ISO/IEC 15408, widely known as the , is the international standard for evaluating the security of Information Technology (IT) products. It provides a standardized framework where users can specify security requirements, vendors can implement them, and independent labs can evaluate products to ensure they meet claimed security attributes. Structure of ISO/IEC 15408
Defines the assurance requirements (SARs) that must be met to prove the security claim is valid (e.g., testing, code review). iso iec 15408 pdf
This lists the from EAL1 to EAL7.
This part also describes how functional and assurance components from Parts 2 and 3 can be tailored through permitted operations, and provides an introduction to the evaluation methodology (ISO/IEC 18045). ISO/IEC 15408, widely known as the , is
Establishes a catalog of assurance requirements, structured into Evaluation Assurance Levels (EAL1 to EAL7). Finding the ISO/IEC 15408 PDF This lists the from EAL1 to EAL7