1
/
of
9
www.ChineseStandard.us -- Field Test Asia Pte. Ltd.
GB/T 18336.3-2015 English PDF (GB/T18336.3-2015)
GB/T 18336.3-2015 English PDF (GB/T18336.3-2015)
Regular price
$500.00
Regular price
Sale price
$500.00
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
GB/T 18336.3-2015: Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 3: Security assurance components
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 18336.3-2015 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 18336.3-2015
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 18336.3-2015
Page 1 of 223
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 18336.3-2015 / ISO/IEC 15408-3:2008
Replacing GB/T 18336.3-2008
Information technology - Security techniques -
Evaluation criteria for IT security –
Part 3: Security assurance components
(ISO/IEC 15408-3:2008, IDT)
ISSUED ON: MAY 15, 2015
IMPLEMENTED ON: JANUARY 01, 2016
Issued by: General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Page 2 of 223
Table of Contents
Foreword ... 6
Introduction ... 9
1 Scope ... 10
2 Normative references ... 10
3 Terms and definitions ... 10
4 Overview ... 10
4.1 Organisation of this Part ... 10
5 Assurance paradigm ... 11
5.1 ISO/IEC 15408 philosophy ... 11
5.2 Assurance approach ... 11
5.3 ISO/IEC 15408 evaluation assurance scale ... 13
6 Security assurance components ... 13
6.1 Security assurance classes, families and components structure
... 13
6.2 EAL structure ... 19
6.3 CAP structure ... 21
7 Evaluation assurance levels ... 24
7.1 Evaluation assurance level (EAL) overview ... 24
7.2 Evaluation assurance level details ... 26
7.3 Evaluation assurance level 1 (EAL1) - functionally tested ... 26
7.4 Evaluation assurance level 2 (EAL2) - structurally tested ... 27
7.5 Evaluation assurance level 3 (EAL3) - methodically tested and
checked ... 28
7.6 Evaluation assurance level 4 (EAL4) - methodically designed,
tested, and reviewed ... 29
7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and
tested ... 31
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified
design and tested ... 32
7.9 Evaluation assurance level 7 (EAL7) - formally verified design
and tested ... 34
Page 3 of 223
8 Composed assurance packages ... 35
8.1 Composed assurance package (CAP) overview ... 36
8.2 Composed assurance package details ... 37
8.3 Composition assurance level A (CAP-A) - Structurally composed
... 37
8.4 Composition assurance level B (CAP-B) - Methodically
composed ... 38
8.5 Composition assurance level C (CAP-C) - Methodically
composed, tested and reviewed ... 39
9 Class APE: Protection Profile evaluation ... 40
9.1 PP introduction (APE_INT) ... 41
9.2 Conformance claims (APE_CCL) ... 42
9.3 Security problem definition (APE_SPD) ... 44
9.4 Security objectives (APE_OBJ) ... 45
9.5 Extended components definition (APE_ECD) ... 47
9.6 Security requirements (APE_REQ) ... 48
10 Class ASE: Security Target evaluation ... 51
10.1 ST introduction (ASE_INT) ... 51
10.2 Conformance claims (ASE_CCL) ... 53
10.3 Security problem definition (ASE_SPD) ... 54
10.4 Security objectives (ASE_OBJ) ... 55
10.5 Extended components definition (ASE_ECD) ... 57
10.6 Security requirements (ASE_REQ) ... 59
10.7 TOE summary specification (ASE_TSS) ... 61
11 Class ADV: Development ... 63
11.1 Security Architecture (ADV_ARC) ... 69
11.2 Functional specification (ADV_FSP) ... 71
11.3 Implementation representation (ADV_IMP) ... 83
11.4 TSF internals (ADV_INT) ... 86
11.5 Security policy modelling (ADV_SPM) ... 91
11.6 TOE design (ADV_TDS) ... 93
Page 4 of 223
12 Class AGD: Guidance documents ... 104
12.1 Operational user guidance (AGD_OPE) ... 105
12.2 Preparative procedures (AGD_PRE) ... 107
13 Class ALC: Life-cycle support ... 109
13.1 CM capabilities (ALC_CMC) ... 110
13.2 CM scope (ALC_CMS) ... 120
13.3 Delivery (ALC_DEL) ... 126
13.4 Development security (ALC_DVS)... 127
