Iso Iec 15408 Pdf |top| Jun 2026

To understand how products are certified, three core concepts are essential:

The core premise of Common Criteria is that security requirements should be standardized, and evaluations should be recognized internationally, eliminating the need for duplicate testing in different countries.

Sets the stage, definitions, and general concepts. iso iec 15408 pdf

Open the PDF. It is not a document; it is a cathedral of paranoia. Millions of words, structured like a medieval summa, attempt to do something that feels almost arrogant: to freeze the concept of trust into a mathematical skeleton.

A document created by a user community or regulator that sets out security requirements for a class of products (e.g., firewalls). To understand how products are certified, three core

This part provides a standardized framework for specifying objective, repeatable, and reproducible evaluation methods and evaluation activities. However, it does not specify how to evaluate, adopt, or maintain evaluation methods and evaluation activities—these aspects are left to the organizations originating the evaluation methods in their particular area of interest.

If you are a CISO purchasing a new firewall, request the vendor’s "Security Target" (ST) PDF. Do not just ask for the EAL level. Using the ISO/IEC 15408 framework, you can compare two firewalls side-by-side by seeing which SFRs (from Part 2 of the PDF) they actually passed. It is not a document; it is a cathedral of paranoia

Purchase from the ISO or IEC webstores:

Searching for an is the beginning of a serious commitment to product security. Whether you are a CISO planning a procurement mandate or a product manager preparing for a government contract, this standard is your authoritative guide.

The ISO/IEC 15408 family is split into three distinct parts. When you search for an "ISO IEC 15408 PDF," you are actually looking for three separate documents:

This part defines the terminology and the conceptual framework. It explains how to define a —the specific product or system being tested—and introduces the core concepts of Security Targets (ST) and Protection Profiles (PP). Part 2: Security Functional Components