ISO 20004:2015
ISO 20004:2015 Information technology – Security techniques – Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045
CDN $186.00
Description
ISO/IEC TR 20004:2015 refines the AVA_VAN assurance family activities defined in ISO/IEC 18045 and provides more specific guidance on the identification, selection and assessment of relevant potential vulnerabilities in order to conduct an ISO/IEC 15408 evaluation of a software target of evaluation. This Technical Report leverages publicly available information security resources to support the method of scoping and implementing ISO/IEC 18045 vulnerability analysis activities. The Technical Report currently uses the common weakness enumeration (CWE) and the common attack pattern enumeration and classification (CAPEC), but does not preclude the use of any other appropriate resources. Furthermore, this Technical Report is not meant to address all possible vulnerability analysis methods, including those that fall outside the scope of the activities outlined in ISO/IEC 18045.
ISO/IEC TR 20004:2015 does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance.
Edition
2
Published Date
2015-12-08
Status
PUBLISHED
Pages
17
Language
English
Format
Secure PDF
Secure – PDF details
- Save your file locally or view it via a web viewer
- Viewing permissions are restricted exclusively to the purchaser
- Device limits - 3
- Printing – Enabled only to print (1) copy
See more about our Environmental Commitment
Abstract
ISO/IEC TR 20004:2015 refines the AVA_VAN assurance family activities defined in ISO/IEC 18045 and provides more specific guidance on the identification, selection and assessment of relevant potential vulnerabilities in order to conduct an ISO/IEC 15408 evaluation of a software target of evaluation. This Technical Report leverages publicly available information security resources to support the method of scoping and implementing ISO/IEC 18045 vulnerability analysis activities. The Technical Report currently uses the common weakness enumeration (CWE) and the common attack pattern enumeration and classification (CAPEC), but does not preclude the use of any other appropriate resources. Furthermore, this Technical Report is not meant to address all possible vulnerability analysis methods, including those that fall outside the scope of the activities outlined in ISO/IEC 18045.
ISO/IEC TR 20004:2015 does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance.
Previous Editions
Can’t find what you are looking for?
Please contact us at:
Related Documents
-
ISO 27006:2021 Requirements for bodies providing audit and certification of information security management systems – Part 2: Privacy information management systems
CDN $124.00 Add to cart -
ISO 27000:2018 Information technology – Security techniques – Information security management systems – Overview and vocabulary
CDN $0.00 Add to cart -
ISO 27402:2023 Cybersecurity – IoT security and privacy – Device baseline requirements
CDN $186.00 Add to cart -
ISO 20648:2024 Information technology – TLS specification for storage systems
CDN $186.00 Add to cart
