ISO/IEC JTC 1/SC 27
| Projekta Nr. | ISO/IEC TS 19608:2018 |
|---|---|
| Nosaukums | <p>This document provides guidance for:</p> <p>— selecting and specifying security functional requirements (SFRs) from ISO/IEC 15408-2 to protect Personally Identifiable Information (PII);</p> <p>— the procedure to define both privacy and security functional requirements in a coordinated manner; and</p> <p>— developing privacy functional requirements as extended components based on the privacy principles defined in ISO/IEC 29100 through the paradigm described in ISO/IEC 15408-2.</p> <p>The intended audience for this document are:</p> <p>— developers who implement products or systems that deal with PII and want to undergo a security evaluation of those products using ISO/IEC 15408. They will get guidance how to select security functional requirements for the Security Target of their product or system that map to the privacy principles defined in ISO/IEC 29100;</p> <p>— authors of Protection Profiles that address the protection of PII; and</p> <p>— evaluators that use ISO/IEC 15408 and ISO/IEC 18045 for a security evaluation.</p> <p>This document is intended to be fully consistent with ISO/IEC 15408; however, in the event of any inconsistency between this document and ISO/IEC 15408, the latter, as a normative standard, takes precedence.</p> |
| Reģistrācijas numurs (WIID) | 65459 |
| Darbības sfēra | <p>This document provides guidance for:</p> <p>— selecting and specifying security functional requirements (SFRs) from ISO/IEC 15408-2 to protect Personally Identifiable Information (PII);</p> <p>— the procedure to define both privacy and security functional requirements in a coordinated manner; and</p> <p>— developing privacy functional requirements as extended components based on the privacy principles defined in ISO/IEC 29100 through the paradigm described in ISO/IEC 15408-2.</p> <p>The intended audience for this document are:</p> <p>— developers who implement products or systems that deal with PII and want to undergo a security evaluation of those products using ISO/IEC 15408. They will get guidance how to select security functional requirements for the Security Target of their product or system that map to the privacy principles defined in ISO/IEC 29100;</p> <p>— authors of Protection Profiles that address the protection of PII; and</p> <p>— evaluators that use ISO/IEC 15408 and ISO/IEC 18045 for a security evaluation.</p> <p>This document is intended to be fully consistent with ISO/IEC 15408; however, in the event of any inconsistency between this document and ISO/IEC 15408, the latter, as a normative standard, takes precedence.</p> |
| Statuss | Atcelts |
| ICS grupa | 35.040 35.030 |