AS ISO/IEC 15292—2004

ISO/IEC 15292:2001
AS ISO/IEC 15292

Australian Standard™
This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

Information technology—Security
techniques—Protection profile
registration procedures
 This Australian Standard was prepared by Committee IT-012, Information
systems—Security and identification technology. It was approved on behalf of the
Council of Standards Australia on 29 January 2004 and published on
17 March 2004.

The following are represented on Committee IT-012:

Attorney General’s Department
Australian Association of Permanent Building Societies
Australian Bankers Association
Australian Chamber of Commerce and Industry
Australian Electrical and Electronic Manufacturers Association
Australian Information Industry Association
Certification Forum of Australia
This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

Department of Defence (Australia)

Department of Social Welfare New Zealand
Government Communications Security Bureau, New Zealand
Internet Industry Association
NSW Police Service
New Zealand Defence Force
Reserve Bank of Australia

Keeping Standards up-to-date

Standards are living documents which reflect progress in science, technology and
systems. To maintain their currency, all Standards are periodically reviewed, and
new editions are published. Between editions, amendments may be issued.
Standards may also be withdrawn. It is important that readers assure themselves
they are using a current Standard, which should include any amendments which
may have been published since the Standard was purchased.
Detailed information about Standards can be found by visiting the Standards Web
Shop at www.standards.com.au and looking up the relevant Standard in the on-line
catalogue.
Alternatively, the printed Catalogue provides information current at 1 January each
year, and the monthly magazine, The Global Standard, has a full listing of revisions
and amendments published each month.
Australian StandardsTM and other products and services developed by Standards
Australia are published and distributed under contract by SAI Global, which
operates the Standards Web Shop.
We also welcome suggestions for improvement in our Standards, and especially
encourage readers to notify us immediately of any apparent inaccuracies or
ambiguities. Contact us via email at mail@standards.org.au, or write to the Chief
Executive, Standards Australia International Ltd, GPO Box 5420, Sydney, NSW
2001.

This Standard was issued in draft form for comment as DR 03547.

 AS ISO/IEC 15292—2004

Australian Standard™
This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

Information technology—Security
techniques—Protection profile
registration procedures

First published as AS ISO/IEC 15292—2004.

COPYRIGHT
© Standards Australia International
All rights are reserved. No part of this work may be reproduced or copied in any form or by any
means, electronic or mechanical, including photocopying, without the written permission of the
publisher.
Published by Standards Australia International Ltd
GPO Box 5420, Sydney, NSW 2001, Australia
ISBN 0 7337 5765 0
 ii

PREFACE

This Standard was prepared by the Australian members of the Joint Standards Australia/Standards
New Zealand Committee IT-012, Information systems—Security and identification technology. After
consultation with stakeholders in both countries, Standards Australia and Standards New Zealand
decided to develop this Standard as an Australian, rather than an Australian/New Zealand Standard.
This Standard is identical with, and has been reproduced from ISO/IEC 15292:2001, Information
technology—Security techniques—Protection Profile registration procedures.
The objective of this Standard is to define the procedures to be applied by the JTC 1 Registration
Authority appointed by the ISO and IEC councils to maintain a register of Protection Profiles and
packages for the purposes of IT security evaluation.
The term ‘informative’ has been used in this Standard to define the application of the appendix to
This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

which it applies. An ‘informative’ appendix is only for information and guidance.

As this Standard is reproduced from an international standard, the following applies:
(a) Its number appears on the cover and title page while the international standard number appears
only on the cover.
(b) In the source text ‘this International Standard’ should read ‘this Australian Standard’.
(c) A full point substitutes for a comma when referring to a decimal marker.
References to International Standards should be replaced by references to Australian or
Australian/New Zealand Standards, as follows:

Reference to International Standard Australian Standard

ISO/IEC AS ISO/IEC
15408 Information technology—Security 15408 Information technology—Security
techniques—Evaluation criteria for IT techniques—Evaluation criteria for
security IT security
15408-1 Part 1: Introduction and general 15408.1 Part 1: Introduction and general
model model
15408-2 Part 2: Security functional 15408.2 Part 2: Security functional
requirements requirements
15408-3 Part 3: Security assurance 15408.3 Part 3: Security assurance
requirements requirements
 iii

