SecurityWiki: НормативнаяБазаМеждународнаяПоБезопасности ...

Home Page | Каталог | Изменения | Пользователи | Регистрация | Вход:  Пароль:  

Вернуться: к Проекту Многие грани безопасности / Нормативная база по безопасности


Международные нормативно-правовые акты по безопасности


  1. ISO/IEC 2382-8:1998 Information technology — Vocabulary — Part 8: Security
  2. ISO 7498-2:1989 Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture
  3. ISO 7498-4:1989 Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 4: Management framework.
  4. ISO/IEC 7816-8:1999 Identification cards — Integrated circuit(s) cards with contacts — Part 8: Security related interindustry commands
  5. ISO/IEC 7816-9:2000 Identification cards — Integrated circuit(s) cards with contacts — Part 9: Additional interindustry commands and security attributes
  6. ISO 8372:1987 Information processing — Modes of operation for a 64-bit block cipher algorithm
  7. ISO 8730:1990 Banking — Requirements for message authentication (wholesale)
  8. ISO 8730:1990/Cor 1:1999 .
  9. ISO 8731-1:1987 Banking — Approved algorithms for message authentication — Part 1: DEA 
  10. ISO 8731-2:1992 Banking — Approved algorithms for message authentication — Part 2: Message authenticator algorithm
  11. ISO 8732:1988 Banking — Key management (wholesale)
  12. ISO 8732:1988/Cor 1:1999 .
  13. ISO 9160:1988 Information processing — Data encipherment — Physical layer interoperability requirements
  14. ISO 9564-1:1991 Banking — Personal Identification Number management and security — Part 1: PIN protection principles and techniques
  15. ISO 9564-2:1991 Banking — Personal Identification Number management and security — Part 2: Approved algorithm(s) for PIN encipherment
  16. ISO/IEC 9579:2000 Information technology — Remote database access for SQL with security enhancement (available in English only)
  17. ISO/IEC 9594-8:2001 Information technology — Open Systems Interconnection — The Directory: Public-key and attribute certificate frameworks
  18. ISO 9735-5:1999 Electronic data interchange for administration, commerce and transport (EDIFACT) — Application level syntax rules (Syntax version number: 4) — Part 5: Security rules for batch EDI (authenticity, integrity and non-repudiation of origin)
  19. ISO 9735-7:1999 Electronic data interchange for administration, commerce and transport (EDIFACT) — Application level syntax rules (Syntax version number: 4) — Part 7: Security rules for batch EDI (confidentiality)
  20. ISO 9735-9:1999 Electronic data interchange for administration, commerce and transport (EDIFACT) — Application level syntax rules (Syntax version number: 4) — Part 9: Security key and certificate management message (message type- KEYMAN)
  21. ISO/IEC 9796-2:1997 Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Mechanisms using a hash-function
  22. ISO/IEC 9796-3:2000 Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms
  23. ISO/IEC 9797:1994 Information technology — Security techniques — Data integrity mechanism using a cryptographic check function employing a block cipher algorithm
  24. ISO/IEC 9797-1:1999 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher
  25. ISO/IEC 9798-1:1997 Information technology — Security techniques — Entity authentication — Part 1: General
  26. ISO/IEC 9798-2:1999 Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms
  27. ISO/IEC 9798-3:1998 Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques
  28. ISO/IEC 9798-4:1999 Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function
  29. ISO/IEC 9798-5:1999 Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero knowledge techniques
  30. ISO 9807:1991 Banking and related financial services — Requirements for message authentication (retail)
  31. ISO/IEC 9979:1999 Information technology — Security techniques — Procedures for the registration of cryptographic algorithms
  32. ISO/IEC 10021-7:1997/Amd 1:1998 Security error diagnostic codes
  33. ISO/IEC 10116:1997 Information technology — Security techniques — Modes of operation for an n-bit block cipher
  34. ISO/IEC 10118-1:2000 Information technology — Security techniques — Hash-functions — Part 1: General
  35. ISO/IEC 10118-2:2000 Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher.
  36. ISO/IEC 10118-3:1998 Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions
  37. ISO/IEC 10118-4:1998 Information technology — Security techniques — Hash-functions — Part 4: Hash-functions using modular arithmetic
  38. ISO 10126-1:1991 Banking — Procedures for message encipherment (wholesale) — Part 1: General principles
  39. ISO 10126-2:1991 Banking — Procedures for message encipherment (wholesale) — Part 2: DEA algorithm
  40. ISO/IEC 10164-7:1992 Information technology — Open Systems Interconnection — Systems Management: Security alarm reporting function
  41. ISO/IEC 10164-8:1993 Information technology — Open Systems Interconnection — Systems Management: Security audit trail function
  42. ISO/IEC 10181-1:1996 Information technology — Open Systems Interconnection — Security frameworks for open systems: Overview