13.5 Flaw remediation (ALC_FLR) ... 129
13.6 Life-cycle definition (ALC_LCD) ... 134
13.7 Tools and techniques (ALC_TAT) ... 137
14 Class ATE: Tests ... 141
14.1 Coverage (ATE_COV) ... 142
14.2 Depth (ATE_DPT) ... 145
14.3 Functional tests (ATE_FUN) ... 149
14.4 Independent testing (ATE_IND) ... 152
15 Class AVA: Vulnerability assessment ... 157
15.1 Application notes ... 157
15.2 Vulnerability analysis (AVA_VAN) ... 158
16 Class ACO: Composition ... 164
16.1 Composition rationale (ACO_COR) ... 167
16.2 Development evidence (ACO_DEV) ... 168
16.3 Reliance of dependent component (ACO_REL) ... 172
16.4 Composed TOE testing (ACO_CTT) ... 175
16.5 Composition vulnerability analysis (ACO_VUL) ... 178
Annex A (Informative) Development (ADV) ... 183
Annex B (Informative) Composition (ACO) ... 206
Annex C (Informative) Cross reference of assurance component
dependencies ... 216
Annex D (Informative) Cross reference of PPs and assurance
components ... 221
Page 5 of 223
Annex E (Informative) Cross reference of EALs and assurance
components ... 222
Annex F (Informative) Cross reference of CAPs and assurance
components ... 223
Page 6 of 223
Foreword
GB/T 18336 “Information technology - Security techniques - Evaluation criteria for IT
security” includes the following 3 parts:
— Part 1: Introduction and general model;
— Part 2: Security functional components;
— Part 3: Security assurance components.
This Part is part 3 of GB/T 18336.
This Part is drafted in accordance with specifications in GB/T1.1-2009.
This Part replaces GB/T 18336.3-2008 “Information technology - Security techniques -
Evaluation criteria for IT security - Part 3: Security assurance components”.
The main differences between this Part and GB/T 18336.3-2008 are as follows:
— “assurance” is replaced by “guarantee” [Translator note: This is mainly adjustment
on Chinese. In English, the same word “assurance” should remain the most
appropriate, given that “Assurance” is still used in the corresponding ISO/IEC
15408-3:2008. This translation still uses the term “Assurance”];
— "6 Security assurance requirements" is replaced by "6 Security assurance
components";
— "6.3 Protection profile and security target evaluation criteria class structure”, “6.4
Usage of terms in this Part", "6.5 Assurance classification" and “6.6 General
situation of assurance classes and families” are deleted;
— "6.1.5 EAL structure" is re-edited as "6.2 Evaluation assurance levels structure" in
this Part;
— “6.3 Combination assurance package structure” is added;
— "7 Protection profile and security target evaluation criteria" and "11 assurance
classes, families and components" are deleted;
— "8 Combination assurance package" is added;
— "8.1 TOE description" is deleted;
— "9.2 Conformance declaration" is added;
— "8.2 Security environment" and "8.6 Clearly stated IT security requirements" are
amended as "9.3 Security problem definition" and "9.5 Extended components
definition" respectively;
Page 7 of 223
— "9.1 TOE description" and "9.5 PP declaration" are deleted;
— "10.2 Conformance declaration" is added;
— "9.2 Security environment" and “9.7 Clearly stated IT security requirements" are
amended as “10.3 Security problem definition" and "10.5 Extended components
definition" respectively;
— "High level design (ADV_HLD)", "Low level design(ADV_LLD)" and "Representing
corresponding relationship (ADV_RCR)" in "ADV class: development" are deleted;
— "Security architecture (ADV_ARC)" and "TOE design (ADV_TDS)" are added in
"ADV class: development";
— "Administrator guidelines (AGD_ADM)" and "User guidelines (AGD_USR)" of
AGD class are amended as "Operator guidelines(AGD_OPE)" and "Preparation
(AGD_PRE)" respectively;
— "CM capability (ACM_CAP)" and "CM scope (ACM_SCP)" in ACM class as well as
"delivery (ADO_DEL)" in ADO class are combined into ALC class;
