PD ISO/IEC TR 20004:2015 - Information technology. Security techniques. Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045

PD ISO/IEC TR 20004:2015

Information technology. Security techniques. Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045

Status : Current   Published : January 2016

Format
PDF

Format
HARDCOPY



This Technical Report refines the AVA_VAN assurance family activities defined in ISO/IEC 18045 and provides more specific guidance on the identification, selection and assessment of relevant potential vulnerabilities in order to conduct an ISO/IEC 15408 evaluation of a software target of evaluation. This Technical Report leverages publicly available information security resources to support the method of scoping and implementing ISO/IEC 18045 vulnerability analysis activities. The Technical Report currently uses the common weakness enumeration (CWE) and the common attack pattern enumeration and classification (CAPEC), but does not preclude the use of any other appropriate resources. Furthermore, this Technical Report is not meant to address all possible vulnerability analysis methods, including those that fall outside the scope of the activities outlined in ISO/IEC 18045.

This Technical Report does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance.




Standard NumberPD ISO/IEC TR 20004:2015
TitleInformation technology. Security techniques. Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045
StatusCurrent
Publication Date31 January 2016
Normative References(Required to achieve compliance to this standard)No other standards are normatively referenced
Informative References(Provided for Information)ISO/IEC 15408-1, ISO/IEC 15408-2, ISO/IEC 15408-3, ISO/IEC 18045, ISO/IEC 15026-2
ReplacesPD ISO/IEC TR 20004:2012
International RelationshipsISO/IEC TR 20004:2015
DescriptorsData storage protection, Data security, Data transfer, Data transmission, Information exchange, Coded representation, Data representation, Data processing, Software engineering techniques, Data handling (software)
ICS35.030
Title in FrenchTechnologies de l’information. Techniques de sécurité. Redéfinition de l’analyse de vulnérabilité de logiciel selon l’ISO/CEI 15408 et l’ISO/CEI 18045
CommitteeIST/33/3
ISBN978 0 580 90586 5
PublisherBSI
FormatA4
DeliveryYes
Pages26
File Size1.236 MB
Price£182.00


 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


BSOL

The faster, easier way to work with standards


Worldwide Standards
We can source any standard from anywhere in the world


Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version