UNE-ISO/IEC TR 19791:2013 IN
Current
The latest, up-to-date edition.
Information technology. Security techniques. Security assessment of operational systems
Spanish, Castilian, English - Spanish, Castilian, English
30-04-2013
This Technical Report provides guidance and criteria for the security evaluation of operational systems. It provides an extension to the scope of ISO/IEC 15408, by taking into account a number of critical aspects of operational systems not addressed in ISO/IEC 15408 evaluation. The principal extensions that are required address evaluation of the operational environment surrounding the target of evaluation, and the decomposition of complex operational systems into security domains that can be separately evaluated.This Technical Report providesa) a definition and model for operational systems,b) a description of the extensions to ISO/IEC 15408 evaluation concepts needed to evaluate such operational systems,c) a methodology and process for performing the security evaluation of operational systems,d) additional security evaluation criteria to address those aspects of operational systems not covered by the ISO/IEC 15408 evaluation criteria.This Technical Report permits the incorporation of security products evaluated against ISO/IEC 15408 into operational systems evaluated as a whole using this Technical Report.This Technical Report is limited to the security evaluation of operational systems and does not consider other forms of system assessment. It does not define techniques for the identification, assessment and acceptance of operational risk.
| Committee |
CTN 320
|
| DocumentType |
Standard
|
| Pages |
244
|
| PublisherName |
Asociación Española de Normalización
|
| Status |
Current
|
| Standards | Relationship |
| ISO/IEC TR 19791:2010 | Identical |
| ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
| ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
| ISO/IEC 27002:2013 | Information technology — Security techniques — Code of practice for information security controls |
| ISO/IEC 21827:2008 | Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®) |
| ISO/IEC 27005:2011 | Information technology — Security techniques — Information security risk management |
| ISO/IEC TR 15446:2017 | Information technology — Security techniques — Guidance for the production of protection profiles and security targets |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
| ISO/IEC 18045:2008 | Information technology — Security techniques — Methodology for IT security evaluation |
| ISO Guide 73:2009 | Risk management — Vocabulary |
Access your standards online with a subscription
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.
Important note : All end users must be registered with an Account prior to user licenses being assigned.