1 Scope
This standard specifies the security requirements for the security protection of embedded software in IC card with CPU of EAL4 enhanced level and EAL5 enhanced level, including the security problem definition, security objectives, security requirements, rationale, etc.
This standard is applicable to the testing, evaluation and procurement of embedded software products in IC card with CPU, and may also be used to guide the research and development of such products.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18336 (All parts) Information technology - Security techniques - Evaluation criteria for IT security
GB/T 25069-2010 Information security technology - Glossary
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069-2010, GB/T 18336.1 and the followings apply.
3.1.1
personalization data
data written in the personalization process of embedded software in IC card, which is used to configure parameters related to specific applications or users
3.2 Abbreviations
For the purposes of this document, the following abbreviations apply.
CM: Configuration Management
EAL: Evaluation Assurance Level
EEPROM: Electrically-Erasable Programmable Read-only Memory
IC: Integrated Circuit
I/O: Input/Output
RAM: Random-Access Memory
ROM: Read-Only Memory
ST: Security Target
TOE: Target of Evaluation
TSF: TOE Security Functionality
Foreword i
Introduction iii
1 Scope
2 Normative references
3 Terms, definitions and abbreviations
3.1 Terms and definitions
3.2 Abbreviations
4 Descriptions of embedded software in IC card
5 Security problem definition
5.1 Assets
5.2 Threats
5.3 Organizational security policies
5.4 Assumptions
6 Security objectives
6.1 Security objectives for the TOE
6.2 Security objective for environment
7 Security requirements
7.1 Security functional requirements
7.2 Security assurance requirements
8 Rationale
8.1 Rationale of security objectives
8.2 Rationale of security requirements
8.3 Component dependencies
Bibliography
1 Scope
This standard specifies the security requirements for the security protection of embedded software in IC card with CPU of EAL4 enhanced level and EAL5 enhanced level, including the security problem definition, security objectives, security requirements, rationale, etc.
This standard is applicable to the testing, evaluation and procurement of embedded software products in IC card with CPU, and may also be used to guide the research and development of such products.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18336 (All parts) Information technology - Security techniques - Evaluation criteria for IT security
GB/T 25069-2010 Information security technology - Glossary
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069-2010, GB/T 18336.1 and the followings apply.
3.1.1
personalization data
data written in the personalization process of embedded software in IC card, which is used to configure parameters related to specific applications or users
3.2 Abbreviations
For the purposes of this document, the following abbreviations apply.
CM: Configuration Management
EAL: Evaluation Assurance Level
EEPROM: Electrically-Erasable Programmable Read-only Memory
IC: Integrated Circuit
I/O: Input/Output
RAM: Random-Access Memory
ROM: Read-Only Memory
ST: Security Target
TOE: Target of Evaluation
TSF: TOE Security Functionality
Contents of GB/T 20276-2016
Foreword i
Introduction iii
1 Scope
2 Normative references
3 Terms, definitions and abbreviations
3.1 Terms and definitions
3.2 Abbreviations
4 Descriptions of embedded software in IC card
5 Security problem definition
5.1 Assets
5.2 Threats
5.3 Organizational security policies
5.4 Assumptions
6 Security objectives
6.1 Security objectives for the TOE
6.2 Security objective for environment
7 Security requirements
7.1 Security functional requirements
7.2 Security assurance requirements
8 Rationale
8.1 Rationale of security objectives
8.2 Rationale of security requirements
8.3 Component dependencies
Bibliography