— "CM automation (ACM_AUT)" in "ACM class: configuration management" is
deleted;
— "Installation, generation and starting (ADO_IGS) in "ADO class: delivery and
operation" is deleted;
— "Test cover (ATE_COV)" is amended as "Cover (ATE_COV)" while "Test depth
(ATE_DPT)" is amended as "Depth (ATE_DPT)”;
— "Concealed channel analysis (AVA_CCA)", "Misusing (AVA_MSU)" and "TOE
strength of function (AVA_SOF)" in "AVA class: vulnerability evaluation" are
deleted;
— "Vulnerability analysis (AVA_VLA)" is amended as "Vulnerability analysis
(AVA_VAN)";
— "16 ACO class: combination" is added;
— "Annex A development (ADV)", "Annex B combination (ACO)" and "Annex D
cross-reference between PP and assurance components" and "Annex F
Cross-reference between CAP and assurance components" are added;
— “Annex A Cross-reference of dependency relationship of assurance components”
is amended as “Annex C Cross-reference of dependency relationship of
assurance components”. “Annex B Cross-reference between EAL and assurance
components” is amended as “Annex E Cross-reference between EAL and
assurance components”.
Page 8 of 223
This Part uses translation method to equivalently adopt the international standard ISO/IEC
15408-2:2008 “Information technology - Security techniques - Evaluation criteria for IT
security -Part 3: Security assurance components”.
The domestic documents that are consistently corresponding to the normative
international references in this Part are as follows:
-- GB/T 18336.1 Information technology - Security techniques - Evaluation criteria for
IT security – Part 1: Introduction and general mode (GB/T 18336.1-2015, ISO/IEC
15408--1:2009, IDT)
-- GB/T 18336.2 Information technology - Security techniques - Evaluation criteria for
IT security - Part 2: Security functional components (GB/T 18336.2-2015, ISO/IEC
15408-2:2008, IDT).
This Part was proposed by and shall be under jurisdiction of China Information Security
Standardization Technical Committee (SAC/TC 260).
The main drafting organizations of this Part: China Information Technology Security
Evaluation Centre, Information Technology Security Test and Evaluation Centre AND The
Third Research Institute of Ministry of Public Security.
The main drafters of this Part: Zhang Chongbin, Guo Ying, Shi Hongsong, Bi Haiying,
Zhang Baofeng, Gao Jinping, Wang Feng, Yang Yongsheng, Li Guojun, Dong Jingjing,
Xie Di, Wang Hongxian, Zhang Yi, Gu Jian, Qiu Zihua, Song Haohao, Chen Yan, Yang
Yuanyuan, Xu Yuan, Rao Huayi, Wu Yushu and Mao Junjie.
The previous editions replaced by this Part are as follows:
-- GB/T 18336.3-2001;
-- GB/T 18336.3-2008.
Page 10 of 223
Information technology - Security techniques -
Evaluation criteria for IT security –
Part 3: Security assurance components
1 Scope
This Part of GB/T 18336 defines the assurance requirements. It includes the evaluation
assurance levels (EALs) that define a scale for measuring assurance for component
TOEs, the composed assurance packages (CAPs) that define a scale for measuring
assurance for composed TOEs, the individual assurance components from which the
assurance levels and packages are composed, and the criteria for evaluation of PPs and
STs.
2 Normative references
The articles contained in the following documents have become part of this document
when they are quoted herein. For the dated documents so quoted, all the modifications
(including all corrections) or revisions made thereafter shall be applicable to this
document.
ISO/IEC 15408-1, Information technology - Security techniques - Evaluation criteria for
IT security - Part 1: Introduction and general model
ISO/IEC 15408-2, Information technology - Security techniques - Evaluation criteria for
IT security - Part 2: Security functional components
3 Terms and definitions
For the purposes of this document, the terms, definitions, symbols and abbreviated terms
given in ISO/IEC 15408-1 apply.
