Skip to product information
1 of 10

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 18336.2-2015 English PDF (GBT18336.2-2015)

GB/T 18336.2-2015 English PDF (GBT18336.2-2015)

Regular price $500.00 USD
Regular price Sale price $500.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 18336.2-2015
Historical versions: GB/T 18336.2-2015
Preview True-PDF (Reload/Scroll if blank)

GB/T 18336.2-2015: Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional components
GB/T 18336.2-2015
Page 1 of 275
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 18336.2-2015 / ISO/IEC 15408-2:2008
Replacing GB/T 18336.2-2008
Information technology - Security techniques -
Evaluation criteria for IT security - Part 2:
Security functional components
(ISO/IEC 15408-2:2008, IDT)
ISSUED ON: MAY 15, 2015
IMPLEMENTED ON: JANUARY 01, 2016
Issued by: General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Page 2 of 275
Table of Contents
Foreword ... 6 
Introduction ... 8 
1 Scope ... 9 
2 Normative references ... 9 
3 Terms and definitions ... 9 
4 Overview ... 9 
4.1 Organisation of this Part ... 10 
5 Functional requirements paradigm ... 10 
6 Security functional components ... 15 
6.1 Overview ... 15 
6.2 Component catalogue ... 19 
7 Class FAU: Security audit ... 21 
7.1 Security audit automatic response (FAU_ARP) ... 21 
7.2 Security audit data generation (FAU_GEN) ... 22 
7.3 Security audit analysis (FAU_SAA) ... 23 
7.4 Security audit review (FAU_SAR) ... 27 
7.5 Security audit event selection (FAU_SEL) ... 29 
7.6 Security audit event storage (FAU_STG) ... 29 
8 Class FCO: Communication... 32 
8.1 Non-repudiation of origin (FCO_NRO) ... 32 
8.2 Non-repudiation of receipt (FCO_NRR) ... 34 
9 Class FCS: Cryptographic support ... 36 
9.1 Cryptographic key management (FCS_CKM) ... 37 
9.2 Cryptographic operation (FCS_COP) ... 39 
10 Class FDP: User data protection ... 40 
10.1 Access control policy (FDP_ACC) ... 43 
10.2 Access control functions (FDP_ACF) ... 44 
10.3 Data authentication (FDP_DAU) ... 45 
Page 3 of 275
10.4 Export from the TOE (FDP_ETC) ... 47 
10.5 Information flow control policy (FDP_IFC) ... 49 
10.6 Information flow control functions (FDP_IFF) ... 50 
10.7 Import from outside of the TOE (FDP_ITC) ... 55 
10.8 Internal TOE transfer (FDP_ITT) ... 57 
10.9 Residual information protection (FDP_RIP) ... 60 
10.10 Rollback (FDP_ROL) ... 61 
10.11 Stored data integrity (FDP_SDI) ... 62 
10.12 Inter-TSF user data confidentiality transfer protection
(FDP_UCT) ... 64 
11 Class FIA: Identification and authentication ... 67 
11.1 Authentication failures (FIA_AFL) ... 68 
11.2 User attribute definition (FIA_ATD) ... 70 
11.3 Specification of secrets (FIA_SOS) ... 70 
11.4 User authentication (FIA_UAU) ... 72 
11.5 User identification (FIA_UID) ... 76 
11.6 User-subject binding (FIA_USB) ... 77 
12 Class FMT: Security management ... 78 
12.1 Management of functions in TSF (FMT_MOF) ... 80 
12.2 Management of security attributes (FMT_MSA) ... 80 
12.3 Management of TSF data (FMT_MTD) ... 83 
12.4 Revocation (FMT_REV) ... 85 
12.5 Security attribute expiration (FMT_SAE) ... 86 
12.6 Specification of Management Functions (FMT_SMF) ... 87 
12.7 Security management roles (FMT_SMR) ... 88 
13 Class FPR: Privacy ... 90 
13.1 Anonymity (FPR_ANO) ... 91 
13.2 Pseudonymity (FPR_PSE) ... 92 
13.3 Unlinkability (FPR_UNL) ... 94 
13.4 Unobservability (FPR_UNO) ... 95 
Page 4 of 275
14 Class FPT: Protection of the TSF ... 97 
14.1 Fail secure (FPT_FLS) ... 99 
14.2 Availability of exported TSF data (FPT_ITA) ... 99 
14.3 Confidentiality of exported TSF data (FPT_ITC) ... 100 
14.4 Integrity of exported TSF data (FPT_ITI) ... 101 
14.5 Internal TOE TSF data transfer (FPT_ITT) ... 103 
14.6 TSF physical protection (FPT_PHP) ... 105 