  43. ISO/IEC 10181-2:1996 Information technology — Open Systems Interconnection — Security frameworks for open systems: Authentication framework
  44. ISO/IEC 10181-3:1996 Information technology — Open Systems Interconnection — Security frameworks for open systems: Access control framework
  45. ISO/IEC 10181-4:1997 Information technology — Open Systems Interconnection — Security frameworks for open systems: Non-repudiation framework
  46. ISO/IEC 10181-5:1996 Information technology — Open Systems Interconnection — Security frameworks for open systems: Confidentiality framework
  47. ISO/IEC 10181-6:1996 Information technology — Open Systems Interconnection — Security frameworks for open systems: Integrity framework
  48. ISO/IEC 10181-7:1996 Information technology — Open Systems Interconnection — Security frameworks for open systems: Security audit and alarms framework
  49. ISO 10202-1:1991 Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 1: Card life cycle
  50. ISO 10202-2:1996 Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 2: Transaction process
  51. ISO 10202-3:1998 Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 3: Cryptographic key relationships
  52. ISO 10202-4:1996 Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 4: Secure application modules
  53. ISO 10202-5:1998 Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 5: Use of algorithms
  54. ISO 10202-6:1994 Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 6: Cardholder verification
  55. ISO 10202-7:1998 Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 7: Key management
  56. ISO 10202-8:1998 Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 8: General principles and overview
  57. ISO/IEC ISP 10608-1:1992/ Amd 1:1998 Refernce Optional Security Requirements — TAnnn
  58. ISO/IEC ISP 10608-5:1992/ Amd 1:1998 Reference Optional Security Requirements Specific to X.25 Subnetworks — TA11n1
  59. ISO/IEC ISP 10608-7:1998 Information technology — International Standardized Profile TAnnnn — Connection-mode Transport Service over Connectionless-mode Network Service — Part 7: Security employing the Network Layer Security Protocol — Connectionless-mode for TAnnnn profiles
  60. ISO/IEC ISP 10608-8:1998 Information technology — International Standardized Profile TAnnnn — Connection-mode Transport Service over Connectionless-mode Network Service — Part 8: Security employing the Network Layer Security Protocol — Connection-mode with SDT-PDU based protection over X.25 packet switched data networks using virtual calls, for TA1111/TA1121 profiles
  61. ISO/IEC ISP 10609-9:1992/ Amd 1:1998 Reference Optional Security Requirements — TB/TC/TD/TEnn
  62. ISO/IEC ISP 10609-16:1998 Information technology — International Standardized Profiles TB, TC, TD and TE — Connection-mode Transport Service over connection-mode Network Service — Part 16: Security employing the Network Layer Security Protocol — Connection-mode with No-header, for TB, TC, TD and TE profiles
  63. ISO/IEC ISP 10609-17:1998 Information technology — International Standardized Profiles TB, TC, TD and TE — Connection-mode Transport Service over connection-mode Network Service — Part 17: Security employing the Network Layer Security Protocol — Connection-mode, with SDT-PDU based Protection, for TB/TC/TD/TEnnn profiles
  64. ISO/IEC ISP 10613-1:1994/Amd 2:1998 Reference optional Security Requirements — RAnn.nn profiles
  65. ISO/IEC ISP 10613-7:1994/Amd 2:1998 Reference Optional Security Requirements Specific to X.25 Subnetworks — Rann.11n1
  66. ISO/IEC ISP 10613-19:1998 Information technology — International Standardized Profile RA — Relaying the Connectionless-mode Network Service — Part 19: Security employing the Network Layer Security Protocol — Connectionless-mode, for RAnn.nn profiles
  67. ISO/IEC ISP 10613-20:1998 Information technology — International Standardized Profile RA — Relaying the Connectionless-mode Network Service — Part 20: Security employing the Network Layer Security Protocol — Connection-mode with SDT-PDU based Protection over X.25 packet switched data networks using virtual calls, for RA1111/RA1121 profiles
  68. ISO/IEC 10736:1995 Information technology — Telecommunications and information exchange between systems — Transport layer security protocol
  69. ISO/IEC 10745:1995 Information technology — Open Systems Interconnection — Upper layers security model
  70. ISO 11442-1:1993 Technical product documentation — Handling of computer-based technical information — Part 1: Security requirements
  71. ISO 11568-1:1994 Banking — Key management (retail) — Part 1: Introduction to key management
  72. ISO 11568-2:1994 Banking — Key management (retail) — Part 2: Key management techniques for symmetric ciphers
  73. ISO 11568-3:1994 Banking — Key management (retail) — Part 3: Key life cycle for symmetric ciphers
  74. ISO 11568-4:1998 Banking — Key management (retail) — Part 4: Key management techniques using public key cryptosystems
  75. ISO 11568-5:1998 Banking — Key management (retail) — Part 5: Key life cycle for public key cryptosystems
  76. ISO 11568-6:1998 Banking — Key management (retail) — Part 6: Key management schemes
  77. ISO/IEC 11577:1995 Information technology — Open Systems Interconnection — Network layer security protocol
  78. ISO/IEC 11586-1:1996 Information technology — Open Systems Interconnection — Generic upper layers security: Overview, models and notation
  79. ISO/IEC 11586-2:1996 Information technology — Open Systems Interconnection — Generic upper layers security: Security Exchange Service Element (SESE) service definition
  80. ISO/IEC 11586-3:1996 Information technology — Open Systems Interconnection — Generic upper layers security: Security Exchange Service Element (SESE) protocol specification
  81. ISO/IEC 11586-4:1996 Information technology — Open Systems Interconnection — Generic upper layers security: Protecting transfer syntax specification
  82. ISO/IEC 11586-5:1997 Information technology — Open Systems Interconnection — Generic upper layers security: Security Exchange Service Element (SESE) Protocol Implementation Conformance Statement (PICS) proforma
  83. ISO/IEC 11586-6:1997 Information technology — Open Systems Interconnection — Generic upper layers security: Protecting transfer syntax Protocol Implementation Conformance Statement (PICS) proforma
  84. ISO/IEC 11770-1:1996 Information technology — Security techniques — Key management — Part 1: Framework
  85. ISO/IEC 11770-2:1996 Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques
  86. ISO/IEC 11770-3:1999 Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques
  87. ISO/IEC TR 13335-1:1996 Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security
  88. ISO/IEC TR 13335-2:1997 Information technology — Guidelines for the management of IT Security — Part 2: Managing and planning IT Security
  89. ISO/IEC TR 13335-3:1998 Information technology — Guidelines for the management of IT Security — Part 3: Techniques for the management of IT Security
  90. ISO/IEC TR 13335-4:2000 Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards
  91. ISO/IEC TR 13335-5:2001 Information technology — Guidelines for the management of IT Security — Part 5: Management guidance on network security
  92. ISO 13491-1:1998 Banking — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods
  93. ISO 13491-2:2000 Banking — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in magnetic stripe card systems
  94. ISO 13492:1998 Banking — Key management related data element (retail)
  95. ISO/TR 13569:1997 Banking and related financial services — Information security guidelines
  96. ISO/IEC TR 13594:1995 Information technology — Lower layers security
  97. ISO/IEC 13888-1:1997 Information technology — Security techniques — Non-repudiation — Part 1: General
  98. ISO/IEC 13888-2:1998 Information technology — Security techniques — Non-repudiation — Part 2: Mechanisms using symmetric techniques
  99. ISO/IEC 13888-3:1997 Information technology — Security techniques — Non-repudiation — Part 3: Mechanisms using asymmetric techniques
  100. ISO/IEC 14888-1:1998 Information technology — Security techniques — Digital signatures with appendix — Part 1: General
  101. ISO/IEC 14888-2:1999 Information technology — Security techniques — Digital signatures with appendix — Part 2: Identity-based mechanisms
  102. ISO/IEC 14888-3:1998 Information technology — Security techniques — Digital signatures with appendix — Part 3: Certificate-based mechanisms
  103. ISO/IEC 14888-3:1998/Cor 1:2001
  104. ISO 14890
  105. ISO 15031-7:2001 Road vehicles — Communication between vehicle and external equipment for emissions-related diagnostics — Part 7: Data link security
  106. ISO/IEC TR 15067-4:2001 Information technology — Home Electronic System (HES) Application Model — Part 4: Security System for HES
  107. ISO/IEC 15292:2001 Information technology – Security techniques – Protection Profile registration procedures
  108. ISO/IEC 15408-1:1999 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model Руководящий документ. Безопасность информационных технологий. Критерии оценки безопасности информационных технологий
  109. ISO/IEC 15408-2:1999 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements Руководящий документ. Безопасность информационных технологий. Критерии оценки безопасности информационных технологий
  110. ISO/IEC 15408-3:1999 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements Руководящий документ. Безопасность информационных технологий. Критерии оценки безопасности информационных технологий
  111. ISO 15782-2:2001 Banking — Certificate management — Part 2: Certificate extensions
  112. ISO/IEC 15816:2002 Information technology — Security techniques — Security information objects for access control
  113. ISO 15892:2000 Space data and information transfer systems — Protocol specification for space communications — Security protocol
  114. ISO/IEC 15945:2002 Information technology — Security techniques — Specification of TTP services to support the application of digital signatures
  115. ISO/IEC 16500-7:1999 Information technology — Generic digital audio-visual systems — Part 7: Basic security tools
  116. ISO/IEC 17799:2000 Information technology — Code of practice for information security management

  1. BS 7799-1:2000 Information security management – Part 1: Code of practice for information security management. Управление информационной безопасностью
  2. BS 7799-2:2000 Information security management – Part 2: Specification for information security management systems.

Common Criteria for Information Technology Security Evaluation

June 2005, version 3.0, Revision 2
Part 1: Introduction and general model скачать
Part 2: Security functional components скачать
Part 3: Security assurance components скачать
Evaluation methodology скачать


January 2004, Version 2.2, Revision 256
Part 1: Introduction and general model скачать
Part 2: Security functional requirements скачать
Part 3: Security assurance requirements скачать
Evaluation methodology скачать


Промышленные стандарты

AntiSpyware


Обзоры

Общие критерии

В.Б. Бетелин, В.А. Галатенко, М.Т. Кобзарь, А.А. Сидак, И.А. Трифаленков
Профили защиты на основе "Общих критериев". Аналитический обзор
http://www.citforum.ru/security/criteria/


В. В. Анищенко
Оценка информационной безопасности
http://www.pcmag.ru/?ID=35343


ISO 17799 / ISO 27001

Илья Медведовский, Digital Security
Практическое применение международного стандарта информационной безопасности ISO 17799
http://www.citforum.ru/security/articles/aboutisonew.shtml
ИСО МЭК 27001
Интерактивный тест на соответствие ГОСТ Р ИСО/МЭК 17799–2005

BSI

Методологические аспекты германского стандарта "Руководство по базовому уровню защиты информационных технологий"
Л.В. Скрипник, М.Ф. Бондаренко, И.Д. Горбенко, А.А. Ткач, А.В. Потий
http://bezpeka.com/files/lib_ru/112_sbgtpgermstd.zip


Оценка качества программных средств

ISO/IEC 9126 Software Engineering – Product quality
ISO/IEC 14598 Software Engineering – Product evaluation


Полаженко С.В.
Оценка характеристик защищенности в рамках процесса оценки качества программных средств


Нажмите "Правка" внизу страницы, чтобы изменить её (между прочим, вы можете просто совершить двойной щелчок мышкой – это приведёт к тому же результату).


Замечание об авторских правах
Отказ от ответственности


 
Файлов нет. [Показать файлы/форму]
2011-10-22 18:07:08 | Владелец: Сергей Полаженко | Свойства | Наблюдать | Версия для печати | Поиск:
Powered by WackoWiki R4.2