Iso Iec 15408 Pdf

ISO/IEC 15408, universally known as the Common Criteria (CC)

Target of Evaluation (TOE): Clearly define what exactly is being evaluated (hardware, software, or both). iso iec 15408 pdf

looks at how a company manages its overall security processes, ISO/IEC 15408, universally known as the Common Criteria

Security Assurance Requirements (SARs): Measures taken during development to ensure the security functions are correctly implemented. Evaluation Assurance Levels (EALs) It evaluates the product , not the process

But the deepest cut of ISO/IEC 15408 is what it cannot capture. It evaluates the product, not the process. You can have an EAL5+ certified operating system, installed by an intern who leaves the root password on a sticky note. The PDF has no clause for exhaustion, for laziness, for the moment a developer pushes a hotfix at 2 AM without re-evaluating the security target.

Alternatives to the Full PDF

Is ISO/IEC 15408 too heavy for your needs? The full PDF can be overkill for small projects. Consider these alternatives: