TSF - SFR
- . -
SFR - .
- TSF
- TSFI .
SFR TSF TSF IT
.
TSF TSF
. , -
.
/ TSF . -
- TSF
- (ACO_REL) .
- . ADV
- , C-TOE
-
. - -
(ACO_DEV) .
TOE
.
. -
- .
ACO_DEV.1
o : ACO_REL.1
o : - -
. -
.
o :
- 359 -
D. CC 3.1
ACO_DEV.1.1D - .
o :
ACO_DEV.1.1C C-TOE -
(purpose) .
ACO_DEV.1.2C - TSF -
- (C-TOE )
(show).
o :
ACO_DEV.1.1E
.
ACO_DEV.1.2E -
(determine).
ACO_DEV.2
o : ACO_REL.1
o : - -
. -
. , - TSF
- .
o :
ACO_DEV.2.1D - .
o :
ACO_DEV.2.1C C-TOE -
.
ACO_DEV.2.2C - SFR , -
.
ACO_DEV.2.3C - TSF -
- (C-TOE )
(show).
o :
ACO_DEV.2.1E
.
ACO_DEV.2.2E -
.
ACO_DEV.3
- 360 -
D. CC 3.1
o : ACO_REL.2
o : - -
. -
. -
- TSF
.
o :
ACO_DEV.3.1D - .
o :
ACO_DEV.3.1C C-TOE -
.
ACO_DEV.3.2C C-TOE -
- .
ACO_DEV.3.3C - SFR , -
.
ACO_DEV.3.4C -
.
ACO_DEV.3.5C - TSF -
- (C-TOE )
(show).
o :
ACO_DEV.3.1E
.
ACO_DEV.3.2E -
.
(3) - (ACO_REL)
o : - -
. C-TOE
. TOE TSFI
, C-TOE
- .
o : - -
.
o
- (ACO_REL) , - -
- 361 -
D. CC 3.1
-
.
- -
. -
. , (: ) CC SFR
- ST (: FIA() SFR
). -
- ,
(TSFI) .
, TSFI TSF
. TSF
- (ACO_REL)
.
ACO_REL.1
o :
o :
ACO_REL.1.1D - .
o :
ACO_REL.1.1C - TSF -
HW, / SW .
ACO_REL.1.2C - -
.
ACO_REL.1.3C -
TSF .
o :
ACO_REL.1.1E
(confirm).
ACO_REL.2
o :
o :
ACO_REL.2.1D - .
o :
ACO_REL.2.1C - TSF -
HW, / SW .
- 362 -
D. CC 3.1
ACO_REL.2.2C - -
.
ACO_REL.2.3C
.
ACO_REL.2.4C -
TSF .
o :
ACO_REL.2.1E
(confirm).
TSF SFR
- ,
C-TOE . , -
-
, TOE . SFR C-TOE TSF
- -
.
-
. - TSFI ATE : -
. ,
(ACO_COR) - . TSF
- , -
- . ACO_CTT.1.1E
- ATE :
,
-
, .
- 363 -
D. CC 3.1
(-(ACO_REL) )
.
ACO_CTT.1
o : ACO_REL.1
ACO_DEV.1
o : - -
.
o :
ACO_CTT.1.1D C-TOE .
ACO_CTT.1.2D - .
ACO_CTT.1.3D TOE .
ACO_CTT.1.4D - -
.
o :
ACO_CTT.1.1C C-TOE - ,
.
ACO_CTT.1.3C - -
- .
ACO_CTT.1.4C - .
o :
ACO_CTT.1.1E
(confirm).
ACO_CTT.1.2E
.
- 364 -
D. CC 3.1
ACO_CTT.2.1D C-TOE .
ACO_CTT.2.2D - .
ACO_CTT.2.3D C-TOE .
ACO_CTT.2.4D - -
.
o :
ACO_CTT.2.1C C-TOE - ,
.
ACO_CTT.2.3C - -
-
.
ACO_CTT.2.4C - .
:
ACO_CTT.2.1E
(confirm).
ACO_CTT.2.2E
.
(5) (ACO_VUL)
o :
.
o :
.
.
. C-TOE
.
C-TOE C-TOE ( ST
) . C-TOE ST
C-TOE ASE
. ,
- ST -
- 365 -
D. CC 3.1
ACO_VUL.1
o : ACO_DEV.1
o :
ACO_VUL.1.1D C-TOE .
o :
ACO_VUL.1.1C C-TOE .
o :
ACO_VUL.1.1E
(confirm).