14.7 Trusted recovery (FPT_RCV) ... 107 
14.8 Replay detection (FPT_RPL) ... 110 
14.9 State synchrony protocol (FPT_SSP) ... 111 
14.10 Time stamps (FPT_STM) ... 112 
14.11 Inter-TSF TSF data consistency (FPT_TDC) ... 113 
14.12 Testing of external entities (FPT_TEE) ... 114 
14.13 Internal TOE TSF data replication consistency (FPT_TRC) .. 115 
14.14 TSF self test (FPT_TST) ... 116 
15 Class FRU: Resource utilisation ... 117 
15.1 Fault tolerance (FRU_FLT) ... 118 
15.2 Priority of service (FRU_PRS) ... 119 
15.3 Resource allocation (FRU_RSA) ... 120 
16 Class FTA: TOE access ... 122 
16.1 Limitation on scope of selectable attributes (FTA_LSA) ... 122 
16.2 Limitation on multiple concurrent sessions (FTA_MCS) ... 123 
16.3 Session locking and termination (FTA_SSL) ... 125 
16.4 TOE access banners (FTA_TAB) ... 127 
16.5 TOE access history (FTA_TAH) ... 128 
16.6 TOE session establishment (FTA_TSE) ... 129 
17 Class FTP: Trusted path/channels ... 130 
17.1 Inter-TSF trusted channel (FTP_ITC) ... 131 
17.2 Trusted path (FTP_TRP) ... 132 
Annex A (Normative) Security functional requirements application notes
Page 5 of 275
... 134 
Annex B (Normative) Functional classes, families, and components ... 143 
Annex C (Normative) Class FAU: Security audit ... 144 
Annex D (Normative) Class FCO: Communication ... 159 
Annex E (Normative) Class FCS: Cryptographic support ... 165 
Annex F (Normative) Class FDP: User data protection ... 171 
Annex G (Normative) Class FIA: Identification and authentication ... 203 
Annex H (Normative) Class FMT: Security management ... 214 
Annex I (Normative) Class FPR: Privacy ... 225 
Annex J (Normative) Class FPT: Protection of the TSF ... 239 
Annex K (Normative) Class FRU: Resource utilisation ... 260 
Annex L (Normative) Class FTA: TOE access ... 266 
Annex M (Normative) Class FTP: Trusted path/channels ... 273 
Page 6 of 275
Foreword
GB/T 18336 “Information technology - Security techniques - Evaluation criteria for IT
security” includes the following 3 parts:
-- Part 1: Introduction and general model;
-- Part 2: Security functional components;
-- Part 3: Security assurance components.
This Part is part 2 of GB/T 18336.
This Part is drafted in accordance with specifications in GB/T1.1-2009.
This Part shall replace GB/T 18336.2-2008 “Information technology - Security techniques
- Evaluation criteria for IT security - Part 2: Security functional components”.
The main differences between this Part and GB/T 18336.2-2008 are as follows:
— “assurance” is replaced by “assurance” [Translator note: This is mainly adjustment
on Chinese. In English, the same word “assurance” should remain the most
appropriate, given that “Assurance” is still used in the corresponding ISO/IEC
15408-2:2008. This translation still uses the term “Assurance”];
— “10.4 Export outside TSF control (FDP_ETC)” is amended as “10.4 Export from
TOE (FDP_ETC)”;
— “10.7 Import from outside TSF control(FDP_ITC)” is amended as” 10.7 Import from
outside TOE (FDP_ITC)”;
— “14.1 Bottom abstract machine test (FPT_AMT)”, “14.10 Referring to arbitration
(FTP_RVM)” and “14.11 Domain separation” in “14 FPT class: TSF protection” are
deleted;
— “14.12 Test of external entity(FPT_TEE)” is added in “14 FPT class: TSF
protection”;
— "16.3 Session lock (FTA_SSL)" is amended as "16.3 Session lock and
termination(FTA_SSL)";
— “threshold value” is replace by “critical value” [Translator note: As the corresponding
ISO/IEC 15408-2:2008 still uses term “Threshold value”, this translation follows the
term “Threshold value”, given that “This Part uses translation method to equivalently
adopt the international standard ISO/IEC 15408-2:2008”];
— “mediate” is replaced by “promote” [Translator note: This is mainly adjustment on
Chinese. In Eng...
View full details