It provides a globally recognized framework that allows vendors to have their security claims tested, validated, and evaluated by independent laboratories. Key Components of the Standard
You may wonder if you should invest time in 15408 or shift to newer frameworks.
To read the EAL7 requirements is to stare into an abyss. They demand that the system's design be proven correct in a mathematical logic system . This is not engineering. This is metaphysics. The PDF asks: Can truth be compiled?
If you work in cybersecurity, information technology, or government procurement, you have likely encountered the term "Common Criteria" or its formal identifier, ISO/IEC 15408. This standard is the globally accepted benchmark for evaluating the security of IT products and systems. Consequently, the search for an "iso iec 15408 pdf" is one of the most common queries among security professionals, developers, and procurement officers. iso iec 15408 pdf
Part 4: Framework for the Specification of Evaluation Criteria
ISO/IEC 15408 , universally known as the Common Criteria (CC)
This part defines the terminology and the conceptual framework. It explains how to define a —the specific product or system being tested—and introduces the core concepts of Security Targets (ST) and Protection Profiles (PP). Part 2: Security Functional Components It provides a globally recognized framework that allows
The Security Target is the document produced by a vendor that identifies the specific security features and claims for their product, along with the claims of assurance that the evaluation will confirm.
ISO/IEC 18045:2022, also published in August 2022, replaced the previous version. It is the companion document to the ISO/IEC 15408 criteria. It describes the minimum actions an evaluator must perform to conduct a Common Criteria evaluation. To get the complete picture of the evaluation framework, you would ideally obtain both the 15408 and 18045 PDFs.
Assurance components are presented within a hierarchical order of assurance classes, families, and components, and guidance is provided on the organization of new assurance requirements. They demand that the system's design be proven
You have the ISO IEC 15408 PDF on your desk. Now, how do you use it to certify your product? Follow this 6-step process.
is an international standard for security evaluations of IT products. It provides a standardized framework, allowing developers to make security claims (known as Security Targets) and enabling independent testing laboratories to evaluate these claims.