ACO_VUL.1.2E -
TOE
.
ACO_VUL.1.3E C-TOE -
.
ACO_VUL.2
o : ACO_DEV.2
o :
ACO_VUL.2.1D C-TOE .
o :
ACO_VUL.2.1C C-TOE .
o :
ACO_VUL.2.1E
(confirm).
ACO_VUL.2.2E -
- 366 -
D. CC 3.1
TOE
.
ACO_VUL.2.3E C-TOE -
.
ACO_VUL.2.4E C-TOE , ,
TOE ,
ACO_VUL.3 -
o : ACO_DEV.3
o :
ACO_VUL.3.1D C-TOE .
o :
ACO_VUL.3.1C C-TOE .
o :
ACO_VUL.3.1E
(confirm).
ACO_VUL.3.2E -
TOE
.
ACO_VUL.3.3E C-TOE -
.
ACO_VUL.3.4E C-TOE , ,
TOE ,
D.4 (ACO)60)
(1) C-TOE
IT / .
- 367 -
D. CC 3.1
PC HW SW / OS
. , OS
. IT .
. ,
,
/ .
- EAL2
-
. , -
EAL2
.
IT
ACO . -
, - .
. , (-) OS(-
) . ,
OS , HW
(peer-to-peer) . (peer)
, -, -
.
- - .
ACO
.
( C-TOE -
- - C-TOE)
.
. C-TOE
- . , -
C-TOE .
- .
.
o / : -
- ,
.
o :
() - - (:
- 368 -
D. CC 3.1
- )
. , -
. , -
ACO_CTT , - -
( ) - .
- C-TOE .
- C-TOE
. - - .
ACO_VUL .
- -
C-TOE .
- C-TOE TSF -
. - TSF
.
- ACO
.
ACO_VUL
. ACO_DEV
- -
. , CAP C-TOE
EAL4 TOE
. , C-TOE EAL4 .
(2) C-TOE ST
ST (- + -) TOE
.
ST C-TOE .
ST
. ST
C-TOE ST .
ST .
C-TOE ST ST , ST
C-TOE ST ST C-TOE ST ST
.
C-TOE ST ASE_CCL , C-TOE ST
ST . TOE ST
. C-TOE
-
C-TOE .
- 369 -
D. CC 3.1
.
. .
C-TOE SFR SFR .
SFR , SFR
. C-TOE
.
o ASE : ASE C-TOE ST ST :
ST .
ST C-TOE ST ST
. : C-TOE ST SFR
ST ,
(ASE_REQ.*.3C
.).
(3) IT
- TSF
. - TSF, - TSF
- .
- TSF - SFR
.
- TSFI TSF
- . TSF SFR
IT
. , TSFI TSF
, -
. TSF .
(: ) , CC SFR -
ST , - -
( , FIA : ,
).
- (TSFI)
, - . -
-
.
- TSFI . (:
TSF API. - )
- 370 -
D. CC 3.1
IT
TSFI
TSFI
TSF
TOE -TSF
TOE(-)
-TOE
(boundary)
( D-2) -
- - . SFR
TSFI ADV_FSP
. TSF (SFR ) , SFT , TSF
. - , -
ST . , TSF
(-) (ADV_FSP)
. -
ST .
- .
-TOE
TOE
TSFI
TOE -TSF
TSF
SFR-
( D-3) -
- - , -
TSF SFR -
, . -
TSF , - TSFI,
- 371 -
D. CC 3.1
- .
, - TSF - TSF
(, - -TOE
- -TOE ), - TSF
, - TSFI
. - -
(ACO_REL) .
- TSF - ,
- -TSF ( ) C-TOE TSF .
C-TOE TSF TSF .
-
-
TSF
-T
SF
-
C-TOE
TSF
( D-4) C-TOE
- TSFI -
. , - TSFI .
.
E
E
TSF-a
ACO-REL
(-a)
ADV-FSP
(-b)
TSFI-b
C
C
TSF-b
- -a
-TSF-a
ACO-DEV
(-b)
D
-TSF-b
D
- -b
( D-5) ( )
- 372 -
D. CC 3.1
o --a (A B) =
(- );
o -b (C D) =
o = ;
o () =
.
a(-) b(-) : TSF-a
TSF-a TSFI(a); , TSF-b (C)
TSFI(b). . -a
; TSF(a) A
B .
