CSA Group Information technology - Security techniques - Security assurance framework - Part 2: Analysis (Adopted ISO/IEC TR 15443-2:2012, second edition, 2012-11-15)

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).  For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC TR 15443-2" throughout.  This Standard supersedes CAN/CSA-ISO/IEC TR 15443-2:06 (adoption of ISO/IEC TR 15443-2:2005).  At the time of publication, ISO/IEC TR 15443-2:2012 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC.  Scope This part of ISO/IEC TR 15443 builds on the concepts presented in ISO/IEC TR 15443-1. It provides a discussion of the attributes of security assurance conformity assessment methods that contribute towards making assurance claims and providing assurance evidence to fulfil meeting the assurance requirements for a deliverable.  This part of ISO/IEC TR 15443 proposes criteria for comparing and analysing different SACA methods. The reader is cautioned that the methods used as examples in this part of ISO/IEC TR 15443 are considered to represent popularly used methods at the time of its writing. New methods may appear, and modification or withdrawal of the methods cited may occur. It is intended that the criteria can be used to describe and compare any SACA method whatever its provenance.