4 Overview
4.1 Organisation of this Part
Clause 5 describes the paradigm used in the security assurance requirements of this Part.
Clause 6 describes the presentation structure of the assurance classes, families,
components, evaluation assurance levels along with their relationships, and the structure
of the composed assurance packages. It also characterises the assurance classes and
families found in Clauses 9 through 16.
Clause 7 provides detailed definitions of the EALs.
GB/T 18336.3-2015
Page 1 of 223
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 18336.3-2015 / ISO/IEC 15408-3:2008
Replacing GB/T 18336.3-2008
Information technology - Security techniques -
Evaluation criteria for IT security –
Part 3: Security assurance components
(ISO/IEC 15408-3:2008, IDT)
ISSUED ON: MAY 15, 2015
IMPLEMENTED ON: JANUARY 01, 2016
Issued by: General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Page 2 of 223
Table of Contents
Foreword ... 6
Introduction ... 9
1 Scope ... 10
2 Normative references ... 10
3 Terms and definitions ... 10
4 Overview ... 10
4.1 Organisation of this Part ... 10
5 Assurance paradigm ... 11
5.1 ISO/IEC 15408 philosophy ... 11
5.2 Assurance approach ... 11
5.3 ISO/IEC 15408 evaluation assurance scale ... 13
6 Security assurance components ... 13
6.1 Security assurance classes, families and components structure
... 13
6.2 EAL structure ... 19
6.3 CAP structure ... 21
7 Evaluation assurance levels ... 24
7.1 Evaluation assurance level (EAL) overview ... 24
7.2 Evaluation assurance level details ... 26
7.3 Evaluation assurance level 1 (EAL1) - functionally tested ... 26
7.4 Evaluation assurance level 2 (EAL2) - structurally tested ... 27
7.5 Evaluation assurance level 3 (EAL3) - methodically tested and
checked ... 28
7.6 Evaluation assurance level 4 (EAL4) - methodically designed,
tested, and reviewed ... 29
7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and
tested ... 31
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified
design and tested ... 32
7.9 Evaluation assurance level 7 (EAL7) - formal...
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 18336.3-2015 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 18336.3-2015
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 18336.3-2015
Page 1 of 223
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 18336.3-2015 / ISO/IEC 15408-3:2008
Replacing GB/T 18336.3-2008
Information technology - Security techniques -
Evaluation criteria for IT security –
Part 3: Security assurance components
(ISO/IEC 15408-3:2008, IDT)
ISSUED ON: MAY 15, 2015
IMPLEMENTED ON: JANUARY 01, 2016
Issued by: General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Page 2 of 223
Table of Contents
Foreword ... 6
Introduction ... 9
1 Scope ... 10
2 Normative references ... 10
3 Terms and definitions ... 10
4 Overview ... 10
4.1 Organisation of this Part ... 10
5 Assurance paradigm ... 11
5.1 ISO/IEC 15408 philosophy ... 11
5.2 Assurance approach ... 11
5.3 ISO/IEC 15408 evaluation assurance scale ... 13
6 Security assurance components ... 13
6.1 Security assurance classes, families and components structure
... 13
6.2 EAL structure ... 19
6.3 CAP structure ... 21
7 Evaluation assurance levels ... 24
7.1 Evaluation assurance level (EAL) overview ... 24
7.2 Evaluation assurance level details ... 26
7.3 Evaluation assurance level 1 (EAL1) - functionally tested ... 26
7.4 Evaluation assurance level 2 (EAL2) - structurally tested ... 27
7.5 Evaluation assurance level 3 (EAL3) - methodically tested and
checked ... 28
7.6 Evaluation assurance level 4 (EAL4) - methodically designed,
tested, and reviewed ... 29
