PD CEN ISO/TS 17574:2017
Current
The latest, up-to-date edition.
Electronic fee collection. Guidelines for security protection profiles
Hardcopy , PDF
English
04-30-2017
European foreword
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 EFC security architecture and protection profile processes
6 Outlines of Protection Profile
Annex A (informative) - Procedures for preparing
documents
Annex B (informative) - Example of threat
analysis evaluation method
Annex C (informative) - Relevant security standards
in the context of the EFC
Annex D (informative) - Common Criteria Recognition
Arrangement (CCRA)
Bibliography
Gives guidelines for preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in ISO/IEC 15408 (all parts) and in ISO/IEC TR 15446.
Committee |
EPL/278
|
DevelopmentNote |
Supersedes DD CEN ISO/TS 17574. (04/2017)
|
DocumentType |
Standard
|
Pages |
64
|
PublisherName |
British Standards Institution
|
Status |
Current
|
Supersedes | |
UnderRevision |
This document provides guidelines for preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in ISO/IEC15408 ( allparts ) and in ISO/IECTR15446 . By Protection Profile (PP), it means a set of security requirements for a category of products or systems that meet specific needs. A typical example would be a PP for On-Board Equipment (OBE) to be used in an EFC system. However, the guidelines in this document are superseded if a Protection Profile already exists for the subsystem in consideration. The target of evaluation (TOE) for EFC is limited to EFC specific roles and interfaces as shown in Figure 1. Since the existing financial security standards and criteria are applicable to other external roles and interfaces, they are assumed to be outside the scope of TOE for EFC. Figure1 Scope of TOE for EFC The security evaluation is performed by assessing the security-related properties of roles, entities and interfaces defined in security targets (STs), as opposed to assessing complete processes which often are distributed over more entities and interfaces than those covered by the TOE of this document. NOTE Assessing security issues for complete processes is a complimentary approach, which may well be beneficial to apply when evaluating the security of a system.
Standards | Relationship |
ISO/TS 17574:2017 | Identical |
CEN ISO/TS 17574:2017 | Identical |
ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
ISO 17575-3:2016 | Electronic fee collection Application interface definition for autonomous systems Part 3: Context data |
ISO 17575-1:2016 | Electronic fee collection Application interface definition for autonomous systems Part 1: Charging |
ISO 17573:2010 | Electronic fee collection Systems architecture for vehicle-related tolling |
ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
CEN/TS 16702-1:2014 | Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking |
ISO/IEC 9798-4:1999 | Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function |
ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
ISO 14906:2011 | Electronic fee collection Application interface definition for dedicated short-range communication |
ISO/IEC TR 15446:2017 | Information technology Security techniques Guidance for the production of protection profiles and security targets |
ISO/IEC 9797-1:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher |
ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
CEN/TS 16702-2:2015 | Electronic fee collection - Secure monitoring for autonomous toll systems - Part 2: Trusted recorder |
ISO/TS 19299:2015 | Electronic fee collection Security framework |
ISO 17575-2:2016 | Electronic fee collection Application interface definition for autonomous systems Part 2: Communication and connection to the lower layers |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.