|
SPECIFICATION 9569
First edition
2023-11
Information security, cybersecurity
and privacy protection — Evaluation
criteria for IT security — Patch
Management Extension for the ISO/
IEC 15408 series and ISO/IEC 18045
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des TI — Extension
pour la gestion des correctifs concernant la série ISO/IEC 15408 et
l'ISO/IEC 18045
Reference number
ISO/IEC TS 9569:2023(E)
© ISO/IEC 2023
---------------------- Page: 1 ----------------------
ISO/IEC TS 9569:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: [email protected]
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TS 9569:2023(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview . 4
4.1 Background information . 4
4.2 Proposed approach . 6
4.3 Non-public vulnerabilities . 6
5 Patch management family .7
5.1 General . 7
5.2 Patch management (ALC_PAM) . 7
5 . 2 .1 Obje c t i ve s . 7
5.2.2 Component levelling . 7
5.2.3 Application notes . 7
5.2.4 ALC_PAM.1 Patch management. 8
5.3 E valuation work units for ALC_PAM . 9
5.3.1 Action ALC_PAM.1.1E .
...