GB/T 18336.1-2024 Cybersecurity technology - Evaluation criteria for IT security - Part 1: Introduction and general model
1 Scope
This document establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.
This document provides an overview of all parts of the ISO/IEC 15408 series. It describes the various parts of the ISO/IEC 15408 series; defines the terms and abbreviations to be used in all parts of the standard; establishes the core concept of a Target of Evaluation (TOE); describes the evaluation context and describes the audience to which the evaluation criteria is addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.
This document introduces:
——the key concepts of Protection Profiles (PP), PP-Modules, PP-Configurations, packages, Security Targets (ST), and conformance types;
——a description of the organization of security components throughout the model;
——the various operations by which the functional and assurance components given in ISO/IEC 15408-2 and ISO/IEC 15408-3 can be tailored through the use of permitted operations;
——general information about the evaluation methods given in ISO/IEC 18045;
——guidance for the application of ISO/IEC 15408-4 in order to develop evaluation methods (EM) and evaluation activities (EA) derived from ISO/IEC 18045;
——general information about the predefined Evaluation Assurance Levels (EAL) defined in ISO/IEC 15408-5;
——information in regard to the scope of evaluation schemes.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18336.2-2024 Cybersecurity technology - Evaluation criteria for IT security - Part 2: Security functional components (ISO/IEC 15408-2:2022, IDT)
GB/T 18336.3-2024 Cybersecurity technology - Evaluation criteria for IT security - Part 3: Security assurance components (ISO/IEC 15408-3:2022, IDT)
ISO/IEC 15408-2 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 2: Security functional components
ISO/IEC 15408-3 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components
ISO/IEC 18045 Information security, cybersecurity and privacy protection IT security techniques - Methodology for IT security evaluation
Note: GB/T 30270-2024, Cybersecurity technology - Methodology for IT security evaluation (ISO/IEC 18045:2022, IDT)
ISO/IEC IEEE 24765 Systems and software engineering - Vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 15408-2, ISO/IEC 15408-3, ISO/IEC 18045 and ISO/IEC IEEE 24765 apply.
3.1
action
documented activity of the evaluator (3.45) or developer (3.33)
Note 1: Evaluator actions and developer actions are required by ISO/IEC 15408-3.
3.2
administrator
entity (3.36) that has a level of trust with respect to all policies implemented by the TOE security functionality (TSF) (3.92)
Note 1: Not all protection profiles (PP) (3.68) or security targets (ST) assume the same level of trust for administrators. Typically, administrators are assumed to adhere at all times to the policies in the ST of the target of evaluation (TOE) (3.90). Some of these policies can be related to the functionality of the TOE, while others can be related to the operational environment (3.63).
3.3
adverse action
action (3.1) performed by a threat agent (3.91) on an asset (3.4)
3.4
asset
entity (3.36) that the owner of the target of evaluation (TOE) (3.90) presumably places value on
3.5
assignment
specification of an identified parameter in a functional or assurance component
3.6
assurance
grounds for confidence that a target of evaluation (TOE) (3.90) meets the security functional requirements (SFR) (3.78)
3.7
assurance package
named set of security assurance requirements (3.76)
Example: “EAL 3”.
3.8
attack potential
measure of the effort needed to exploit a vulnerability in a target of evaluation (TOE) (3.90)
Note 1: The effort is expressed as a function of properties related to the attacker (e.g. expertise, resources, and motivation) and properties related to the vulnerability itself (e.g. window of opportunity, time to exposure).
3.9
attack surface
set of logical or physical interfaces to a target, consisting of points through which access to the target and its functions may be attempted
Example 1: The casing of a payment terminal is a part of physical attack surface for that device.
Example 2: The communications protocols available for connection to a network device are part of the logical attack surface for that network device.
3.10
augmentation
addition of one or more requirements to a package
Note 1: In case of a functional package (3.51), such an augmentation is considered only in the context of one package and is not considered in the context with other packages or protection profiles (PP) (3.68) or security targets (ST) (3.82).
Note 2: In case of an assurance package (3.7), augmentation refers to one or more security assurance requirements (SAR) (3.76).
3.11
authorized user
entity (3.36) who may, in accordance with the security functional requirements (SF) (3.78), perform an operation on the target of evaluation (TOE) (3.90)
3.12
base component
independent entity (3.36) in a multi-component product that provides services and resources to one or more dependent component(s) (3.31)
Note 1: This applies in particular to ‘composed TOE’ (3.21) and ‘composite products / composite TOE’ (3.25).
3.13
Base Protection Profile
Protection Profile (3.68) specified in a PP-Module (3.71), as part of that PP-Module’s PP-Module Base (3.72), used as a basis to build a PP-Configuration (3.69)
3.14
base PP-Module
PP-Module (3.71) specified in a different PP-Module, as part of that PP-Module’s PP-Module Base (3.72), used as a basis to build a PP-Configuration (3.69)
Note 1: Specifying a base PP-Module in a PP-Module implicitly includes the base PP-Module’s PP-Module Base.
3.15
base TOE
base component (3.12) which is itself the subject of an evaluation
Note 1: This applies in particular to 'composed TOE' (3.21) and 'composite products/composite TOE' (3.25).
3.16
class
set of families that share a common focus
Note 1: Class is further defined in ISO/IEC 15408-2, which defines security functional classes and ISO/IEC 15408-3, which defines security assurance classes.
3.17
component
smallest selectable set of elements on which requirements may be based
3.18
component
entity (3.36) which provides resources and services in a product
3.19
component TOE
(evaluated) target of evaluation (TOE) (3.90) that is a component of another composed TOE (3.21)
3.20
composed assurance package;CAP
assurance package (3.7) consisting of components drawn predominately from the ACO class (3.16), representing a point on the predefined scale for composition assurance