Indisponible en français

Résumé Preview

This document provides guidance for:

— selecting and specifying security functional requirements (SFRs) from ISO/IEC 15408-2 to protect Personally Identifiable Information (PII);

— the procedure to define both privacy and security functional requirements in a coordinated manner; and

— developing privacy functional requirements as extended components based on the privacy principles defined in ISO/IEC 29100 through the paradigm described in ISO/IEC 15408-2.

The intended audience for this document are:

— developers who implement products or systems that deal with PII and want to undergo a security evaluation of those products using ISO/IEC 15408. They will get guidance how to select security functional requirements for the Security Target of their product or system that map to the privacy principles defined in ISO/IEC 29100;

— authors of Protection Profiles that address the protection of PII; and

— evaluators that use ISO/IEC 15408 and ISO/IEC 18045 for a security evaluation.

This document is intended to be fully consistent with ISO/IEC 15408; however, in the event of any inconsistency between this document and ISO/IEC 15408, the latter, as a normative standard, takes precedence.


Informations générales

  • État actuel :  Publiée
    Date de publication : 2018-10
  • Edition : 1
  • :
    ISO/IEC JTC 1/SC 27
    Sécurité de l’information, cybersécurité et protection de la vie privée
  • 35.030
    Sécurité des technologies de l’information

Acheter cette norme

Format Langue
PDF
Papier
  • CHF158

Vous avez une question?

Consulter notre FAQ

Service à la clientèle
+41 22 749 08 88

Horaires d’ouverture:
De lundi à vendredi - 09:00-12:00, 14:00-17:00 (UTC+1)

Suivez l'actualité de l'ISO

Inscrivez-vous à notre Newsletter (en anglais) pour suivre nos actualités, points de vue et informations sur nos produits.