Объединенная экспертная группа по инициативе преобразования



страница40/48
Дата09.05.2018
Размер6.15 Mb.
1   ...   36   37   38   39   40   41   42   43   ...   48


Примечание: контент Таблицы H-3, отображение от функциональных требований и требований доверия в ISO/IEC 15408 (Общие Критерии) к мерам безопасности в Специальной публикации 800-53, не затронут изменениями выше.

Таблица H-3 обеспечивает обобщенное отображение функциональных требований и требований доверия из ISO/IEC 15408 (Общие Критерии) к мерам безопасности в Специальной публикации 800-53. Таблица представляет неформальное соответствие между требованиями безопасности и мерами безопасности (то есть, таблица не предназначена, чтобы определить, является ли требования безопасности ISO/IEC 15408 полностью, частично или не удовлетворяющими соответствующим мерам безопасности). Однако таблица может служить выгодной начальной точкой для дальнейшего анализа соответствия. Организации предостерегают, что, удовлетворение требованиям безопасности ISO/IEC 15408 для определенного оцененного и подтвердившего соответствие продукта информационных технологий, что представлено присутствием некоторых мер безопасности из Приложения F, не подразумевает, что такие требования будут удовлетворены всюду по всей информационной системе (которая может состоять из многих, интегрированных отдельных компонентов продуктов). Дополнительная информация, объясняющая конкретные отображения, которые представлены в Таблице H-3, доступна в вебсайте Национального партнерства информационного доверия (NIAP): http://www.niap-cce vs.org.


ТАБЛИЦА H-3: ОТОБРАЖЕНИЕ ISO/IEC 15408 В NIST SP 800-53

ISO/IEC 15408 REQUIREMENTS

NIST SP 800-53 CONTROLS

Functional Requirements




FAU_ARP.1

Security Audit Automatic Response

Security Alarms



AU-5

Response to Audit Processing Failures

AU-5(1)


Response to Audit Processing Failures

Audit Storage Capacity

AU-5(2)


Response to Audit Processing Failures

Real-Time Alerts

AU-5(3)


Response to Audit Processing Failures

Configurable Traffic Volume Thresholds

AU-5(4)


Response to Audit Processing Failures

Shutdown on Failure

PE-6(2)

Monitoring Physical Access

Automated Intrusion Recognition / Responses

SI-3

Malicious Code Protection

SI-3(8)

Malicious Code Protection

Detect Unauthorized Commands

SI-4(5)


Information System Monitoring

System-Generated Alerts

SI-4(7)

Information Systems Monitoring

Automated Response to Suspicious Events

SI-4(22)

Information Systems Monitoring

Unauthorized Network Services

SI-7(2)

Software, Firmware, and Information Integrity

Automated Notifications of Integrity Violations

SI-7(5)

Software, Firmware, and Information Integrity

Automated Response to Integrity Violations

SI-7(8)

Software, Firmware, and Information Integrity

Auditing Capability for Significant Events

FAU_GEN.1

Security Audit Data Generation

Audit Data Generation



AU-2

Audit Events

AU-3

Content of Audit Records

AU-3(1)

Content of Audit Records

Additional Audit Information

AU-12

Audit Generation

FAU_GEN.2

Security Audit Data Generation

User Identity Association



AU-3

Content of Audit Records

FAU_SAA.1

Security Audit Analysis

Potential Violation Analysis



SI-4

Information System Monitoring

FAU_SAA.2

Security Audit Analysis

Profile-Based Anomaly Detection



AC-2(12)

Account Management

Account Monitoring / Atypical Usage

SI-4

Information System Monitoring

FAU_SAA.3

Security Audit Analysis

Simple Attack Heuristics



SI-3(7)


Malicious Code Protection

Non Signature-Based Protection

SI-4

Information System Monitoring

FAU_SAA.4

Security Audit Analysis

Complex Attack Heuristics



SI-3(7)


Malicious Code Protection

Non Signature-Based Protection

SI-4

Information System Monitoring

FAU_SAR.1

Security Audit Review

Audit Review



AU-7

Audit Reduction and Report Generation

FAU_SAR.2

Security Audit Review

Restricted Audit Review



AU-9(6)


Protection of Audit Information

Read Only Access

FAU_SAR.3

Security Audit Review

Selectable Audit Review



AU-7

Audit Reduction and Report Generation

AU-7(1)

Audit Reduction and Report Generation

Automatic Processing

AU-7(2)

Audit Reduction and Report Generation

Automatic Sort and Search

FAU_SEL.1

Security Audit Event Selection

Selective Audit



AU-12

Audit Generation

FAU_STG.1

Security Audit Event Storage

Protected Audit Trail Storage



AU-9

Protection of Audit Information

FAU_STG.2

Security Audit Event Storage

Guarantees of Audit Data Availability



AU-9

Protection of Audit Information

Alternate audit capability

FAU_STG.3

Security Audit Event Storage

Action In Case of Possible Audit Data Loss



AU-5

Response to Audit Processing Failures

AU-5(1)