-a b , 4 (, -a
b ) . .
. TSF-a TSF-b (A C );
C -b FSP .
, a b .
. -TSF-a TSF-b (B C );
C -b FSP ,
.
. TSF-a -TSF-b (A D );
a b . b
(, ST FIA SFR ) , a
. D (
TSFI (b) , -b FSP .).
. -TSF-a -TSF-b (B D
); D
, , .
.
(: , C-TOE TSF TSF-a +
TSF-b + Non-TSF-B . , C-TOE TSF TSF-a + TSF-b.)
C-TOE .
:
o (ADV_FSP) (-b ) C
o - (ACO_REL) A .
o (ACO_DEV) C D
- 373 -
D. CC 3.1
(underlying) OS DBMS .
DBMS DBMS (
): TSF , TSF
,
TSF (: , , ) , TSF
, ... .
, DBMS DBMS OS
. DBMS ST OS ,
OS . DBMS ST OS SFR
(instantiate) . , DBMS ,
ADV OS
. - (ACO_REL) .
- (ACO_REL) -
- . -
. -
.
(ACO_DEV) - ,
- .
- . ( -
- ,
(ACO_COR) .). ACO_DEV
.
- -
(ACO_COR) . -
- -
. -
, - TSF
.
- 374 -
E.
E.
1. ITSEM (ITSEM V1.0, 1993.9)
2. 19791
3. CC 3.0 (ADV )
4. PP/ST TOE PP
5. CCEVS
CC 3.1 E
- 375 -
E.
y
-
y
y
y
P .
(ST .) (,
) .
.
. .
.
2 .
-IT
( ITSEC .).
IT
. IT
. .
. ,
IT-
. -IT
.
.
.
( H-1).
, .
, -IT .
- 1
y C1 C2 .
C1 . C2 C1
.
.
y 1 :
- C1:
- C2:
y ( E-2) 1 . C2
C1 C2 .
- 376 -
E.
( E-2) ( 1)
( E-1) TOE
- 2
y C1 C2 . C1
C2
y 2
- C1: (VMM);
- C2:
y VMM
.
y 2 ( B-3)
- 3
y C1 C2 , C2
C1 . C1 C2
y 3 ( H-4)
y C3. P3
, ,
.
- 377 -
E.
( E-3) ( 2)
y
-
( E-4) ( 3)
, 1 3
C3 .
1: C1 .
2: C2 .
3: C1 C2
.
4: P1 P2 P3 . P3 P1 P2
.
5: P2 C2 . C2
P2 .
6: P1 C1 . C1
P1 .
7: C2 P1 .
8: C1 C2() .
y :
- 1 2 . C1
C2 .
- 3 . .
C1 C2 .
C1 C2 .
(C1) (C2)
.
- P1 P2 , P1 P2 P3
- 5 6 .
C1 C2 .
- 378 -
E.
- , .
y ,
, C1 C2
. , P3 P2
. 2
.
y P1 P2 , P1
P2 P3 .
. ,
() .
.
.
.
()
. (
) (need)
.
, ,
.
- 379 -
E.
()
.
.
.
.
. , , , ,
.
, , , .
. ST
.
. ( E-5) .
( E-5)
. . (:
, , OS SW) .
SW .
, ,
.
(ETR) ,
.
- 380 -
E.
( E-6) . SW A
, CC . B CC
(: ADO AGD ATE_FUN)
(;ADV AVA ATE_COV/DPT)
.
.
( E-7) CC
.
( X) .
( E-6)
( E-7)
(boundary) . TSF, IT
. TSF DB, GUI (, PLG )
OS . TSF OS (,
OS
) .
ST .
- 381 -
E.
( E-8) DBMS
IT OS (SRV) . OS TSF
IT . ( H-10) TSFI
Ax , ACO Bx
. .
A1 TSFI , DB
.
A2 OS
TSFI . B3(, IT
) .
A3 IT TSFI . ,
DBMS (proprietary)
. IT (: Ethernet, IP, TCP) ,
DBMS TSFI,
. TSF /
.
Bx IT . TSFI
, TOE ACO (composite)
TOE .
(2) ADV_INT.1: (Subset Modularity)
, /
, TOE TSFI ,
- 382 -
E.
(: (isolation)) . , TSF
TSF (: TSF
).