CONTENTS

Page

1 Scope...................................................................................................................................................... 1

2 Normative references ........................................................................................................................... 1

3 Terms and definitions........................................................................................................................... 1

4 Abbreviations ........................................................................................................................................ 3

5 Technical Specifications ...................................................................................................................... 3

5.1 Entry label .......................................................................................................................................... 3
5.2 Technical definition (within a register entry).................................................................................. 3
This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

6 The JTC 1 Registration Authority for PPs and packages ................................................................. 4

6.1 Appointment....................................................................................................................................... 4
6.2 Qualifications ..................................................................................................................................... 4
6.3 Contract .............................................................................................................................................. 4
6.4 Duties.................................................................................................................................................. 4

7 Criteria for eligibility of applicants for registration ........................................................................... 5

8 Information to be included within an application for registration ................................................... 5

9 Steps involved in review and response to an application ................................................................ 7

9.1 Initial processing ............................................................................................................................... 7
9.2 Validation............................................................................................................................................ 7

10 Criteria for rejection of applications for registration ........................................................................ 8

11 Operation of the register ...................................................................................................................... 8

11.1 Notification of obsolescent entries ................................................................................................. 8
11.2 Update of draft technical specifications ......................................................................................... 8
11.3 Routine review of entries.................................................................................................................. 8
11.4 Defect notification ............................................................................................................................. 9
11.5 Other requests for update of entries ............................................................................................... 9
11.6 Deletion of register entries ............................................................................................................. 10

12 Maintenance of the register ............................................................................................................... 10

13 Confidentiality of information held within the register ................................................................... 10

14 Publication of the register.................................................................................................................. 10

15 Appeals procedure.............................................................................................................................. 12

Annex A (informative) Benefits of registration ......................................................................................... 13

Annex B (informative) Lifecycle of a register entry.................................................................................. 14

This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

iv

NOTES
 1

AUSTRALIAN STANDARD

Information technology — Security techniques — Protection

Profile registration procedures

1 Scope
This International Standard defines the procedures to be applied by the JTC 1 Registration Authority appointed by
the ISO and IEC councils to maintain a register of Protection Profiles and packages for the purposes of IT security
evaluation. These Protection Profiles and packages are specified in accordance with criteria given in
This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

ISO/IEC 15408.

2 Normative references
The following normative documents contain provisions which, through reference in this text, constitute provisions of
this International Standard. For dated references, subsequent amendments to, or revisions of, any of these
publications do not apply. However, parties to agreements based on this International Standard are encouraged to
investigate the possibility of applying the most recent editions of the normative documents indicated below. For
undated references, the latest edition of the normative document referred to applies. Members of ISO and IEC
maintain registers of currently valid International Standards.

ISO 15408-1, Information technology — Security techniques — Evaluation criteria for IT security — Part 1:
Introduction and general model

ISO 15408-2, Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security
functionality requirements

ISO 15408-3, Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security
assurance requirements

Procedures for the technical work of ISO/IEC JTC 1

ISO/IEC/ITU ITSIG Guide for the use of IT in the development and delivery of standards

3 Terms and definitions

For the purposes of this International Standard, the following terms and definitions apply.

3.1
applicant
an entity (organisation, individual etc.) which requests the assignment of a register entry and entry label

www.standards.com.au  Standards Australia

 This is a free preview. Purchase the entire publication at the link below:

AS ISO/IEC 15292-2004, Information technology -

Security techniques - Protection profile
registration procedures
This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

Looking for additional Standards? Visit SAI Global Infostore

Subscribe to our Free Newsletters about Australian Standards® in Legislation; ISO, IEC, BSI and more
Do you need to Manage Standards Collections Online?
Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation
Do you want to know when a Standard has changed?
Want to become an SAI Global Standards Sales Affiliate?

Learn about other SAI Global Services:

LOGICOM Military Parts and Supplier Database

Metals Infobase Database of Metal Grades, Standards and Manufacturers
Materials Infobase Database of Materials, Standards and Suppliers
Database of European Law, CELEX and Court Decisions

Need to speak with a Customer Service Representative - Contact Us