Writing Security Standards

Introduction

Basics

ISO 15408

Testing

Cryptography

Regulation

Fundamental Principles > Objectives and Requirements > Specifying Requirements

After having established a system's security objectives related to a communications standard, it is necessary to identify the specific security requirements which, when implemented, will achieve the objectives. Security requirements are segregated into two distinct types at different levels of detail, as follows:

Functional Requirements

High-level functionality
Behavioural building blocks
May refer to existing protocol and service standards
Expressed in terms of the capabilities specified in ISO/IEC 15408 2 .

Detailed Requirements

Low-level functionality
Expressed in a structured form, using
- Preconditions
- Stimulus
- Response
May be a simple reference to an existing standard

ETSI TR 187 011