TOE (incorporated) SW
. SW, TOE (crucial) /
, SFR
. , TOE OS (:
, , ). , OS TSF internals
TSF . ,
, , SW
, TSFI ,
SW .
SFR-
SFR-
-SFR-
( E-9) SFR- SFR-
SFR- - SFR-
. , SFR-
SFR SFRI
. - SFR- (ADV_INT.1.3C) , - SFR-
- 383 -
E.
, SFR-
. ( E-10) , TSFI - SFR- ,
TSFI (designation)
(; X, Y, X). SFR-(; D, E, F)
TSFI (, A
, SFR- .).
TSFI SFR-
TSFI SFR-
TSF
X
F
B
D
Y
Z
- SFR-
- SFR-
( E-10) - SFR-
(3) ADV_TDS:
ADV_TDS TDS
. ,
.
( E-11) TSF ,
(, );
(: ,
). (, ) , (,
) .
.
- 384 -
E.
TOE1 ()
TOE2 ()
( E-11)
TOE .
TOE(: , )
. ,
(even be uneven in scope) .
SFR- TSP
RSP .
SFR- TSFI (), SFR-.
SFR- SFR- . SFR-
SFR SFR- , SFR . SFR- SFR
( ) .
- 385 -
E.
TSF internals(ADV_INT)
. ADV_TDS.3 Basic modular design( )
TSF
internals
(ADV_INT)
PP
ST
TOE
TOE , .
ADV_TDS.1 Basic design ADV_TDS.2 Architectural design(
) , TSF
. ADV_TDS.3 Basic modular design ( ) ,
. (
) . ,
. TOE,
; ,
. TOE, (TSF )
. ( B-13) .
SFR- ST (SFR) .
SFR- TSFI , SFR (:
) TSFI (tie) .
, SFR- SFR- , SFR
. SFR- SFR
.
. ,
1 2
. SFR- TSFI
( )
. . ,
SFR , SFR .
, 1)
TSF , 2)
- 386 -
E.
. , (:
) . TCP (RFC
793 ) TCP(TSF
) .
, ()
: ; ; ;
;
.
.
. explicit (:
) implicit (: )
. .
. (: falg
) ,
. ,
.
.
.(: C++
/ ). (implicit) CC 3.0(2005 7)
223 .
, .
,
.
. , A
B , A B
double_bubble() .
A double_bubble ;
double_bubble() ,
access_allowed
.. . A
.
- 387 -
E.
.
. -, (ADV_TDS.3
) .
. , ,
. TOE
.
.
, . ,
. .
.
, (, (SFR-, SFR, SFR-)
. ,
. , TSF ,
(SFR-, SFR-, SFR-)
. (
)
.
- 388 -
E.
:
a) ST ,
C-TOE ST . , C-TOE ST ,
.
b) C-TOE PP
PP . C-TOE PP . ,
C-TOE ST PP
.
.
C-TOE PP/ST C-TOE .
(composability) ,
.
- 389 -
E.
) .
C-TOE PP/ST PP/ST
.
PP/ST C-TOE PP/ST
. ,
, C-TOE PP/ST .
, C-TOE ST ST
, C-TOE
.
PP/ST IT C-TOE PP/ST
. ,
, C-TOE PP/ST
.
C-TOE . ,
PP/ST , (C-TOE PP/ST)
.
, C-TOE PP/ST . ,
. ISO/IEC 15408 ,
(end up)
.
C-TOE PP/ST ,
.
, ,
(pragmatic).
(: ).
C-TOE PP/ST , C-TOE TOE
,
. , C-TOE PP/ST IT C-TOE(
) IT
.
TOE
C-TOE ST ST TOE
. C-TOE ST IT
- 390 -
E.
IT , IT
.
ST TOE
, C-TOE
C-TOE , C-TOE IT
.
PP
C-TOE PP TOE
, IT
. PP PP
. :
a) , C-TOE C-TOE
, C-TOE PP
. ,
(argument)
. C-TOE PP
, PP .
b) IT ,
C-TOE PP
. C-TOE PP , C-TOE
(demonstration), 2
.
c) IT , PP
. , C-TOE PP
.
- PP IT ,
C-TOE , C-TOE IT
() (C-TOE PP ) PP .
- C-TOE , PP
PP
.
d) IT (mutually supportive) ,
IT (interrelationship)
PP . , C-TOE PP
IT
(discuss) . , PP
(address) .
