Home > Laboratories > IT Lab > Security evalution 
Security evalution
 

IT products security evaluation laboratory

The security laboratory of RCII, as the first IT products security laboratory in Iran, is the first laboratory that has succeeded in acquiring the ISO 17025 standard certificate, concerning the accreditation of laboratories active in performing tests and calibration.

The IT products security evaluation tests carried out in RCII are based on ISO/IEC/ISIRI 15408 standard. This standard is divided into three sections. The first section includes the concepts, the second discusses the security requirements and the third describes the security assurance requirements. CEM is the methodology used in performing tests. The security requirements necessary for every IT product, considering the security objectives set for each product and the threats and also vulnerability of each objective, are identified and will be the bases for security tests. Some of the additional standards which are used during the process of security evaluation tests are CCWAPS, OWASP, CLASP and PTES. 

The product’s security evaluation procedure includes:     

• Preparing the protection profile by the laboratory and having it confirmed by a government organization

• Preparing the protection objective document by the applicant, based on the protection profile and the requested test level

• Identifying the threats and security targets regarding the product under test

• Choosing the security functional requirements for the product under test

• To reconcile the security targets with the functional requirements

• To identify the correlation of functional requirements 

• To identify the security functional requirements with respect to requirements of the security level under evaluation

• To reconcile the evaluation requirements with the security targets 

• To identify the evaluation relations

Procedure steps of the security evaluation test as performed in RCII’s lab are as follows: 

• Presentation of the product and the letter requesting security evaluation test, by the applicant

• Identification of security requirements necessary for the product under evaluation 

• Presentation of the product’s required documents to the laboratory

• Evaluation and verification of sound performance of security requirements

• Presenting the test results and failures and also methods of modification

• Presenting the required accreditation certificate and the relevant hologram, on the applicant’s request

 

پرداخت الکترونیک
نظر سنجی

خدمات آزمايشگاهی

خدمات پژوهشی و مشاوره‌ای

خدمات بازرسی

خدمات صدور گواهی محصول

خدمات آموزشی

خدمات علمی و فرهنگی

خدمات استاندارد

اطلاع رسانی
ورود کاربران
  UserName 
   Password 
             
لینک های اصلی
کلیه حقوق متعلق به سایت مركز تحقيقات صنايع انفورماتيك میباشد