ISO/IEC TR 15446

ISO/IEC TR 15446 – Information technology -- Security techniques -- Guide for the production of Protection Profiles and Security Targets

Published under Risk Management
Title: ISO/IEC TR 15446:2004 – Information technology -- Security techniques -- Guide for the production of Protection Profiles and Security Targets
Source reference: http://isotc.iso.org/
Topic: Technical Report (TR) containing guidelines for the construction of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with ISO/IEC 15408 (the "Common Criteria").

Note: PPs and STs are described in the TR as follows:

“The purpose of a Protection Profile (PP) is to state a security problem rigorously for a given collection of systems or products - known as the Target Of Evaluation (TOE) - and to specify security requirements to address that problem without dictating how these requirements will be implemented.
[…]
A Security Target (ST) is similar to PP, except that it contains additional implementation-specific information detailing how the security requirements are realised in a particular product or system.”

(Source: http://standards.iso.org/)
Direct / indirect relevance Indirect. The text is a resource for the definition of security concepts, but has no direct implications for RM/RA as such.
Scope: Publicly available ISO TR, which can be voluntarily adhered to.
Legal force: Nonbinding ISO TR.
Affected sectors: Generic. The standard can be adhered to by any security professional involved in creating PPs and STs.
Relevant provision(s): The standard describes how PPs and STs should be created, including a description of which information should be provided; and provides a number of practical examples of complaints PPs and STs.
Relevance to RM/RA: The standard is predominantly used as a tool for security professionals to develop PPs and STs, but can also be used to assess the validity of the same (by using the TR as a yardstick to determine if its standards have been obeyed). Thus, it is a (nonbinding) normative tool for the creation and assessment of RM/RA practices.
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies