ISO/IEC TECHNICAL REPORT TR 19791 Second edition 2010-04-01 Information technology Security techniques Security assessment of operational systems Technologies de I'information - Techniques de sécurite - Evaluation de la sécurité des systemes opéerationnels Reference number ISO/IEC TR 19791:2010(E) IEC ISO @ ISO/IEC 2010 IHSunder Not for Resale ISO/IEC TR19791:2010(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by IsO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC2010 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either isO at the address below or ISO's member body in the country of the requester. ISO copyright office Case postale 56 . CH-1211 Geneva 20 Tel. + 4122 749 01 11 Fax + 41 22 749 09 47 E-mail [email protected] Web www.iso.org Published in Switzerland ISO/IEC2010-All rightsreserved I without license from IHS Not for Resale ISO/IEC TR 19791:2010(E) Contents Page Foreword. Introduction .vi 1 Scope. 2 Normative references.. 3 Terms and definitions . 4 Abbreviated terms .... 5 Structure of this Technical Report 6 Technical approach.... 6.1 The nature of operational systems.. 6.2 Establishing operational system security ... 6.3 Security in the operational system life cycle 6.4 Relationship to other systems .... 10 7 Extending IsO/lEc 15408 evaluation concepts to operational systems 10 7.1 Overview... 10 7.2 General philosophy.... 10 7.3 7.4 Composite operational systems ... 14 7.5 Domain Assurance.... 16 7.6 Types of security controls... 18 7.7 System security functionality 20 7.8 Timing of evaluation.. 21 7.9 Use of evaluated products 22 7.10 Documentation requirements 7.11 Testing activities ... 24 7.12 Configuration management.. 25 8 Relationship to existing security standards... .25 8.1 .25 8.2 Relationship to ISO/IEC 15408 .... 8.3 Relationship to non-evaluation standards . 27 8.4 Relationship to Common Criteria development. 28 9 Evaluation of operational systems .... .28 9.1 9.2 Evaluation roles and responsibilities.... 28 9.3 Risk assessment and determination of unacceptable risks .. 30 9.4 Securityproblem definition........... 30 9.5 Security objectives... 9.6 Security requirements... 9.7 The System Security Target (SST) 33 9.8 .35 Annex A (normative) Operational system Protection Profiles and Security Targets .36 A.1 Specification of System Security Targets..... A.2 Specification of System Protection Profiles.... Annex B (normative) Operational system functional control requirements.. B.1 Introduction.. 49 B.2 Class FOD: Administration.. B.3 Class FOS: IT systems... 59 ili se from IHS Not for Resale ISO/IEC TR 19791:2010(E) B.4 Class FOA: User Assets... B.5 ClassFOB:Business .71 B.6 Class FOP: Facility and Equipment .73 B.7 Class FOT: Third parties... B.8 Class FOM: Management. ..80 Annex C (normative) Operational system assurance requirements..... C.1 Introduction.... ..84 C.2 Class AsP: System Protection Profile evaluation.. .89 C.3 Class AsS: System Security Target evaluation.... C.4 Class AoD: Operational system guidance document. 115 c.5 Class AsD: Operational System architecture, design and configuration documentation. .120 C.6 Class Ao