Joint task force transformation initiative



Yüklə 5,64 Mb.
səhifə170/186
tarix08.01.2019
ölçüsü5,64 Mb.
#93199
1   ...   166   167   168   169   170   171   172   173   ...   186



Table H-3 provides a generalized mapping from the functional and assurance requirements in ISO/IEC 15408 (Common Criteria) to the security controls in Special Publication 800-53. The table represents an informal correspondence between security requirements and security controls (i.e., the table is not intended to determine whether the ISO/IEC 15408 security requirements are fully, partially, or not satisfied by the associated security controls). However, the table can serve as a beneficial starting point for further correspondence analysis. Organizations are cautioned that satisfying ISO/IEC 15408 security requirements for an particular evaluated and validated information technology product as represented by the presence of certain security controls from Appendix F, does not imply that such requirements have been satisfied throughout the entire information system (which may consist of multiple, integrated individual component products). Additional information explaining the specific mappings that appear in Table H-3 is available at the National Information Assurance Partnership (NIAP) website at: http://www.niap-ccevs.org.

TABLE H-3: MAPPING ISO/IEC 15408 TO NIST SP 800-53

ISO/IEC 15408 REQUIREMENTS

NIST SP 800-53 CONTROLS

Functional Requirements




FAU_ARP.1

Security Audit Automatic Response

Security Alarms



AU-5

Response to Audit Processing Failures

AU-5 (1)


Response to Audit Processing Failures

Audit Storage Capacity

AU-5 (2)


Response to Audit Processing Failures

Real-Time Alerts

AU-5 (3)


Response to Audit Processing Failures

Configurable Traffic Volume Thresholds

AU-5 (4)


Response to Audit Processing Failures

Shutdown on Failure

PE-6 (2)

Monitoring Physical Access

Automated Intrusion Recognition / Responses

SI-3

Malicious Code Protection

SI-3 (8)

Malicious Code Protection

Detect Unauthorized Commands

SI-4 (5)


Information System Monitoring

System-Generated Alerts

SI-4 (7)

Information Systems Monitoring

Automated Response to Suspicious Events

SI-4 (22)

Information Systems Monitoring

Unauthorized Network Services

SI-7 (2)

Software, Firmware, and Information Integrity

Automated Notifications of Integrity Violations

SI-7 (5)

Software, Firmware, and Information Integrity

Automated Response to Integrity Violations

SI-7 (8)

Software, Firmware, and Information Integrity

Auditing Capability for Significant Events

FAU_GEN.1

Security Audit Data Generation

Audit Data Generation



AU-2

Audit Events

AU-3

Content of Audit Records

AU-3 (1)

Content of Audit Records

Additional Audit Information

AU-12

Audit Generation

FAU_GEN.2

Security Audit Data Generation

User Identity Association



AU-3

Content of Audit Records

FAU_SAA.1

Security Audit Analysis

Potential Violation Analysis



SI-4

Information System Monitoring

FAU_SAA.2

Security Audit Analysis

Profile-Based Anomaly Detection



AC-2 (12)

Account Management

Account Monitoring / Atypical Usage

SI-4

Information System Monitoring

FAU_SAA.3

Security Audit Analysis

Simple Attack Heuristics



SI-3 (7)


Malicious Code Protection

Non Signature-Based Protection

SI-4

Information System Monitoring

FAU_SAA.4

Security Audit Analysis

Complex Attack Heuristics





SI-3 (7)


Malicious Code Protection

Non Signature-Based Protection

SI-4

Information System Monitoring

FAU_SAR.1

Security Audit Review

Audit Review



AU-7

Audit Reduction and Report Generation

FAU_SAR.2

Security Audit Review

Restricted Audit Review



AU-9 (6)


Protection of Audit Information

Read Only Access

FAU_SAR.3

Security Audit Review

Selectable Audit Review



AU-7

Audit Reduction and Report Generation

AU-7 (1)

Audit Reduction and Report Generation

Automatic Processing

AU-7 (2)

Audit Reduction and Report Generation

Automatic Sort and Search

FAU_SEL.1

Security Audit Event Selection

Selective Audit



AU-12

Audit Generation

FAU_STG.1

Security Audit Event Storage

Protected Audit Trail Storage



AU-9

Protection of Audit Information

FAU_STG.2

Security Audit Event Storage

Guarantees of Audit Data Availability



AU-9

Protection of Audit Information

Alternate audit capability

FAU_STG.3

Security Audit Event Storage

Action In Case of Possible Audit Data Loss



AU-5

Response to Audit Processing Failures

AU-5 (1)

Response to Audit Processing Failures

Audit Storage Capacity

AU-5 (2)

Response To Audit Processing Failures

Real-Time Alerts

AU-5 (4)

Response To Audit Processing Failures

Shutdown on Failure

FAU_STG.4

Security Audit Event Storage

Prevention of Audit Data Loss



AU-4

Audit Storage Capacity

AU-5

Response to Audit Processing Failures

AU-5 (2)

Response To Audit Processing Failures

Real-Time Alerts

AU-5 (4)

Response To Audit Processing Failures

Shutdown on Failure

FCO_NRO.1

Non-Repudiation of Origin

Selective Proof of Origin



AU-10

Non-Repudiation

AU-10 (1)

Non-Repudiation

Association Of Identities

AU-10 (2)

Non-Repudiation

Validate Binding of Information Producer

Identity

FCO_NRO.2

Non-Repudiation of Origin

Enforced Proof of Origin



AU-10

Non-Repudiation

AU-10 (1)

Non-Repudiation

Association Of Identities

AU-10 (2)

Non-Repudiation

Validate Binding of Information Producer

Identity

FCO_NRR.1

Non-Repudiation of Receipt

Selective Proof of Receipt



AU-10

Non-Repudiation

AU-10 (1)

Non-Repudiation

Association Of Identities

AU-10 (2)

Non-Repudiation

Validate Binding of Information Producer

Identity

FCO_NRR.2

Non-Repudiation of Receipt

Enforced Proof of Receipt



AU-10

Non-Repudiation

AU-10 (1)

Non-Repudiation

Association Of Identities

AU-10 (2)

Non-Repudiation

Validate Binding of Information Producer

Identity

FCS_CKM.1

Cryptographic Key Management

Cryptographic Key Generation



SC-12


Cryptographic Key Establishment and Management

FCS_CKM.2

Cryptographic Key Management

Cryptographic Key Distribution



SC-12


Cryptographic Key Establishment and Management

FCS_CKM.3

Cryptographic Key Management

Cryptographic Key Access



SC-12


Cryptographic Key Establishment and Management

FCS_CKM.4

Cryptographic Key Management

Cryptographic Key Destruction



SC-12


Cryptographic Key Establishment and Management

FCS_COP.1

Cryptographic Operation

Cryptographic Operation



SC-13

Cryptographic Protection

FDP_ACC.1

Access Control Policy

Subset Access Control



AC-3

Access Enforcement

AC-3 (3)

Access Enforcement

Mandatory Access Control

AC-3 (4)

Access Enforcement

Discretionary Access Control

AC-3 (7)

Access Enforcement

Role-Based Access Control

FDP_ACC.2

Access Control Policy

Complete Access Control



AC-3

Access Enforcement

AC-3 (3)

Access Enforcement

Mandatory Access Control

AC-3 (4)

Access Enforcement

Discretionary Access Control

AC-3 (7)

Access Enforcement

Role-Based Access Control

FDP_ACF.1

Access Control Functions

Security Attribute Based Access Control



AC-3

Access Enforcement

AC-3 (3)

Access Enforcement

Mandatory Access Control

AC-3 (4)

Access Enforcement

Discretionary Access Control

AC-3 (7)

Access Enforcement

Role-Based Access Control

AC-16

Security Attributes

SC-16

Transmission of Security Attributes

FDP_DAU.1

Data Authentication

Basic Data Authentication



SI-7

Software, Firmware, and Information Integrity

SI-7 (1)

Software, Firmware, and Information Integrity

Integrity Checks

SI-7 (6)

Software, Firmware, And Information Integrity

Cryptographic Protection

SI-10

Information Input Validation

FDP_DAU.2

Data Authentication

Data Authentication With Identity of Guarantor



SI-7

Software, Firmware, and Information Integrity

SI-7 (1)

Software, Firmware, and Information Integrity

Integrity Checks

SI-7 (6)

Software, Firmware, And Information Integrity

Cryptographic Protection

SI-10

Information Input Validation

FDP_ETC.1

Export from the TOE

Export of User Data without Security Attributes



No Mapping.

FDP_ETC.2

Export from the TOE

Export of User Data with Security Attributes



AC-4 (18)

Information Flow Enforcement

Security Attribute Binding

AC-16

Security Attributes

AC-16 (5)

Security Attributes

Attribute Displays for Output Devices

SC-16

Transmission of Security Attributes

FDP_IFC.1

Information Flow Control Policy

Subset Information Flow Control



AC-3

Access Enforcement

AC-3 (3)

Access Enforcement

Mandatory Access Control

AC-4

Information Flow Enforcement

Yüklə 5,64 Mb.

Dostları ilə paylaş:
1   ...   166   167   168   169   170   171   172   173   ...   186




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin