Abstract

The ISO/IEC 15408 series permits comparability between the results of independent security evaluations. The ISO/IEC 15408 series does so by providing a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation. ISO/IEC 18045 provides a companion methodology for some of the assurance requirements specified in the ISO/IEC 15408 series, ISO/IEC 15408-1 and ISO/IEC 18045 also allow that more specific Evaluation Activities (EAs) may be derived for use in particular evaluation contexts. Specification of such Evaluation Activities is already occurring amongst practitioners and this creates a need for a specification for defining such Evaluation Activities. This document, ISO/IEC 15408-4, provides a standardised framework for specifying objective, repeatable and reproducible Evaluation Methods (EMs), and Evaluation Activities.

Begin

2023-05-02

WI

JT013065

Planned document number

DIN EN ISO/IEC 15408-4

Project number

04301070

Responsible national committee

NA 043-04-13 GA - DIN/DKE Joint working committee Cybersecurity  

Responsible european committee

CEN/CLC/JTC 13 - Cybersecurity and Data Protection  

Responsible international committee

ISO/IEC JTC 1/SC 27/WG 3 - Security evaluation, testing and specification  

draft standard

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 4: Framework for the specification of evaluation methods and activities (ISO/IEC 15408-4:2022); German and English version prEN ISO/IEC 15408-4:2023
2023-12
Order from DIN Media