Over deze norm
This document gives guidelines for the preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in ISO/IEC 15408 Evaluation criteria for IT security and ISO/IEC PDTR 15446 Guide for the production of protection profiles and security target. By a Protection Profile (PP) is meant a set of security requirements for a category of products or systems which meet specific needs. A typical example would be a PP for OBEs to be used in an EFC system and in this case the PP would be an implementation-independent set of security requirements for the OBEs meeting the operators and users needs for security. The document uses an OBE with an integrated circuit(s) card (ICC) as an example describing both the structure of the PP as well as the proposed content. Figure 1 shows how this document fits in the overall picture of EFC security architecture. The shaded boxes are the aspects mostly related to the preparation of PPs for EFC systems. The main purpose of a PP is to analyse the security environment of a subject and then to specify the requirements meeting the threats being the output of the security environment analysis. The subject studied is called the Target of Evaluation (TOE). In this document, an OBE with an ICC is used as an example of the TOE. A PP can be registered publicly by the entity preparing the PP in order to make it known and available to other parties that can use the same PP for their own EFC systems. By a Security Target (ST) is meant a set of security requirements and specifications to be used as the basis for evaluation of an identified TOE. While the PP can be looked upon as the EFC operator requirements the ST can be looked upon as the documentation of a supplier as for the compliance with and fulfilment of the PP for the TOE, e.g. an OBE. Figure 3 shows a simplified picture and example of the relationships between the EFC operator, the EFC equipment supplier and an evaluator. As for international registry organisation, i.e. Common Criteria Recognition Arrangement (CCRA) and current registered PPs, reference is made to Annex D. The ST is similar to the PP, except that it contains additional implementation-specific information detailing how the security requirements are realised in a particular product or system. Hence, the ST includes the following parts not found in a PP:-a TOE summary specification that presents the TOE-specific security functions and assurance measures;-an optional PP claims portion that explains PPs the ST is claimed to be conformant with (if any);-finally the rational contains additional evidence establishing that the TOE summary specifications ensures satisfaction of the implementation-independent requirements, and that claims about PP conformance are satisfied. Actual security functions of EFC products will be designed based on this ST, see example in Figure 4. TOE for EFC is limited to EFC specific entities and interfaces such as for Users, Service Providers and communication link (DSRC or CN) between Users and Service Providers, which are essential to EFC systems and are shown shadowed in Figure 5. Since the existing financial security standards and criteria are applicable to other entities and interfaces, they are assumed to be outside the scope of TOE for EFC. The security evaluation is performed by assessing the security related properties of entities and interfaces defined in STs, as opposed to assessing complete processes which often are distributed over more entities and interfaces than those covered by the TOE of this document. NOTE Assessing security issues for complete processes is a complimentary approach, which may well be beneficial to apply when evaluating the security of a system. In Annex A, the guideline for preparing EFC/PP is described by using an OBE as an example of EFC products. The crucial communication link in this Annex (between the OBE and the RSE) is based on DSRC.
|Nederlandse titel||Telematica voor wegvervoer- en verkeer - Electronische tolheffing (EFC) - Richtlijnen voor EFC veiligheidsbeschermingsprofielen|
|Engelse titel||Road Transport and Traffic Telematics - Electronic Fee Collection (EFC) - Guidelines for EFC security Protection Profiles|