PD ISO/IEC TR 15446:2004 provides guidance relating to the construction of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with BS ISO/IEC 15408 (the ‘Common Criteria’).
This document is an informational ISO Technical Report intended for guidance only. It should not be cited as a standard on the content or structure for the evaluation of PPs and STs. It is intended to be fully consistent with ISO/IEC 15408; however, in the event of any inconsistency between this Technical Report and ISO/IEC 15408, the latter takes precedence.
Who should use this document?
PD ISO/IEC TR 15446:2004 is primarily aimed at those who are involved in the development of PPs and STs. However, it is also likely to be useful to evaluators of PPs and STs and to those who are responsible for monitoring PP and ST evaluation. It may also be of interest to consumers and users of PPs and STs who wish to understand what guidance the PP/ST author used, and which parts of the PP or ST are of principal interest.
Contents
- Foreword
- Introduction
- Scope
- Normative references
- Terms and definitions
- Abbreviations
- Purpose of this Technical Report
- Overview of the PP and ST
- Descriptive parts of the PP and ST
- The TOE security environment
- The security objectives
- Security requirements
- The TOE summary specification
- PP Claims
- PP and ST rationale
- PPs and STs for composite and component TOEs
- Functional and assurance packages
- Annex A (informative) - Guidance checklist
- Annex B (informative) - Generic examples
- Annex C (informative) - Specifying cryptographic functionality
- Annex D (informative) - Worked example: Firewall PP and ST
- Annex E (informative) - Worked example: Database PP
- Annex F (informative) - Worked example: Trusted third party PP
- Bibliography