GB/T 18336.2-2024 Cybersecurity technology - Evaluation criteria for IT security - Part 2: Security functional components
1 Scope
This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that meets the common security functionality requirements of many IT products.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18336.1-2024 Cybersecurity technology - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC 154081-1:2022, IDT)
ISO/IEC 15408-1 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model
ISO/IEC 15408-3 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components
Note: GB/T 18336.3-2024, Cybersecurity technology - Evaluation criteria for IT security - Part 3: Security assurance components (ISO/IEC 15408-3: 2022, IDT)
ISO/IEC 18045 Information security, cybersecurity and privacy protection IT security techniques - Evaluation criteria for IT security - Methodology for IT security evaluation
Note: GB/T 30270-2024, Cybersecurity technology - Methodology for IT security evaluation (ISO/IEC 18045:2022, IDT)
3 Terms and definitions
For the purposes of this document, the terms, definitions, and abbreviated terms given in
ISO/IEC 15408-1, ISO/IEC 15408-3, ISO/IEC 18045 and the following apply.
3.1
identity
representation uniquely identifying an entity within the context of the target of evaluation (TOE)
Example: An Example of such a representation is a string.
Note 1: Entities can be diverse such as a user, process, or disk. For a human user, the representation can be the full or abbreviated name or a unique pseudonym.
Note 2: An entity can have more than one identity.
3.2
inter TSF transfer
communication between the target of evaluation (TOE) and the security functionality of other trusted IT products
3.3
internal communication channel
communication channel between separated parts of the target of evaluation (TOE)
3.4
internal TOE transfer
communicating data between separated parts of the target of evaluation (TOE)
3.5
operation
component modification or repetition of a component by assignment, iteration, refinement, or selection
3.6
secret
information that is known only to authorized users and/or the TOE security functionality (TSF) in order to enforce a specific security function policy (SFP) (3.8)
3.7
secure state
state in which the TOE security functionality (TSF) data are consistent and the TSF continues correct enforcement of the security functional requirements (SFRs)
3.8
security function policy;SFP
set of rules describing specific security behaviour enforced by the TOE security functionality (TSF) and expressible as a set of security functional requirements (SFRs)
3.9
TOE resource
anything usable or consumable in the target of evaluation (TOE)
3.10
transfer outside of the TOE
target of evaluation (TOE) security functionality (TSF)-mediated communication of data to entities not under the control of the TSF
3.11
trusted channel
means by which a target of evalution (TOE) security functionality (TSF) and another trusted IT product can communicate with necessary confidence
3.12
trusted path
means by which a user and a target of evaluation (TOE) security functionality (TSF) can communicate with the necessary confidence
Note 1: Communication typically implies the establishment of identification and authentication of both parties, as well as the concept of a user specific session which is integrity-protected.
Note 2: When the external entity is a trusted IT product, the notion of trusted channel (3.11) is used instead of trusted path.
Note 3: Both physical and logical aspects of secure communication can be considered as mechanisms for gaining confidence.
3.13
TSF data
data for the operation (3.5) of the target of evalution (TOE) upon which the enforcement of the security functional requirement (SFR) relies
3.14
user data
data received or produced by the target of evaluation (TOE), which is meaningful to some external entity, but which do not affect the operation (3.5) of the TOE security funtionality (TSF)
Note 1: Depending on the concept, this definition assumes that the same data created by users that has an actual impact on the operation of the TSF can be regarded as the TSF data (3.13).
4 Abbreviated terms
The following abbreviated terms applies.
ACL: access control list
API: application programming interface
CBC: cipher block chaining
CFB: cipher feedback
DAC: discretionary access control
DEMA: differential electromagnetic analysis
DPA: differential power analysis
DRBG: deterministic random bit generator
ECB: electronic codebook
FQDN: fully qualified domain name
IKE: internet key exchange
IP: internet protocol
IPsec: IP security protocol
LED: light emitting diode
MAC: mandatory access control
OFB: output feedback
OS: operating system
OTP: (one-time programmable
PI: personal identifiable information
PP: protection profile
RBG: random bit generator
RNG: random number generator
SEMA: simple electromagnetic analysis
SFP: security function policy
SFR: security functional requirement
SPA: simple power analysis
ST: security target
TCP: transmission control protocol
TLS: transport layer security
TOE: target of evaluation
TSF: TOE security functionality
TSFI: TSF interface
VTAM: virtual telecommunication access method
5 Overview
5.1 General
The ISO/IEC 15408 series and the associated security functional requirements (SFRs) described in this document are not intended to be a definitive answer to all the problems of IT security. This document offers a set of well understood security functional components that can be used to specify trusted products reflecting the needs of the market. These security functional components are presented as the current state of the art in security requirements specification.
This document does not include all possible security functional components but contains those that are known and agreed to be of value by the contributors to this document.
Since the understanding and needs of consumers can change, the functional components in this document will need to be maintained. It is envisioned that some authors of PPs, PP-Modules, functional packages and STs can have security needs not covered by the security functional components in this document. In those cases, the author of a PP, PP-Module, functional package or ST may choose to consider using functional components and requirements that are not given in this document. The concepts of extensibility are explained in ISO/IEC 15408-1:2022, 8.4.
5.2 Organization of this document
Clause 5 describes the paradigm used in the SFRs of this document.
Clause 7 introduces the catalogue of functional components, while Clauses 8 through 18 describe the functional classes.
Annex A provides explanatory information for potential users of the functional components.
Annex B provides a complete cross reference table of the functional component dependencies.
Annexes C through M provide the explanatory information for the functional classes. This material shall be seen as normative instructions on how to apply relevant operations and select appropriate audit or documentation information. Where different options are given, the choice is left to the PP, PP-Module, functional package and ST author.
Those who author PPs, PP-Modules, functional packages, or STs shall refer to ISO/IEC 15408-1:2022 for relevant structures, rules, and guidance, in particular:
a ) ISO/IEC 15408-1:2022, Clause 3 defines the terms and definitions used in the ISO/IEC 15408 series;
b) ISO/IEC 15408-1:2022, Clause 7 describes how SFRs can be specified using the security functional components;
c) ISO/IEC 15408-1:2022, Clause 8 describes how security functional components are organized, and the operations that may be applied to them;
d) ISO/IEC 15408-1:2022, Annex A provides further information on the structure for security functional packages;
e) ISO/IEC 15408-1:2022, Annex B provides further information on the structure for PPs;
f) ISO/IEC 15408-1:2022, Annex C provides further information on the structure of PP-Modules and PP-Configurations;
g) ISO/IEC 15408-1:2022, Annex D provides further information on the structure for STs.
6 Functional requirements paradigm
This clause describes the paradigm used in the security functional components and the derivation of SFRs.
This document is a catalogue of security functional components that may be used for the specification of SFRs describing a TOE.
TOE evaluation is concerned primarily with ensuring that a defined set of SFRs is enforced over the TOE resources. The SFRs define the rules by which the TOE governs access to and use of its resources and thus information and services controlled by the TOE.
The SFRs may define multiple Security Function Policies (SFPs) to represent the rules that the TOE enforces. Each SFP specifies its scope of control, by defining the subjects, objects, resources or information, and operations to which it applies. All SFPs are implemented by the TOE Security Functionality (TSF) (see below), whose mechanisms enforce the rules defined in the SFRs and provide necessary capabilities.
Those portions of a 'TOE that are relied upon for the correct enforcement of the SFRs are collectively referred to as the TSF, The 'TSF consists of all hardware, software, and firmware of a TOE that is either directly or indirectly relied upon for security enforcement.
The TOE may be a monolithic product containing hardware, firmware, and software. Alternatively, a TOE may be a distributed product that consists internally of multiple separated parts. Each of these parts of the TOE provides a particular service for the TOE and is connected to the other parts of the TOE through an internal communication channel. This channel can be as small as a processor bus or may encompass a network internal to the TOE
When the TOE consists of multiple parts, each part of the TOE may have its own part of the 'TSF which exchanges user and 'TSF data over internal communication channels with other parts of the TSF. This interaction is called internal TOE transfer, In this case, the separate parts of the TSF abstractly form the composite TSF, which enforces the SFRs.