ISO/IEC TR 15446
ISO/IEC TR 15446 – Information technology -- Security techniques -- Guide for the production of Protection Profiles and Security Targets
Published under Risk Management
Title: | ISO/IEC TR 15446:2004 – Information technology -- Security techniques -- Guide for the production of Protection Profiles and Security Targets |
Source reference: | http://isotc.iso.org/ |
Topic: | Technical Report (TR) containing guidelines for the construction of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with ISO/IEC 15408 (the "Common Criteria"). Note: PPs and STs are described in the TR as follows: “The purpose of a Protection Profile (PP) is to state a security problem rigorously for a given collection of systems or products - known as the Target Of Evaluation (TOE) - and to specify security requirements to address that problem without dictating how these requirements will be implemented. […] A Security Target (ST) is similar to PP, except that it contains additional implementation-specific information detailing how the security requirements are realised in a particular product or system.” (Source: http://standards.iso.org/) |
Direct / indirect relevance | Indirect. The text is a resource for the definition of security concepts, but has no direct implications for RM/RA as such. |
Scope: | Publicly available ISO TR, which can be voluntarily adhered to. |
Legal force: | Nonbinding ISO TR. |
Affected sectors: | Generic. The standard can be adhered to by any security professional involved in creating PPs and STs. |
Relevant provision(s): | The standard describes how PPs and STs should be created, including a description of which information should be provided; and provides a number of practical examples of complaints PPs and STs. |
Relevance to RM/RA: | The standard is predominantly used as a tool for security professionals to develop PPs and STs, but can also be used to assess the validity of the same (by using the TR as a yardstick to determine if its standards have been obeyed). Thus, it is a (nonbinding) normative tool for the creation and assessment of RM/RA practices. |
Browse the Topics