ISO/IEC FDIS 18045
(Main)Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation
This document defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC 15408 series.
Sécurité de l'information, cybersécurité et protection de la vie privée — Critères d'évaluation pour la sécurité des technologies de l'information — Exigences et méthodologie pour l'évaluation de sécurité
General Information
- Status
- Not Published
- Current Stage
- 5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
- Start Date
- 08-Dec-2025
- Completion Date
- 08-Dec-2025
Relations
- Effective Date
- 27-Apr-2024
- Effective Date
- 28-Oct-2023
Overview
ISO/IEC FDIS 18045 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Requirements and methodology for IT security evaluation - defines the minimum actions an evaluator must perform to conduct evaluations under the ISO/IEC 15408 (Common Criteria) series. It provides a structured, repeatable methodology for assessing Protection Profiles (PP), Security Targets (ST), development artefacts, testing, vulnerability assessment and composition evidence required for IT security certification.
Key Topics and Requirements
- Evaluation process and tasks: stepwise guidance on evaluation input, sub‑activities, and output tasks to ensure consistent application of the Common Criteria evaluation process.
- Protection Profile (PP) and Security Target (ST) evaluation: criteria and application notes for examining PP/ST introductions, conformance claims, security problem definitions, objectives, extended components and security requirements.
- Development and design evidence: evaluation of security architecture, functional specification, implementation representation, TSF internals and formal models.
- Tests and testing evidence: requirements for test coverage, test depth, functional tests, independent testing and composite functional testing to verify TOE behavior.
- Vulnerability assessment: methodology for vulnerability analysis, assessment techniques and composite vulnerability evaluation, including guidance in a normative annex.
- Composition and integration: evaluation of composed products, composition rationale, development evidence, reliance on components and composed TOE testing.
- Life cycle support and assurance evidence: evaluation of configuration management, delivery, developer environment security, flaw remediation and other lifecycle controls.
- Annexes and tools: informative and normative annexes provide general guidance, vulnerability assessment details and evaluation techniques (including semi‑formal and formal methods).
Applications and Who Uses It
ISO/IEC 18045 is used by:
- Evaluation laboratories and assessors to perform standardized Common Criteria evaluations.
- Certification bodies to verify that evaluations meet minimum methodological requirements.
- Product developers and security architects preparing Protection Profiles, Security Targets and development evidence to support certification.
- Purchasers and integrators who require assurance that products were evaluated to consistent, recognized criteria.
- Security consultants advising on test strategies, vulnerability assessments and composition of multi‑component systems.
Practical uses include product certification preparation, independent testing and verification of security claims, and supporting procurement decisions that require certified assurance levels.
Related Standards
- ISO/IEC 15408 (Common Criteria) - evaluation criteria and evidence definitions; ISO/IEC 18045 specifies the evaluator actions to apply those criteria.
- Work produced under ISO/IEC JTC 1/SC 27/WG3 (security evaluation guidance and methodology).
ISO/IEC FDIS 18045 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation Released:11/25/2025
REDLINE ISO/IEC FDIS 18045 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation Released:11/25/2025
ISO/IEC FDIS 18045 - Sécurité de l'information, cybersécurité et protection de la vie privée — Critères d'évaluation pour la sécurité des technologies de l'information — Exigences et méthodologie pour l'évaluation de sécurité Released:17. 01. 2026
Get Certified
Connect with accredited certification bodies for this standard
BSI Group
BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.
Bureau Veritas
Bureau Veritas is a world leader in laboratory testing, inspection and certification services.
DNV
DNV is an independent assurance and risk management provider.
Sponsored listings
Frequently Asked Questions
ISO/IEC FDIS 18045 is a draft published by the International Organization for Standardization (ISO). Its full title is "Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation". This standard covers: This document defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC 15408 series.
This document defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC 15408 series.
ISO/IEC FDIS 18045 is classified under the following ICS (International Classification for Standards) categories: 35.030 - IT Security. The ICS classification helps identify the subject area and facilitates finding related standards.
ISO/IEC FDIS 18045 has the following relationships with other standards: It is inter standard links to ISO 18113-4:2022, ISO/IEC 18045:2022. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
ISO/IEC FDIS 18045 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.
