A document that defines the specific security claims of the TOE, often derived from a PP.
Involves a methodical investigation of the design and selective independent testing.
The document specifying the exact security properties and mechanisms of the TOE. It acts as the contract between the vendor and the evaluator.
Governments, defense agencies, and regulated industries require Common Criteria certification to ensure products (e.g., firewalls, smart cards, operating systems) meet rigorous security standards. iso iec 15408 pdf
Fortunately, under the ISO rules for certain widely adopted IT standards, components of the Common Criteria are occasionally made available as for free download on the ISO website.
Understanding ISO/IEC 15408: The Definitive Guide to Common Criteria PDF
This part defines the fundamental concepts, terminology, and principles of IT security evaluation. It introduces the roles of the consumer, developer, and evaluator, and outlines the general model of evaluation. Part 2: Security Functional Components A document that defines the specific security claims
Not just any PDF. It was indexed as iso_iec_15408_final.pdf —a 2.3-megabyte ghost that supposedly contained the holy grail of cybersecurity: the complete, unredacted, and self-aware version of the Common Criteria standard.
If you are a CISO purchasing a new firewall, request the vendor’s "Security Target" (ST) PDF. Do not just ask for the EAL level. Using the ISO/IEC 15408 framework, you can compare two firewalls side-by-side by seeing which SFRs (from Part 2 of the PDF) they actually passed.
If you have opened the document, do not try to read it cover-to-cover. Follow this strategy instead: It acts as the contract between the vendor and the evaluator
Included older versions such as ISO/IEC 15408:2005.
Defines the security requirements for IT products (e.g., encryption, access control).
Defines the general concepts and principles of security evaluation.
A document that defines the specific security claims of the TOE, often derived from a PP.
Involves a methodical investigation of the design and selective independent testing.
The document specifying the exact security properties and mechanisms of the TOE. It acts as the contract between the vendor and the evaluator.
Governments, defense agencies, and regulated industries require Common Criteria certification to ensure products (e.g., firewalls, smart cards, operating systems) meet rigorous security standards.
Fortunately, under the ISO rules for certain widely adopted IT standards, components of the Common Criteria are occasionally made available as for free download on the ISO website.
Understanding ISO/IEC 15408: The Definitive Guide to Common Criteria PDF
This part defines the fundamental concepts, terminology, and principles of IT security evaluation. It introduces the roles of the consumer, developer, and evaluator, and outlines the general model of evaluation. Part 2: Security Functional Components
Not just any PDF. It was indexed as iso_iec_15408_final.pdf —a 2.3-megabyte ghost that supposedly contained the holy grail of cybersecurity: the complete, unredacted, and self-aware version of the Common Criteria standard.
If you are a CISO purchasing a new firewall, request the vendor’s "Security Target" (ST) PDF. Do not just ask for the EAL level. Using the ISO/IEC 15408 framework, you can compare two firewalls side-by-side by seeing which SFRs (from Part 2 of the PDF) they actually passed.
If you have opened the document, do not try to read it cover-to-cover. Follow this strategy instead:
Included older versions such as ISO/IEC 15408:2005.
Defines the security requirements for IT products (e.g., encryption, access control).
Defines the general concepts and principles of security evaluation.