ETSI EG 202 387 V1.1.1 (2005-04)Telecommunications

ETSIEG202387V1.1.1(2005-04)ETSIGuideTelecommunicationsandInternetconvergedServicesandProtocolsforAdvancedNetworking(TISPAN);SecurityDesignGuide;MethodforapplicationofCommonCriteriatoETSIdeliverablesETSIETSIEG202387V1.1.1(2005-04)2ReferenceDEG/TISPAN-07005-TechKeywordsapplication,IP,methodology,security,VoIPETSI650RoutedesLuciolesF-06921SophiaAntipolisCedex-FRANCETel.:+33492944200Fax:+33493654716SiretN°34862356200017-NAF742CAssociationàbutnonlucratifenregistréeàlaSous-PréfecturedeGrasse(06)N°7803/88ImportantnoticeIndividualcopiesofthepresentdocumentcanbedownloadedfrom:(PDF).Incaseofdispute,thereferenceshallbetheprintingonETSIprintersofthePDFversionkeptonaspecificnetworkdrivewithinETSISecretariat.Usersofthepresentdocumentshouldbeawarethatthedocumentmaybesubjecttorevisionorchangeofstatus.InformationonthecurrentstatusofthisandotherETSIdocumentsisavailableat:©EuropeanTelecommunicationsStandardsInstitute2005.Allrightsreserved.DECTTM,PLUGTESTSTMandUMTSTMareTradeMarksofETSIregisteredforthebenefitofitsMembers.TIPHONTMandtheTIPHONlogoareTradeMarkscurrentlybeingregisteredbyETSIforthebenefitofitsMembers.3GPPTMisaTradeMarkofETSIregisteredforthebenefitofitsMembersandofthe3GPPOrganizationalPartners.ETSIETSIEG202387V1.1.1(2005-04)3ContentsIntellectualPropertyRights................................................................................................................................6Foreword.............................................................................................................................................................6Introduction........................................................................................................................................................61Scope........................................................................................................................................................72References................................................................................................................................................73Definitionsandabbreviations...................................................................................................................83.1Definitions..........................................................................................................................................................83.2Abbreviations.....................................................................................................................................................94Securityinstandardization.......................................................................................................................94.1Communicationssecuritymodel........................................................................................................................94.2Standardsreviewandevaluation......................................................................................................................104.3Overalldevelopmentprocess...........................................................................................................................104.4Protocolstandardscontainingsecurity-relatedrequirements...........................................................................135OverviewofISO/IEC15408..................................................................................................................145.1IntroductiontotheCommonCriteria(CC)......................................................................................................145.1.1ContentsofaProtectionProfile(PP)..........................................................................................................145.1.2ContentsofaSecurityTarget(ST).............................................................................................................155.1.3CommonCriteriarelationships...................................................................................................................165.1.4EvaluationAssuranceLevels......................................................................................................................165.2OverviewofCCdocuments.............................................................................................................................175.2.1ISO/IEC15408-1:Introductionandgeneralmodel....................................................................................175.2.2ISO/IEC15408-2:Securityfunctionalrequirements..