: It offers a clear, detailed methodology for developing secure products from the ground up. By following the standard's guidance, vendors can build security into their development lifecycle (Secure Development Lifecycle - SDLC) and have their claims independently verified, giving them a significant competitive advantage.
Ensuring users are who they claim to be.
This part acts as a catalog of predefined security functional requirements (SFRs). These are the specific security behaviors expected from a product, such as: User identification and authentication Cryptographic support Data protection and access control Security audit logging Part 3: Security Assurance Components iso iec 15408 pdf
ISO/IEC 15408 is the cornerstone of IT product security certification. By understanding the standard, organizations can ensure that their products meet strict, internationally recognized security requirements, fostering trust and security in an interconnected world. Whether you are a developer preparing for certification or a buyer looking to secure your infrastructure, the Common Criteria framework is an indispensable tool.
Avoid websites claiming to offer a free PDF of the current standard. These are often copyright infringing and may provide outdated, incomplete, or even tampered-with versions. The only legitimate free versions might be the original 1999 text for historical reference, but these are not suitable for modern certification work. : It offers a clear, detailed methodology for
ISO/IEC 15408 establishes a common language for specifying and evaluating the security properties of IT products. It allows independent laboratories to test products and confirm that they meet the security claims made by vendors. Core Objectives
: Implementation-agnostic documents that specify security requirements for a class of products (e.g., firewalls or smart cards). This part acts as a catalog of predefined
The International Organization for Standardization (ISO) sells the official PDF. As of 2025, a single part of the standard costs approximately 138 to 198 CHF (Swiss Francs). The entire set (Parts 1, 2, and 3) will cost over 500 CHF.
When writing a guide or technical document for ISO/IEC 15408, you typically focus on one of two documents:
To navigate the ISO/IEC 15408 PDF, you must understand these foundational concepts:
In today’s interconnected digital ecosystem, ensuring the security of Information Technology (IT) products is paramount. Organizations, governments, and consumers alike demand proof that the software and hardware they rely on are robust against threats. This is where , universally known as the Common Criteria (CC) , comes into play.