|
Explicitly
recognize the need for manageability of security functionality within IntelliGrid Architecture
security model. For example, identity management, policy management, key
management, and so forth. The need for security management also includes
higher-level requirements such as anti-virus protection, intrusion detection
and protection, which are requirements in their own rights but are typically
provided as part of security management.
Technological Assessment and
Relevant Specifications
Security
assurance is part of a Security Domain’s policy and SMI. It is recommended that
ISO/IEC 15408-3:1999 be the guideline
for determining and assessing such a policy.
Table 31: Relevant Specifications regarding Security
Assurance
|
Identification
Number
|
Name
|
Comment
|
|
RFC 2401
|
Security Architecture for the
Internet Protocol
|
|
|
RFC 2196
|
Site Security Handbook
|
|
|
RFC 2350
|
Expectations for Computer
Security Incident Response
|
|
|
ISO/IEC
15408-1:1999
|
Information technology -- Security
techniques -- Evaluation criteria for IT security -- Part 1: Introduction and
general mode
|
|
|
ISO/IEC
15408-2:1999
|
Information technology -- Security
techniques -- Evaluation criteria for IT security -- Part 2: Security
functional requirements
|
|
|
ISO/IEC
15408-3:1999
|
Information technology -- Security
techniques -- Evaluation criteria for IT security -- Part 3: Security
assurance requirements
|
Highly
Recommended
|
|