ST
C-TOE ST C-TOE PP
- 391 -
E.
. :
a) TOE IT
, ST .
b) IT ,
ST . ,
ST IT
.
E.5
CCEVS
(1)
Scheme Policy Letter #2 (Reuse of Previous Evaluation Results and
(2)
ETR
. ST VR(Validation Report) .
(
, .).
:
ST . ( H.14)
.
- 392 -
E.
) . ( E-12) .
( E-12)
CRD :
-
-
-
- .
, .
( )
.
.
-
. .
- CRD
-
. (
TSF ), CRD
. ( - ,
) , TSF
, .
,
.
CRD CCEVS .
ETR
( ) ;
, ,
CCEVS ,
- 393 -
E.
64) .
(3) CVR
TOE ( ) .
CRD
. (( E-13) A); TOE TOE
.
( E-13) TOE
(4)
TOE (HLD) (LLD)
.
"" (
).
ETR CRD
.
ETR CRD :
y
TOE
. TSFI
TSFI .
y
/
''.
TOE CRD ( )
.
.
( )
.
TOE .
y
TOE TOE
64) .
(; OS).
.
- 394 -
E.
.
.
. ( )
.
TOE ,
TOE ' '
ETR (
, , )
.
.
. CRD
CCEVS
.
ETR,
,
;
.
TOE
.
,
.
TOE (,
) .
, .
.
ETR CCEVS .
TOE
TOE
- 395 -
F.
F.
F-1. (TOE) 65), 1.0
IT (UK-ITSEC)
.
.
1.
(TOE) .
TOE
(TSM) (TSR) .
z . TOE
.
z TOE
.
TOE
.
.
.
.
UKSP01 UKSP03 .
2.
.
.
. (TSR)
TOE .
TOE
- 396 -
F.
z CC (PP) PP
. TOE PP
.
z TOE
(TSR)
.
.
3.
( )
.
TOE
.
HLD.2
EAL1 . HLD.1 EAL2
.
TOE .
.
CC EAL4 : ASE_ENV.1.2C
( )
TOE . TOE
.
TOE HW SW
. TOE
- 397 -
F.
TOE .
TOE
.
TOE
.
CC EAL4 : ASE_DES.1.1C
ASE_OBJ.1.1C (TOE IT )
TOE ( )
TOE
. TOE
TOE
.
z TOE , , ,
z , ,
TOE
.
CC EAL4 : ASE_ENV.1.2C
ASE_TSS.1.1C (IT )
TOE ( )
, , TOE
. TOE
TOE
.
CC EAL4 : ADV_FSP.2.5C
AVA_MSU.2.1C
- 398 -
F.
TOE ()
TOE
. , , ,
, .
TOE TOE
TOE
.
TOE TOE .
TOE
. TOE
. TOE
.
TOE HW, SW . TOE
TOE
.
TOE TOE
. .
z
z TOE
z
z SW HW
z
HW SW
TOE .
z (
)
z
TOE TOE .
. , HW,
. TOE
TOE
. HW
.
TOE TOE
.
- 399 -
SW
F.
. .
TOE . SW HW
. HW SW .
.
TOE HW SW
. SW HW
.
.
.
- 400 -
F.
(usage)
IDS
/
?
TOE
()
.
,
OS
()
( F-1)
TOE .
.
.
. .
.
. SW HW
.
. TOE
.
.
TOE . TOE
. .
z
z
- 401 -
F.
z
z SW
z
z
z
z
TOE TOE
.
.
z
z (
)
z (
)
COTS
GUI
GUI SW
SW
IDS
SW
SW
COTS OS
SW
SW
SW
COTS OS
OS
SW
. ,
. COTS(, ) .
,
( F-2) 2 ( )
SW
.
SW
- 402 -
F.
. SW .
PC
PC
GUI
IDS
GUI
SW
GUI
SW
COTS OS
SW
SW
PC
COTS OS
SW
COTS OS
OS
SW
OS
<SW PC , PC HW . (,
PC PC .)
( . )
( F-3) SW HW
SW HW .
- 403 -
F.
e. UK
TOE CC
.
.
a. CC TOE CCPn
.
b. UK SPn
.
c. UK CC
EPn .
TOE
.
. .
. TOE
.
CC CC 3
(composed) TOE CC 2.3 CC 3 ITSEC TOE
. TOE
UKSP01 UKSP03 .
