DIN Standards Committee Information Technology and IT Applications
Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 4: Framework for the specification of evaluation methods and activities (ISO/IEC 15408-4:2022); German version EN ISO/IEC 15408-4:2023
Abstract
The ISO/IEC 15408 series permits comparability between the results of independent security evaluations. The ISO/IEC 15408 series does so by providing a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation. ISO/IEC 18045 provides a companion methodology for some of the assurance requirements specified in the ISO/IEC 15408 series, ISO/IEC 15408-1 and ISO/IEC 18045 also allow that more specific Evaluation Activities (EAs) may be derived for use in particular evaluation contexts. Specification of such Evaluation Activities is already occurring amongst practitioners and this creates a need for a specification for defining such Evaluation Activities. This document, ISO/IEC 15408-4, provides a standardised framework for specifying objective, repeatable and reproducible Evaluation Methods (EMs), and Evaluation Activities.
Begin
2023-05-02
WI
JT013065
Planned document number
DIN EN ISO/IEC 15408-4
Project number
04301070
Responsible national committee
NA 043-04-13 GA - DIN/DKE Joint working committee Cybersecurity
Responsible european committee
CEN/CLC/JTC 13 - Cybersecurity and Data Protection
Responsible international committee
ISO/IEC JTC 1/SC 27/WG 3 - Security evaluation, testing and specification
draft standard
Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 4: Framework for the specification of evaluation methods and activities (ISO/IEC 15408-4:2022); German and English version prEN ISO/IEC 15408-4:2023
2023-12
Order from DIN Media