ISO 19608:2018
ISO 19608:2018 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408
CDN $336.00
Description
This document provides guidance for:
– selecting and specifying security functional requirements (SFRs) from ISO/IEC 15408-2 to protect Personally Identifiable Information (PII);
– the procedure to define both privacy and security functional requirements in a coordinated manner; and
– developing privacy functional requirements as extended components based on the privacy principles defined in ISO/IEC 29100 through the paradigm described in ISO/IEC 15408-2.
The intended audience for this document are:
– developers who implement products or systems that deal with PII and want to undergo a security evaluation of those products using ISO/IEC 15408. They will get guidance how to select security functional requirements for the Security Target of their product or system that map to the privacy principles defined in ISO/IEC 29100;
– authors of Protection Profiles that address the protection of PII; and
– evaluators that use ISO/IEC 15408 and ISO/IEC 18045 for a security evaluation.
This document is intended to be fully consistent with ISO/IEC 15408; however, in the event of any inconsistency between this document and ISO/IEC 15408, the latter, as a normative standard, takes precedence.
Edition
1
Published Date
2018-10-19
Status
PUBLISHED
Pages
48
Language
English
Format
Secure PDF
Secure – PDF details
- Save your file locally or view it via a web viewer
- Viewing permissions are restricted exclusively to the purchaser
- Device limits - 3
- Printing – Enabled only to print (1) copy
See more about our Environmental Commitment
Abstract
This document provides guidance for:
- selecting and specifying security functional requirements (SFRs) from ISO/IEC 15408-2 to protect Personally Identifiable Information (PII);
- the procedure to define both privacy and security functional requirements in a coordinated manner; and
- developing privacy functional requirements as extended components based on the privacy principles defined in ISO/IEC 29100 through the paradigm described in ISO/IEC 15408-2.
The intended audience for this document are:
- developers who implement products or systems that deal with PII and want to undergo a security evaluation of those products using ISO/IEC 15408. They will get guidance how to select security functional requirements for the Security Target of their product or system that map to the privacy principles defined in ISO/IEC 29100;
- authors of Protection Profiles that address the protection of PII; and
- evaluators that use ISO/IEC 15408 and ISO/IEC 18045 for a security evaluation.
This document is intended to be fully consistent with ISO/IEC 15408; however, in the event of any inconsistency between this document and ISO/IEC 15408, the latter, as a normative standard, takes precedence.
Previous Editions
Can’t find what you are looking for?
Please contact us at:
Related Documents
-
ISO 22739:2024 Blockchain and distributed ledger technologies – Vocabulary
CDN $186.00 Add to cart -
ISO 27554:2024 Information security, cybersecurity and privacy protection – Application of ISO 31000 for assessment of identity-related risk
CDN $186.00 Add to cart -
ISO 27013:2024 Information security, cybersecurity and privacy protection – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 – Amendment 1
CDN $33.00 Add to cart -
ISO 20243:2023 Information technology – Open Trusted Technology ProviderTM Standard (O-TTPS) – Part 1: Requirements and recommendations for mitigating maliciously tainted and counterfeit products
CDN $295.00 Add to cart
