ISO/IEC INTERNATIONAL 19896-2 STANDARD First edition 2018-08 IT security techniques Competence requirements for information security testers and evaluators Part 2: Knowledge, skills and effectiveness requirements for IS0/IEC 19790 testers Techniques de sécurité IT - Exigences de compétence pour I'information testeurs d'assurance et les évaluateurs Partie 2: Exigences en matiere de connaissances, de compétences et d'efficacité pour IS0/IEC 19790 testeurs Reference number IS0/IEC 19896-2:2018(E) IEC ISO @IS0/IEC2018 IS0/IEC19896-2:2018(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC2018 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting onthe internet or an intranet, without prior writtenpermission.Permission can be requested from either Iso at the address below or Iso's memberbody in the country ofthe requester. ISO copyright office CP 401 : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +41 22 749 01 11 Fax:+4122 749 09 47 Email: [email protected] Website: www.iso.org Published in Switzerland ii IS0/IEC2018-Allrightsreserved IS0/IEC 19896-2:2018(E) Contents Page Foreword ..iv Introduction ..V 1 Scope. .1 2 Normative references ..1 3 Terms and definitions ..1 4 Abbreviated terms. .2 5 Structure of this document .2 6 Knowledge. .2 6.1 General .2 6.2 Tertiary education 2 6.2.1 General. 2 6.2.2 Technical specialities. 2 6.2.3 Speciality topics 3 6.3 Knowledge of standards 7 6.3.1 General 7 6.3.2 ISO/IEC 19790 concepts 7 6.3.3 ISO/IEC24759 7 Additional ISO/IEC standards .8 6.3.4 6.4 Knowledge of the validation program. .8 6.4.1 Validation program .8 6.5 Knowledge of the requirements of IS0/IEC 17025 .10 .10 7 Skills 7.1 General. .10 ..10 7.2 Algorithm testing 7.3 Physical security testing .10 7.4 Side channel analysis.. 10 7.5 Technology types .10 8 Experience. .10 8.1 General 10 8.2 Demonstration of technical competence to the validation program. .11 8.2.1 Experience with performing testing .11 8.2.2 Experience with particular technology types .11 9 Education. ..11 10 ..11 Effectiveness. Annex A (informative) Example of an IS0/IEC 24759 testers'log .12 Annex B (informative) Ontology of technology types and associated bodies of knowledge .13 Annex C (informative) Specific knowledge associated with the security of cryptographic .16 modules. Annex D (informative) Competence requirements for IS0/IEC 19790 validators .33 Bibliography .34 iii ISO/IEC 2018-All rights reserved