7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and
tested ... 31
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified
design and tested ... 32
7.9 Evaluation assurance level 7 (EAL7) - formally verified design
and tested ... 34
Page 3 of 223
8 Composed assurance packages ... 35
8.1 Composed assurance package (CAP) overview ... 36
8.2 Composed assurance package details ... 37
8.3 Composition assurance level A (CAP-A) - Structurally composed
... 37
8.4 Composition assurance level B (CAP-B) - Methodically
composed ... 38
8.5 Composition assurance level C (CAP-C) - Methodically
composed, tested and reviewed ... 39
9 Class APE: Protection Profile evaluation ... 40
9.1 PP introduction (APE_INT) ... 41
9.2 Conformance claims (APE_CCL) ... 42
9.3 Security problem definition (APE_SPD) ... 44
9.4 Security objectives (APE_OBJ) ... 45
9.5 Extended components definition (APE_ECD) ... 47
9.6 Security requirements (APE_REQ) ... 48
10 Class ASE: Security Target evaluation ... 51
10.1 ST introduction (ASE_INT) ... 51
10.2 Conformance claims (ASE_CCL) ... 53
10.3 Security problem definition (ASE_SPD) ... 54
10.4 Security objectives (ASE_OBJ) ... 55
10.5 Extended components definition (ASE_ECD) ... 57
10.6 Security requirements (ASE_REQ) ... 59
10.7 TOE summary specification (ASE_TSS) ... 61
11 Class ADV: Development ... 63
11.1 Security Architecture (ADV_ARC) ... 69
11.2 Functional specification (ADV_FSP) ... 71
11.3 Implementation representation (ADV_IMP) ... 83
11.4 TSF internals (ADV_INT) ... 86
11.5 Security policy modelling (ADV_SPM) ... 91
11.6 TOE design (ADV_TDS) ... 93
Page 4 of 223
12 Class AGD: Guidance documents ... 104
12.1 Operational user guidance (AGD_OPE) ... 105
12.2 Preparative procedures (AGD_PRE) ... 107
13 Class ALC: Life-cycle support ... 109
13.1 CM capabilities (ALC_CMC) ... 110
13.2 CM scope (ALC_CMS) ... 120
13.3 Delivery (ALC_DEL) ... 126
13.4 Development security (ALC_DVS)... 127
13.5 Flaw remediation (ALC_FLR) ... 129
13.6 Life-cycle definition (ALC_LCD) ... 134
13.7 Tools and techniques (ALC_TAT) ... 137
14 Class ATE: Tests ... 141
14.1 Coverage (ATE_COV) ... 142
14.2 Depth (ATE_DPT) ... 145
14.3 Functional tests (ATE_FUN) ... 149
14.4 Independent testing (ATE_IND) ... 152
15 Class AVA: Vulnerability assessment ... 157
15.1 Application notes ... 157
15.2 Vulnerability analysis (AVA_VAN) ... 158
16 Class ACO: Composition ... 164
16.1 Composition rationale (ACO_COR) ... 167
16.2 Development evidence (ACO_DEV) ... 168
16.3 Reliance of dependent component (ACO_REL) ... 172
16.4 Composed TOE testing (ACO_CTT) ... 175
16.5 Composition vulnerability analysis (ACO_VUL) ... 178
Annex A (Informative) Development (ADV) ... 183
Annex B (Informative) Composition (ACO) ... 206
Annex C (Informative) Cross reference of assurance component
dependencies ... 216
Annex D (Informative) Cross reference of PPs and assurance
components ... 221
Page 5 of 223
Annex E (Informative) Cross reference of EALs and assurance
components ... 222
Annex F (Informative) Cross reference of CAPs and assurance
components ... 223
Page 6 of 223
Foreword
GB/T 18336 “Information technology - Security techniques - Evaluation criteria for IT
security” includes the following 3 parts:
— Part 1: Introduction and general model;
— Part 2: Security functional components;
— Part 3: Security assurance components.
This Part is part 3 of GB/T 18336.
This Part is drafted in accordance with specifications in GB/T1.1-2009.
This Part replaces GB/T 18336.3-2008 “Information technology - Security techniques -
Evaluation criteria for IT security - Part 3: Security assurance components”.
