DIN CEN ISO/TS 17574

Abstract

This Technical Specification provides a guideline for preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in the ISO/IEC 15408 series and in ISO/IEC TR 15446. By a Protection Profile (PP) is meant a set of security requirements for a category of products or systems that meet specific needs. A typical example would be a PP for On-Board Equipment (OBEs) to be used in an EFC system. <br>This Technical Specification should be read in conjunction with the underlying standards ISO/IEC 15408 and ISO/IEC TR 15446. Although a layman could read the first part of the document to have an overview on how to prepare a Protection Profile for EFC equipment, the annexes, in particular A.4 and A.5, require that the reader be familiar with ISO/IEC 15408. The document uses an OBE with an integrated circuit(s) card (ICC) as an example to describe both the structure of the PP as well as the proposed content. <br>The main purpose of a PP is to analyse the security environment of a subject and then to specify the requirements meeting the threats that are the output of the security environment analysis. The subject studied <br>is called the target of evaluation (TOE). In this document, an OBE with an ICC is used as an example of the TOE. <br>The preparatory work of EFC/PP consists of the steps shown in Figure 2 (in line with the contents described in Clause 5). <br>A PP may be registered publicly by the entity preparing the PP in order to make it known and available to other parties that may use the same PP for their own EFC systems. <br>By a Security Target (ST) is meant a set of security requirements and specifications to be used as the basis for evaluation of an identified TOE. While the PP could be looked upon as the EFC operator requirements the ST could be looked upon as the documentation of a supplier as for the compliance with and fulfilment of the PP for the TOE, e.g. an OBE. <br>Figure 3 shows a simplified picture and example of the relationships between the EFC operator, the EFC equipment supplier and an evaluator. For an international registry organization, i.e. Common Criteria Recognition Arrangement (CCRA) and current registered PPs, please refer to Annex D. <br>The ST is similar to the PP, except that it contains additional implementation-specific information detailing how the security requirements are realised in a particular product or system. Hence, the ST includes the following parts not found in a PP: <br>&#8212; a TOE summary specification that presents the TOE-specific security functions and assurance measures; <br>&#8212; an optional PP claims the portion that explains PPs with which the ST is claimed to be conformant (if any) <br>&#8212; a rationale containing additional evidence establishing that the TOE summary specifications ensure satisfaction of the implementation-independent requirements, and that claims about PP conformance are satisfied; <br>&#8212; actual security functions of EFC products will be designed based on this ST; see example in Figure 4. <br>TOE for EFC is limited to EFC specific roles and interfaces shown in Figure 5. Since the existing financial security standards and criteria are applicable to other external roles and interfaces, they are assumed to be outside the scope of TOE for EFC. <br>The security evaluation is performed by assessing the security related properties of roles, entities and interfaces defined in STs, as opposed to assessing complete processes which often are distributed over more entities and interfaces than those covered by the TOE of this CEN/ISO Technical Specification. <br>NOTE Assessing security issues for complete processes is a complimentary approach, which may well be beneficial to apply when evaluating the security of a system. <br>In Annex A, the guideline for preparing EFC/PP is described by using an OBE as an example of EFC products. The crucial communication link (between the OBE and the RSE) is based on DSRC.