ISO/IEC TR 15446
ISO/IEC TR 15446 – Information technology -- Security techniques -- Guide for the production of Protection Profiles and Security Targets
Published under Risk Management
| Title: | ISO/IEC TR 15446:2004 – Information technology -- Security techniques -- Guide for the production of Protection Profiles and Security Targets |
| Source reference: | http://isotc.iso.org/ |
| Topic: | Technical Report (TR) containing guidelines for the construction of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with ISO/IEC 15408 (the "Common Criteria"). Note: PPs and STs are described in the TR as follows: “The purpose of a Protection Profile (PP) is to state a security problem rigorously for a given collection of systems or products - known as the Target Of Evaluation (TOE) - and to specify security requirements to address that problem without dictating how these requirements will be implemented. […] A Security Target (ST) is similar to PP, except that it contains additional implementation-specific information detailing how the security requirements are realised in a particular product or system.” (Source: http://standards.iso.org/) |
| Direct / indirect relevance | Indirect. The text is a resource for the definition of security concepts, but has no direct implications for RM/RA as such. |
| Scope: | Publicly available ISO TR, which can be voluntarily adhered to. |
| Legal force: | Nonbinding ISO TR. |
| Affected sectors: | Generic. The standard can be adhered to by any security professional involved in creating PPs and STs. |
| Relevant provision(s): | The standard describes how PPs and STs should be created, including a description of which information should be provided; and provides a number of practical examples of complaints PPs and STs. |
| Relevance to RM/RA: | The standard is predominantly used as a tool for security professionals to develop PPs and STs, but can also be used to assess the validity of the same (by using the TR as a yardstick to determine if its standards have been obeyed). Thus, it is a (nonbinding) normative tool for the creation and assessment of RM/RA practices. |
Latest publications
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...
Browse the Topics