Response to Audit Processing Failures

Audit Storage Capacity

AU-5(2)

Response To Audit Processing Failures

Real-Time Alerts

AU-5(4)

Response To Audit Processing Failures

Shutdown on Failure

FAU_STG.4

Security Audit Event Storage

Prevention of Audit Data Loss



AU-4

Audit Storage Capacity

AU-5

Response to Audit Processing Failures

AU-5(2)

Response To Audit Processing Failures

Real-Time Alerts

AU-5(4)

Response To Audit Processing Failures

Shutdown on Failure

FCO_NRO.1

Non-Repudiation of Origin

Selective Proof of Origin



AU-10

Non-Repudiation

AU-10(1)

Non-Repudiation

Association Of Identities

AU-10(2)

Non-Repudiation

Validate Binding of Information Producer

Identity


FCO_NRO.2

Non-Repudiation of Origin

Enforced Proof of Origin



AU-10

Non-Repudiation

AU-10(1)

Non-Repudiation

Association Of Identities

AU-10(2)

Non-Repudiation

Validate Binding of Information Producer

Identity

FCO_NRR.1

Non-Repudiation of Receipt

Selective Proof of Receipt



AU-10

Non-Repudiation

AU-10(1)

Non-Repudiation

Association Of Identities

AU-10(2)

Non-Repudiation

Validate Binding of Information Producer

Identity

FCO_NRR.2

Non-Repudiation of Receipt

Enforced Proof of Receipt



AU-10

Non-Repudiation

AU-10(1)

Non-Repudiation

Association Of Identities

AU-10(2)

Non-Repudiation

Validate Binding of Information Producer

Identity

FCS_CKM.1

Cryptographic Key Management

Cryptographic Key Generation



SC-12


Cryptographic Key Establishment and Management

FCS_CKM.2

Cryptographic Key Management

Cryptographic Key Distribution



SC-12


Cryptographic Key Establishment and Management

FCS_CKM.3

Cryptographic Key Management

Cryptographic Key Access



SC-12


Cryptographic Key Establishment and Management

FCS_CKM.4

Cryptographic Key Management

Cryptographic Key Destruction



SC-12


Cryptographic Key Establishment and Management

FCS_COP.1

Cryptographic Operation

Cryptographic Operation



SC-13

Cryptographic Protection

FDP_ACC.1

Access Control Policy

Subset Access Control



AC-3

Access Enforcement

AC-3(3)

Access Enforcement

Mandatory Access Control

AC-3(4)

Access Enforcement

Discretionary Access Control

AC-3(7)

Access Enforcement

Role-Based Access Control

FDP_ACC.2

Access Control Policy

Complete Access Control



AC-3

Access Enforcement

AC-3(3)

Access Enforcement

Mandatory Access Control

AC-3(4)

Access Enforcement

Discretionary Access Control

AC-3(7)

Access Enforcement

Role-Based Access Control

FDP_ACF.1

Access Control Functions

Security Attribute Based Access Control



AC-3

Access Enforcement

AC-3(3)

Access Enforcement

Mandatory Access Control

AC-3(4)

Access Enforcement

Discretionary Access Control

AC-3(7)

Access Enforcement

Role-Based Access Control

AC-16

Security Attributes


SC-16

Transmission of Security Attributes

FDP_DAU.1

Data Authentication

Basic Data Authentication



SI-7

Software, Firmware, and Information Integrity

SI-7(1)

Software, Firmware, and Information Integrity

Integrity Checks

SI-7(6)

Software, Firmware, And Information Integrity

Cryptographic Protection

SI-10

Information Input Validation

FDP_DAU.2

Data Authentication

Data Authentication With Identity of Guarantor



SI-7

Software, Firmware, and Information Integrity

SI-7(1)

Software, Firmware, and Information Integrity

Integrity Checks

SI-7(6)

Software, Firmware, And Information Integrity

Cryptographic Protection

SI-10

Information Input Validation


FDP_ETC.1

Export from the TOE

Export of User Data without Security Attributes



No Mapping.

FDP_ETC.2

Export from the TOE

Export of User Data with Security Attributes



AC-4(18)

Information Flow Enforcement

Security Attribute Binding

AC-16

Security Attributes

AC-16(5)

Security Attributes

Attribute Displays for Output Devices

SC-16

Transmission of Security Attributes

FDP_IFC.1

Information Flow Control Policy

Subset Information Flow Control



AC-3

Access Enforcement

AC-3(3)

Access Enforcement

Mandatory Access Control

AC-4

Information Flow Enforcement



Поделитесь с Вашими друзьями:
1   ...   36   37   38   39   40   41   42   43   ...   48


База данных защищена авторским правом ©vossta.ru 2019
обратиться к администрации

    Главная страница