Les cookies sur ce site sont définis à 'Autoriser tous les cookies' pour vous offrir la meilleure expérience. Veuillez cliquer sur Accepter le Cookies pour continuer à utiliser le site.

ISO/IEC 15408, widely known as the , is the international standard for evaluating the security of Information Technology (IT) products. It provides a standardized framework where users can specify security requirements, vendors can implement them, and independent labs can evaluate products to ensure they meet claimed security attributes. Structure of ISO/IEC 15408

Applicable when confidence in correct operation is required, but the security threats are not considered serious. It provides an evaluation of the TOE as made available to the customer. EAL 2: Structurally Tested

If you release a patch or new version, you must revisit the PDF. Minor updates require a "Maintenance Report"; major version changes require a re-evaluation.

A single evaluation unlocks sales opportunities across all CCRA member nations, including lucrative government, defense, and financial sectors.

Today, governments and critical infrastructure (like power plants or banks) often require Common Criteria certification before they will buy a product. While

If you want, I can:

Always download accompanying technical amendments and management clarifications alongside your primary PDFs. These documents modify rules for specific cryptographies or testing styles.

The core premise is that a user can define their security needs, a vendor can claim their product meets those needs, and an independent laboratory can verify that claim. The Evolution: CC:2022 and Newer Standards

A document, typically created by a user community or government agency, that identifies the security requirements for a specific class of device (e.g., firewalls, smart cards, or operating systems). Vendors aim to make their TOE compliant with a specific PP.

Holding a valid CC certificate differentiates your product from competitors making unverified security claims.

Specifications detailing the exact security functions a product must execute. Security Assurance Requirement

We scroll past the title page. ISO/IEC 15408: Information technology — Security techniques — Evaluation criteria for IT security. The language is passive, sterile. But beneath the bureaucratic veneer is a quiet scream: How do you know the machine is not lying to you?

This part functions as a comprehensive catalog of . These are the individual security features that a product can claim to possess, such as user identification, access control, audit logging, or data encryption. In the standard, these components are organized hierarchically into classes, families, and individual components. When a vendor claims a product has a certain security function, they point to the specific component number in Part 2.