System and method for automatically generating security target evidence in information security assessment

• Main Authors: NIE JIN, YAO LIZHI, ZHAO YONGWANG
• Format: Patent
• Language: Chinese; English
• Published: 21.04.2023
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

The invention provides a system and method for automatically generating security target evidence in information security assessment, and the system comprises a standard document, an analyzer, and a security target document. The standard document comprises a security assurance class used for defining the security target document, a product type needing to be authenticated, an evaluation assurance level prepared for application and filling in the security target evidence according to the division of a security family SUB-CLASS and a security component SUB-FAMILY, and the analyzer comprises a UML model and an expert database used by the analyzer. The method can be applied to security target evidence which needs to be provided when IT products and systems carry out security assessment (CC authentication), the problems that when non-professionals write security assessment verification evidences, writing is difficult, writing efficiency is low, contents before and after documents are inconsistent, errors are prone