A document that defines the security functional and assurance requirements for a specific TOE.
If you are a CISO purchasing a new firewall, request the vendor’s "Security Target" (ST) PDF. Do not just ask for the EAL level. Using the ISO/IEC 15408 framework, you can compare two firewalls side-by-side by seeing which SFRs (from Part 2 of the PDF) they actually passed.
The highest level that is generally considered commercially viable to achieve for mainstream operating systems and complex software. iso iec 15408 pdf
It forces developers to thoroughly document and define the security functionality of their products.
A Protection Profile is an implementation-independent set of security requirements for a specific category of product or system (e.g., "digital signatures," "smart cards," "firewalls"). A document that defines the security functional and
A numerical rating (EAL1 through EAL7) indicating the depth and rigor of the evaluation. Higher EALs imply higher confidence but also higher costs and complexity. The ISO/IEC 15408 Certification Process
Whether you are a developer aiming to certify a product or a procurement officer looking for secure technology, understanding the structure is essential. This article provides a comprehensive overview of the standard, its components, and where to find authoritative documentation. What is ISO/IEC 15408 (Common Criteria)? Using the ISO/IEC 15408 framework, you can compare
Holding an ISO/IEC 15408 certification proves to enterprise B2B clients that your cybersecurity claims have been rigorously vetted by an unbiased third-party lab.
To understand an ISO/IEC 15408 PDF, you need to speak the language of Common Criteria: