Many government agencies, defense sectors, and federal banking institutions strictly mandate that any infrastructure software or hardware must be certified to at least EAL2 or EAL4.
This section establishes a catalog of standardized . These are the specific security behaviors expected from a product (e.g., user identification, data encryption, audit logging, and access control). Vendors select components from this catalog to describe what their product physically does to protect data. Part 3: Security Assurance Components
If you are preparing for an evaluation, begin by downloading the official Common Criteria framework documents and reviewing existing relevant to your specific industry vertical to save time and development costs. If you are working on a compliance project, let me know: iso iec 15408 pdf
A document usually written by the vendor that describes the specific security properties of the actual product being evaluated. It maps the product's capabilities to a Protection Profile or a custom set of SFRs.
A reusable document defining a generic set of security requirements for a specific category of products (e.g., firewalls, smart cards, or database management systems). Vendors select components from this catalog to describe
Because it is an ISO standard, it is recognized by many countries worldwide, reducing the need for re-evaluation in different markets.
Part 2 is a massive catalog of standard security behaviors expected from IT products. These are called . They define what the product does to enforce security. SFRs are organized into classes, including: It maps the product's capabilities to a Protection
Modern PDFs (2022 edition) introduce better support for composite evaluations—where you certify a software app running on a certified operating system, running on certified hardware. This reduces cost and reusability.
Disclaimer: This article is for informational purposes. Always consult the official ISO or Common Criteria portal for the latest legal texts and certification requirements.
This is the most critical section of this article. A common search for "iso iec 15408 pdf free download" is fraught with risk and potential copyright violation. Copyrighted international standards, including ISO/IEC 15408, are not legally available as free public PDFs from unauthorized sources.
