ГОСТ Р 54583-2011/ISO/IEC/TR 15443-3:2007 Информационная технология (ИТ). Методы и средства обеспечения безопасности. Основы доверия к безопасности информационных технологий. Часть 3. Анализ методов доверия

[1]

ISO/IEC Guide 61*, General requirements for assessment and accreditation of certification/registration bodies

_______________

* Отменено и заменено на ISO/IEC 17011.

[2]

ISO/IEC Guide 65, General requirements for bodies operating product certification systems

[3]

ISO/IEC Guide 67, Conformity Assessment - Fundamentals of product certification

[4]

ISO/IEC Guide 73, Risk Management - Vocabulary - Guidelines for use in standards

[5]

ISO 9000, Quality management systems - Fundamentals and vocabulary

[6]

ISO 9001, Quality management systems - Requirements

[7]

ISO/IEC 13335-1,

Information technology - Security techniques - Management of information and communications technology security - Part 1: Concepts and models for information and communications technology security management

[8]

ISO/IEC 15288, Systems and software engineering - System life cycle processes

[9]

ISO/IEC 15408-1,

Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model

[10]

ISO/IEC 15408-2,

Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements

[11]

ISO/IEC 15408-3,

Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements

[12]

ISO/IEC 18045, Information technology - Security techniques - Methodology for IT security evaluation

[13]

ISO/IEC 17024, Conformity Assessment - General requirements for bodies operating certification of persons

[14]

ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories

[15]

ISO/IEC 19791, Information technology - Security techniques - Security assessment of operational systems

[16]

ISO/IEC 19790, Information technology - Security techniques - Security requirements for cryptographic modules

[17]

ISO/IEC 21827, Information technology - Security techniques - Systems Security Engineering - Capability maturity model® (SSE-CMM®)

[18]

ISO/IEC 27001, Information technology - Security techniques - Information security management systems - Requirements

[19]

ISO/IEC 27002, Information technology - Security techniques - Code of practice for information security management

[20]

ISO/IEC 27005, Information technology - Security techniques - Information security risk management

[21]

CEN/CENELEC EN 45013: General criteria for certification bodies operating certification of personnel

[22]

FIPS 140-1: Federal Information Processing Standard: Security Requirements for Cryptographic Modules, National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

[23]

IT Grundschutz (Baseline Protection) Manual, Bundesamt Sicherheit in der IT (BSI), 2004, http://www.bsi.bund.de/english/

[24]

A Comparative Study of IT Security Criteria, Initiative D21, Initiative D21 e. V., Siemensdamm 50, 13629 Berlin, Germany

[25]

A Guide to Certification and Accreditation for Information Technology Systems (MG-4), January 1996, CSE, The ITS Publications Section, (613) 991-7514/7468 or http://www.cse.dnd.ca

[26]

A Guide To Risk Assessment and Safeguard Selection for Information Technology Systems, January 1996, CSE, The ITS Publications Section, (613) 991-7514/7468 or http://www.cse.dnd.ca

[27]

COBIT MAPPING - Overview of International IT Guidance, IT Governance Institute, January 2004, IT Governance Institute, 3701 Algonquin Road, Suite 1010, Rolling Meadows, IL 60008, USA, (847) 590 7491 or http://www.itqi.org

[28]

Fiona Pattinson, Comparing ISO 17799:2000 with SSE CMM V2, 2002, http://www.cccure.orq//Documents/ISO 17799/ISO 17799 SSE CMM comparison.pdf

[29]

Susanne Rohrig, Using Process Models To Analyse IT Security Requirements, Thesis, Faculty of Economics, University of Zurich, Switzerland, March 2003