The main differences between this Part and GB/T 18336.3-2008 are as follows:
— “assurance” is replaced by “guarantee” [Translator note: This is mainly adjustment
on Chinese. In English, the same word “assurance” should remain the most
appropriate, given that “Assurance” is still used in the corresponding ISO/IEC
15408-3:2008. This translation still uses the term “Assurance”];
— "6 Security assurance requirements" is replaced by "6 Security assurance
components";
— "6.3 Protection profile and security target evaluation criteria class structure”, “6.4
Usage of terms in this Part", "6.5 Assurance classification" and “6.6 General
situation of assurance classes and families” are deleted;
— "6.1.5 EAL structure" is re-edited as "6.2 Evaluation assurance levels structure" in
this Part;
— “6.3 Combination assurance package structure” is added;
— "7 Protection profile and security target evaluation criteria" and "11 assurance
classes, families and components" are deleted;
— "8 Combination assurance package" is added;
— "8.1 TOE description" is deleted;
— "9.2 Conformance declaration" is added;
— "8.2 Security environment" and "8.6 Clearly stated IT security requirements" are
amended as "9.3 Security problem definition" and "9.5 Extended components
definition" respectively;
Page 7 of 223
— "9.1 TOE description" and "9.5 PP declaration" are deleted;
— "10.2 Conformance declaration" is added;
— "9.2 Security environment" and “9.7 Clearly stated IT security requirements" are
amended as “10.3 Security problem definition" and "10.5 Extended components
definition" respectively;
— "High level design (ADV_HLD)", "Low level design(ADV_LLD)" and "Representing
corresponding relationship (ADV_RCR)" in "ADV class: development" are deleted;
— "Security architecture (ADV_ARC)" and "TOE design (ADV_TDS)" are added in
"ADV class: development";
— "Administrator guidelines (AGD_ADM)" and "User guidelines (AGD_USR)" of
AGD class are amended as "Operator guidelines(AGD_OPE)" and "Preparation
(AGD_PRE)" respectively;
— "CM capability (ACM_CAP)" and "CM scope (ACM_SCP)" in ACM class as well as
"delivery (ADO_DEL)" in ADO class are combined into ALC class;
— "CM automation (ACM_AUT)" in "ACM class: configuration management" is
deleted;
— "Installation, generation and starting (ADO_IGS) in "ADO class: delivery and
operation" is deleted;
— "Test cover (ATE_COV)" is amended as "Cover (ATE_COV)" while "Test depth
(ATE_DPT)" is amended as "Depth (ATE_DPT)”;
— "Concealed channel analysis (AVA_CCA)", "Misusing (AVA_MSU)" and "TOE
strength of function (AVA_SOF)" in "AVA class: vulnerability evaluation" are
deleted;
— "Vulnerability analysis (AVA_VLA)" is amended as "Vulnerability analysis
(AVA_VAN)";
— "16 ACO class: combination" is added;
— "Annex A development (ADV)", "Annex B combination (ACO)" and "Annex D
cross-reference between PP and assurance components" and "Annex F
Cross-reference between CAP and assurance components" are added;
— “Annex A Cross-reference of dependency relationship of assurance components”
is amended as “Annex C Cross-reference of dependency relationship of
assurance components”. “Annex B Cross-reference between EAL and assurance
components” is amended as “Annex E Cross-reference between EAL and
assurance components”.
Page 8 of 223
This Part uses translation method to equivalently adopt the international standard ISO/IEC
15408-2:2008 “Information technology - Security techniques - Evaluation criteria for IT
security -Part 3: Security assurance components”.
The domestic documents that are consistently corresponding to the normative
international references in this Part are as follows:
-- GB/T 18336.1 Information technology - Security techniques - Evaluation criteria for
IT security – Part 1: Introduction and general mode (GB/T 18336.1-2015, ISO/IEC
15408--1:2009, IDT)
-- GB/T 18336.2 Information technology - Security techniques - Evaluation criteria for
IT security - Part 2: Security functional components (GB/T 18336.2-2015, ISO/IEC
15408-2:2008, IDT).
This Part was proposed by and shall be under jurisdiction of China Information Security
Standardization Technical Committee (SAC/TC 260).