2. TOE
CC
(SFR), TOE
.
a. TOE .
b. SFR .
c. IT .
d. .
CC .
y EP1. TOE SFR
.
y EP2. TOE
.
y CCP1. TOE . ,
.
CC / TOE
.
.
- 404 -
F.
CCP2. IT
.
,
.
CC . .
UK .
y SP1. TOE .
y SP2. TOE .
y EP3. IT IT
.
UK TOE
.
y SP3. TOE IT
. TOE
, IT .
y SP4. -CC
. (: )
y SP5. .
TOE
.
y SP6. .
(PP) . UK PP
PP
.
, TOE
, ST, ''
TOE .
3. TOE (scoping)
TOE UK
. .
.
<> CC
.
TOE .
a. .
y . <SP1>
- 405 -
F.
.
<CCP1>
y
. <CCP1>
y TOE
. <CCP1>
b. .
y
.
,
TOE . <SP6>
y
. ,
(; ), (
) .
,
(; ). <SP1,EP2>
3 (; ) TOE
. .
y 3 .
<SP3>
y 3
MMI . 3
TOE ,
. <CCP1>
y 3 TOE .
, TOE
. <SP1, EP3>
DB
.
. ,
.
.
y TOE
. <SP1, SP3>
y IT
.
.
- 406 -
F.
- 407 -
F.
y
y
. <SP4>
CC (; )
, CC
. <SP4>
.
y
TOE . <EP1>
y
TOE . <EP1>
TOE
.
y . <SP2>
y . <SP5>
y . ;
. <SP1>
y TOE
. <CCP1>
3 TOE .
y 3
. <CCP1>
y 3 . 3
. <EP3>
. , , ,
IT .
TOE . <SP2>.
IT
.
y IT TOE . <SP3>
y IT . <EP3>
y IT
. <73 - 75>
.
. <EP3>
- 408 -
F.
IT 3 .
, .
4. CC TOE
, TOE TSF
CC TOE .
a.
b. TOE
c. TSF
.
. .
.
. ,
, (
) .
TOE (
).
a. .
b. .
.
TOE ST .
a. TOE
.
b. TOE .
y
y TOE IT
y TOE IT
c. .
EP1. TOE SFR
.
TOE (TSP) TOE SFR
. TSP SFR .
; CC Part 2 SFR
.
TSF67) - TSP TOE . CC
67) TSF CC 2.2 TOE CC 3 TOE
- 409 -
F.
F2
F3
I1
I2
I3
C1
C2
C3
ID1
ID2
D
( F-4) 1
TOE
EP2. TOE
.
. TOE CC
.
. ; .
TOE ST
. .
.
CCP1. TOE . ,
.
- 410 -
F.
- 411 -
F.
F2
F1
GI2
GI1
GUI
GC1
GC2
SI1
SI2
C1
C2
( F-5)
TSFI ST TOE
. CC Part 2 TOE
. SFR .
SFR . SFR
. , TOE SFR IT
.
CC TOE
.
. ,
.
.
. ,
TOE
(, ST, '' ).
TOE TOE
. TOE
TOE TOE
. TOE
TOE . CC
TOE .
CCP2. IT .
, ,
.
TOE .
- 412 -
F.
5. UK TOE
TOE
.
-
SP1. TOE .
TOE
. (,
)
TOE .
TOE .
a.
b. TOE IT
c. IT TOE
- TOE
SP2. TOE .
TOE
. TOE
. TOE IT
.
TOE .
. TOE .
-
EP3. IT IT
.
TOE EP2 .
IT TOE
.
a.
b. TOE
TOE IT ST
.
. . ;
.
- 413 -
F.
(viability)
TOE .
. IT
, ,
.
:- IT
SP3. TOE IT
. TOE
, IT .
IT API
IT IT
TOE
54 .
CC
.
IT API
IT EP3 .
IT
. ; TOE .
IT IT
API . IT .
IT
.
CC TOE .
TOE .
:
SP4. -CC
. (: )
.
a. CC .
b. CC
.
.
a. CC TOE .
TOE .
- 414 -
F.
CCP1
.
b. TOE
.
c. TOE
.
: (State of the Art)
SP5. .
. ,
,
. .
TOE
.
.
SP6. .
TOE
.
a. .
.
. TOE
.
b.
.
z TOE SP3, SP4 SP5
. SP4
.
z TOE IT IT
TOE
.
.
- 415 -
F.
.
PP
ST PP PP
TOE .
PP PP TOE
.
TOE
TOE
. ST ''
TOE .
TOE .
ST ''
.
. ST ''
.
- 416 -
G.
G.
y
ISO/IEC TR 19791
.
G.1
G.1.1 ,
.
( ) ,
.
, .
G.1.2
.
.
.
- 417 -
G.
.
.
. 1
.
,
.
(, , , )
.
,
.
.
[ G.1]
G.2
.
, .
.
.
- 418 -
G.
[ G.2]
4
5
(Project definition)
(Project preparation)
(Administration)
(Data gathering)
(Technical)
(Physical)
(Risk analysis)
(Risk mitigation)
(Recommendations)
G.2.1
.
.
.
.
.
.
[25].
.
, .
. ,
.
- 419 -
G.
G.2.2
1
.
.
. ,
.
.
G.2.2.1 .
.
.
.
.
.
.
? CobiT(Control Objectives for
Information and Related Technology) ITGI(T Governance Institute) IT
Governance Maturity Model .
CobiT .
CobiT
. ISO(International Standards
Organization) Information technology - Code of practice for information security
management(ISO 17799) .
.
[ G.3]
( ) ,
.
.
. .
,
- 420 -
G.
.
.
.
.
, ,
. ,
.
.
. ,
. ,
.
.
, ,
, ,
.
,
,
. ,
.
,
.
, (
) .
,
.
.
G.2.2.2
.
,
.
0 5 .
, ,
.
.
3
. ,
,
- 421 -
G.
.
, IT( )
.
.
.
.
.
.
.
.
,
.
,
.
.
,
.
.
, ,
.
.
3
.
.
0 85 , .
51
. 34 50
,
.
. 34
- 422 -
G.
.
.
.
.
. ,
.
.
y
y
y
y
?
?
?
?
: (NIST)
IT .
G.2.2.3
.
.
[ G.4]
(, ,
, ) .
CEO( ) CIO( )
.
.
.
.
,
- 423 -
G.
.
.
IT
.
IT , .
.
.
.
. .
.
. IT
.
, IT
. .
.
Microsoft .
IT (, ) .
.
.
,
.
. , , IT
. .
[24].
G.2.2.4
.
. ,
.
.
- 424 -
G.
.
.
G.2.2.5
.
.
.
. ,
.
. ,
.
,
.
.
: ,
,
.
.
,
.
.
.
G.2.3
, ,
. ,
,
. , , .
- 425 -
G.
, .
.
. , ,
.
.
.
G.2.3.1
100 .
, .
, , .
.
y
y : . , ,
(), ,
y :
.
, 1866 .
120million 3% 95% ()
.
.
.
y : .
.
: (). .
.
:
.
, () ,
y 68% 1
y 95% 2
S =
- 426 -
G.
y 99.7% 3
.
90 .
. 58% X .
3%. 95% ( 3%)
( 58%) 2 .
(1)
.
y - , ,
. .
y -
. How much How many
. ,
(2)
.
.
.
. .
y - . 2000
20 (1 2000
20 20 ).
y - , 2000 20 2000
a)100 b) 1 100 (37)
c) (137,237,337,447...)
,
.
y - .
.
y -
. ()
. 500 10%
, 50 10 5
.
y - .
- 427 -
G.
. .
(3)
. ,
. ,
.
1 :
.
, , , .
. 20 , 5, 3,
800
(4, 2, 3, 50).
.
.
.
. ,
, .
2
.
. , 50
30
.
y IT 10
y R&D 5
y 5
y Help-Desk 5
y 3
y 2
,
.
.
.
- 428 -
G.
, .
,
.
.
G.2.3.2
, , , ,
.
, , .
. ,
, .
.
.
(1)
y - .
, , .
y - ,
. .
y -
.
(2)
, ,
, .
y Review Documents - , , ,
.
, , , , ,
.
y Interview Key Personnel -
.
y Inspect Security Control - , , ,
. ,
.
- 429 -
G.
, (Review Documents)
.
.
.
. desk job .
.
1)
.( , , )
.(, )
.
.
.
2)
.
. .
3)
.
, , .
y -
.
.
- 430 -
G.
y
y
-
.
-
.
.
GAPS -
. .
, ,
,
, ( ) .
1)
(, , ).
