Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN);Design Guide;Application of security countermeasures to service capabilities

English
Technical committee
Telecommunications and Internet Converged Services and Protocols for Advanced Networking7
Type
Standard
Acronym
ETSI EG 202 549
Committee
ETSI
Published year
2006
Description

The present document gives guidance on the application of security countermeasures to service capabilities. It covers
the construction of services from service capabilities and how a security evaluation of a service capability should be
performed. The present document examines and gives guidance on the use of the Composition assurance class defined
by the Common Criteria working group in order to be able to answer the question: "if components A and B are
evaluated as having security ratings X and Y what is the security rating that can be assigned to the combination of A
and B?"
The present document builds on the guidance to the Common Criteria for Information Technology Security Evaluation
given in EG 202 387 [3] with a particular view to assessing the security of the NGN. In the NGN context, where
services are not explicitly defined but are made from combining service capabilities, the present document gives
guidance on the means to apply effective security to both service capabilities in isolation, and to service capabilities in
combination.
The guidance reviews the service capability model in clause 4 and examines the requirements for security arising from
the service capability requirements defined for NGN-R1 in clause 5. The analysed security requirements are presented
in the form of ISO/IEC 15408-2 [17] functional models. Clause 6 presents a review of the Common Criteria
Composition assurance class and describes its impact on the ETSI standardization process. Annex A reviews the use of
cryptographic techniques in the NGN.
A number of assumptions of the design of NGN for security analysis to take place are made on the NGN development
process. The assumption in the present document is that the NGN has been developed using top-down decomposition of
the specification, using techniques of planned validation of the specification, with careful recording of design decisions
and validation results.

Link
https://joinup.ec.europa.eu/collection/ict-standards-procurement/solution/etsi-…
Technology
Outage management, fault finding and associated equipment (including protection)
Integrated Grid

European commision

The EIRIE platform has been developed under the PANTERA project which has received funding from the European Union´s Horizon 2020 Research and Innovation programme under GA No : 824389

Copyright © EIRIE.