The (specifically the 2022 series) is the fundamental document for ensuring that IT security is verified rather than just claimed. By adopting this standard, organizations ensure their products adhere to the highest international benchmarks, bolstering security, trust, and market compliance.
certifies specific IT products or systems, focusing on their security functions.
ISO/IEC 15408, widely known as the , is the international standard for evaluating the security functionality and assurance of IT products and systems. The standard provides a framework for consumers to specify security requirements and for developers to have their products independently evaluated. Structure of ISO/IEC 15408 (2022 Edition) iso iec 15408 pdf
The vendor hires an accredited, independent Common Criteria Testing Laboratory (CCTL). The lab inspects the source code, examines development pipelines, runs penetration tests, and runs vulnerability assessments to confirm the ST claims are accurate. 3. Certification and Oversight
Originally developed in cooperation between standardization and security bodies in Canada, France, Germany, the Netherlands, the United Kingdom, and the United States, the objective was to replace national methods for security evaluation with a single standard that could be applied and recognized internationally—hence the name "Common Criteria". The (specifically the 2022 series) is the fundamental
: A basic level where an evaluator tests the product to confirm that it appears to work as documented. It is used when threats are not serious and where confidence in security is not a critical concern.
A numerical rating (EAL1 to EAL7) that describes the depth and rigor of the evaluation. Higher numbers indicate more rigorous testing. How to Obtain the ISO/IEC 15408 PDF ISO/IEC 15408, widely known as the , is
A document created by a user community or regulator that sets out security requirements for a class of products (e.g., firewalls).
Ensure you are downloading the newest revision (such as the 2022 multi-part update) unless your client explicitly mandates compliance with the legacy v3.1 release.
A set of security requirements for a specific category of products (e.g., firewalls).
A key strength of the Common Criteria is international cooperation through the . Member countries (including the US, UK, Canada, Germany, France, Japan, and many others) agree to mutually recognize each other's Common Criteria certificates. This means that if your smartcard product receives a certification from a lab in Germany, that same certification is automatically accepted in Japan, significantly reducing barriers to international trade.