,
.
, ( ,
, , )
, ,
2)
y -
. ,
y - 1:1 , 2:1 .
. ( )
( , ) ,
y - , , .
- 431 -
G.
- ( ) . .
-
-
-
- .
- .
.
- . .
.
Open-ended - . .
.
3)
.
.
y - .
.( )
y -
.
. . .
.
y -
-
:
?
- .
( )
:
.
-
: ?
y -
- 432 -
G.
-
.
- -
-
-
() -
-
. , , .
- ,
-
4)
(), , , ,
( ) .
5)
.
.
.
.
. (
)
6)
, ,
. .(
, , - )
(Inspect Security Control)
.
. ,
( ). ( )
. .
.
- 433 -
G.
.
y - .
.
, , , , ( )
y - , ,
.
.
y - .
.
.
y - ()
.
y
.
- 434 -
G.
y
y
( , )
-
( , , )
-
( , )
- 435 -
G.
y
y
y
2)
.
( , , )
-
.
. 550
, 10, 5, 2, 4 , 3
, 4 , 588
. ( )
(200)
( ) .
( )
3)
.
.
.
.
- .
(, )
y - .
y - .
information flow, ,
. .
y - ,
( ).
.
4)
.
- 436 -
G.
.
( )
5)
.
.
G.2.4
.
, ,
.
, .
.
.
, .
G.2.4.1
.
.
. , , , ,
.
. ,
.
,
.
.
, .
, .
.
(1)
.
.
.
.
.
.
.
- 437 -
G.
.
.
.
.
.
.
.
(2)
.
.
.
, .
.
, , .
IT 3 .
IT . , IT
,
. IT
IT .
,
.
. IT
, , , .
(3)
.
.
. .
.
.
"HBI(
), "MBI( )", "LBI( )" .
. .
- 438 -
G.
,
.
.
:
(NIST) 800-60 , "Mapping Types of
Information and Information Systems to Security Categories" FIPS(Federal
Information Processing Standards) 199, "Security Categorization of Federal
Information and Information Systems" .
,
.
, ,
. HBI
.
- , .
- .
- GLBA, HIPAA, CA SB1386
EU .
PII(Personally Identifiable Information) -
.
- .
- .
- .
.
.
.
,
.
.
, ,
.
- 439 -
G.
. MBI
.
- , ,
,
.
HBI MBI LBI ,
.
, ,
.
LBI , .
.
IT .
.
.
, , .
.
G.2.4.2
. ISO 17799
. NIST
entity .
, .
.
.
. , , ,
.
.
.
.
. ,
,
,
- 440 -
G.
.
.
-
. , " ?" "
?" .
,
.
.
.
.
(1)
.
. .
y - .
, ( )
.
y - ,
.
.
y -
.
() ,
.
y -
. ,
, .
y -
.
.
(2)
,
. .
y - , , ,
,
. ,
- 441 -
G.
.
() - .
.
,
.
.
-
. .
. ,
, , .
-
.
,
. , ,
.
- .
.
. .
-
. , , ,
.
() -
.
. .
.
(3)
.
.
.
.
y - , 1
y - , 2-3
y - , 3
.
- 442 -
G.
.
.
.
.
[18].
G.2.4.3
.
. NIST (
),
. ,
.
.
.
.
.
. .
.
. , , ,
.
, . ,
, .
, , . ,
, , , .
.
, .
.
.
. ,
.
.
G.2.4.4
- 443 -
G.
. ( ) , , ()
.
.
.
.
,
.
.
.
.
, , .
.
.
G.2.5
.
, , ,
. .
[25].
G.2.5.1 ()
, . ,
.
, , .
. , ,
.
. , .
. , , .
. ,
.
,
.
.
,
- 444 -
G.
.
.
G.2.5.2
.
. 7
. , .
. ,
100% ( 0% )
.
. :
.
.
.( ,
.
.
.
G.2.6
.
.
() .
.
.
G.2.6.1
. ,
.
. .
.
- 445 -
G.
. .
.
.
.
G.3
, ,
.
.
,
.
.
,
.
.
,
, .
.
, , , .
, ,
,
.
- 446 -
2006
11
2006
11
:
:
78
IT()
Tel: (02) 4055-114
:
Tel: (042) 672-5171
<>
1.
Dynamic u-korea .
2.
Dynamic u-korea
.
3. ,
.
- 447 -