The main drafting organizations of this Part: China Information Technology Security
Evaluation Centre, Information Technology Security Test and Evaluation Centre AND The
Third Research Institute of Ministry of Public Security.
The main drafters of this Part: Zhang Chongbin, Guo Ying, Shi Hongsong, Bi Haiying,
Zhang Baofeng, Gao Jinping, Wang Feng, Yang Yongsheng, Li Guojun, Dong Jingjing,
Xie Di, Wang Hongxian, Zhang Yi, Gu Jian, Qiu Zihua, Song Haohao, Chen Yan, Yang
Yuanyuan, Xu Yuan, Rao Huayi, Wu Yushu and Mao Junjie.
The previous editions replaced by this Part are as follows:
-- GB/T 18336.3-2001;
-- GB/T 18336.3-2008.
Page 10 of 223
Information technology - Security techniques -
Evaluation criteria for IT security –
Part 3: Security assurance components
1 Scope
This Part of GB/T 18336 defines the assurance requirements. It includes the evaluation
assurance levels (EALs) that define a scale for measuring assurance for component
TOEs, the composed assurance packages (CAPs) that define a scale for measuring
assurance for composed TOEs, the individual assurance components from which the
assurance levels and packages are composed, and the criteria for evaluation of PPs and
STs.
2 Normative references
The articles contained in the following documents have become part of this document
when they are quoted herein. For the dated documents so quoted, all the modifications
(including all corrections) or revisions made thereafter shall be applicable to this
document.
ISO/IEC 15408-1, Information technology - Security techniques - Evaluation criteria for
IT security - Part 1: Introduction and general model
ISO/IEC 15408-2, Information technology - Security techniques - Evaluation criteria for
IT security - Part 2: Security functional components
3 Terms and definitions
For the purposes of this document, the terms, definitions, symbols and abbreviated terms
given in ISO/IEC 15408-1 apply.
4 Overview
4.1 Organisation of this Part
Clause 5 describes the paradigm used in the security assurance requirements of this Part.
Clause 6 describes the presentation structure of the assurance classes, families,
components, evaluation assurance levels along with their relationships, and the structure
of the composed assurance packages. It also characterises the assurance classes and
families found in Clauses 9 through 16.
Clause 7 provides detailed definitions of the EALs.
GB/T 18336.3-2015
Page 1 of 223
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 18336.3-2015 / ISO/IEC 15408-3:2008
Replacing GB/T 18336.3-2008
Information technology - Security techniques -
Evaluation criteria for IT security –
Part 3: Security assurance components
(ISO/IEC 15408-3:2008, IDT)
ISSUED ON: MAY 15, 2015
IMPLEMENTED ON: JANUARY 01, 2016
Issued by: General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Page 2 of 223
Table of Contents
Foreword ... 6
Introduction ... 9
1 Scope ... 10
2 Normative references ... 10
3 Terms and definitions ... 10
4 Overview ... 10
4.1 Organisation of this Part ... 10
5 Assurance paradigm ... 11
5.1 ISO/IEC 15408 philosophy ... 11
5.2 Assurance approach ... 11
5.3 ISO/IEC 15408 evaluation assurance scale ... 13
6 Security assurance components ... 13
6.1 Security assurance classes, families and components structure
... 13
6.2 EAL structure ... 19
6.3 CAP structure ... 21
7 Evaluation assurance levels ... 24
7.1 Evaluation assurance level (EAL) overview ... 24
7.2 Evaluation assurance level details ... 26
7.3 Evaluation assurance level 1 (EAL1) - functionally tested ... 26
7.4 Evaluation assurance level 2 (EAL2) - structurally tested ... 27
7.5 Evaluation assurance level 3 (EAL3) - methodically tested and
checked ... 28
7.6 Evaluation assurance level 4 (EAL4) - methodically designed,
tested, and reviewed ... 29
7.7 Evaluation assurance level 5 (EAL5) - semiformally designed and
tested ... 31
7.8 Evaluation assurance level 6 (EAL6) - semiformally verified
design and tested ... 32
7.9 Evaluation assurance level 7 (EAL7) - formal...
Share
