TECHNICAL ISO/IEC TS SPECIFICATION 19608 First edition 2018-10 Guidance for developing security and privacy functional requirements based on IS0/IEC 15408 Lignes directrices pour I'elaboration des exigences fonctionnelles de sécurité et de confidentialité fondées sur I'IS0/IEC 15408 Reference number IEC IS0/IEC TS 19608:2018(E) os1 @ IS0/IEC 2018 IS0/IEC TS 19608:2018(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC 2018 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or Iso's member body in the country of the requester. ISO copyright office CP 401 : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +4122 749 0111 Fax: +41 22 749 09 47 Email: [email protected] Website: www.iso.org Published in Switzerland ii @ IS0/IEC 2018 - All rights reserved IS0/IEC TS 19608:2018(E) Contents Page Foreword ..V Introduction. ..vi 1 Scope. ..1 2 Normative references 3 Terms and definitions 4 Symbols and abbreviated terms. ..2 5 Purpose and structure of this document ..2 6 Requirement definition ..3 6.1 General 6.2 Security functional requirements (SFRs) .4 6.2.1 General .4 6.2.2 Example of security functional requirements .4 6.2.3 The selection, assignment, refinement and iteration operations .5 6.2.4 Dependencies between components. .6 6.2.5 Structure of security functional components 6 6.2.6 Listofclasses .6 6.3 Procedure to specify security functional requirements 7 6.4 Procedure to develop functional components. .8 6.4.1 Procedure. .8 6.4.2 Existing components for privacy requirements in ISo/IEC 15408-2 ..8 6.4.3 Extended components for privacy requirements in published PP/STs and research papers. .9 7 Privacy principles .9 7.1 General, .9 7.2 Input for extended components .9 7.3 Procedure to develop privacy requirements from privacy principles .10 7.4 Extended components for privacy 7.4.1 “Consent and choice" principle 10 7.4.2 "Purpose legitimacy and specification" principle 13 7.4.3 "Collection limitation" principle: Collecting Pil 13 7.4.4 "Data minimization" and "Use, retention and disclosure limitation" principles...13 7.4.5 "Openness, transparency and notice" principle. .17 7.4.6 "Individual participation and access" principle. 18 7.4.7 "Accuracy and quality" principle. .18 7.4.8 "Accountability"and"Privacy compliance"principles. ..19 7.4.9 "Information Security" principle ..19 8 Summary of extended components and related privacy principles ..20 8.1 General 20 8.2 Extended components - general definition 20 8.2.1 General 20 8.2.2 "Consent and choice" principle 20 8.2.3 "Data minimization" and "Use, retention and disclosure limitation" principles...21 8.2.4 "Openness, transparency and notice" principle. ..22 8.2.5 "Individual participation and access" principle: Challenging the accuracy and completeness of PII. 23 8.2.6 "Accuracy and quality" principle: Updating PII periodically ..23 Annex A (informative) Existing components used for privacy requirements ..25 Annex B (informative) Extended components for privacy in existing Protection Profiles ..32 Annex C (normative) Example of extended components for privacy ..36 IS0/IEC 2018 - All rights reserved ii