Standards Content (Sample)
FINAL DRAFT
International
Standard
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2025-12-08
Requirements and methodology for
Voting terminates on:
IT security evaluation
2026-02-02
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
FINAL DRAFT
International
Standard
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
Requirements and methodology for
Voting terminates on:
IT security evaluation
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO/IEC 2025
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .viii
Introduction .ix
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Terminology . . 4
5 Verb usage . 5
6 General evaluation guidance . 5
7 Relationship between structures within the CC and the structure of this document . 5
8 Evaluation process and related tasks . 6
8.1 General .6
8.2 Evaluation process overview . .7
8.2.1 Objectives .7
8.2.2 Responsibilities of the roles .7
8.2.3 Relationship of roles .7
8.2.4 General evaluation model .8
8.2.5 Evaluator verdicts .8
8.3 Evaluation input task .9
8.3.1 Objectives .9
8.3.2 Application notes .10
8.3.3 Management of evaluation evidence task .10
8.4 Evaluation sub-activities .11
8.5 Evaluation output task .11
8.5.1 Objectives .11
8.5.2 Management of evaluation outputs .11
8.5.3 Application notes . 12
8.5.4 Write OR task . 12
8.5.5 Write ETR task . 12
9 Protection Profile (PP) evaluation . 19
9.1 Introduction .19
9.2 Application notes .19
9.2.1 Re-using the evaluation results of certified PPs .19
9.3 PP introduction (APE_INT) . 20
9.3.1 Evaluation of sub-activity (APE_INT.1) . 20
9.4 Conformance claims (APE_CCL) .21
9.4.1 Evaluation of sub-activity (APE_CCL.1) .21
9.5 Security problem definition (APE_SPD) .32
9.5.1 Evaluation of sub-activity (APE_SPD.1) .32
9.6 Security objectives (APE_OBJ) . 33
9.6.1 Evaluation of sub-activity (APE_OBJ.1) . 33
9.6.2 Evaluation of sub-activity (APE_OBJ.2) . 35
9.7 Extended components definition (APE_ECD) .37
9.7.1 Evaluation of sub-activity (APE_ECD.1) .37
9.8 Security requirements (APE_REQ) .41
9.8.1 Evaluation of sub-activity (APE_REQ.1) .41
9.8.2 Evaluation of sub-activity (APE_REQ.2). 46
10 Protection Profile Configuration evaluation . 51
10.1 Introduction .51
10.2 PP-Module introduction (ACE_INT) .52
10.2.1 Evaluation of sub-activity (ACE_INT.1) .52
10.3 PP-Module conformance claims (ACE_CCL) . 55
© ISO/IEC 2025 – All rights reserved
iii
10.3.1 Evaluation of sub-activity (ACE_CCL.1) . 55
10.4 PP-Module security problem definition (ACE_SPD) . 60
10.4.1 Evaluation of sub-activity (ACE_SPD.1) . 60
10.5 PP-Module security objectives (ACE_OBJ) .62
10.5.1 Evaluation of sub-activity (ACE_OBJ.1) .62
10.5.2 Evaluation of sub-activity (ACE_OBJ.2) . 63
10.6 PP-Module extended components definition (ACE_ECD). 66
10.6.1 Evaluation of sub-activity (ACE_ECD.1) . 66
10.7 PP-Module security requirements (ACE_REQ) .70
10.7.1 Evaluation of sub-activity (ACE_REQ.1) .70
10.7.2 Evaluation of sub-activity (ACE_REQ.2) . 75
10.8 PP-Module consistency (ACE_MCO) . 80
10.8.1 Evaluation of sub-activity (ACE_MCO.1) . 80
10.9 PP-Configuration consistency (ACE_CCO) . 84
10.9.1 Evaluation of sub-activity (ACE_CCO.1) . 84
11 Security Target (ST) evaluation .93
11.1 Introduction . 93
11.2 Application notes . 93
11.2.1 Re-using the evaluation results of certified PPs . 93
11.2.2 Composition . 94
11.3 ST introduction (ASE_INT) . 94
11.3.1 Evaluation of sub-activity (ASE_INT.1) . 94
11.4 Conformance claims (ASE_CCL) . 98
11.4.1 Evaluation of sub-activity (ASE_CCL.1) . 98
11.5 Security problem definition (ASE_SPD) . 112
11.5.1 Evaluation of sub-activity (ASE_SPD.1) . 112
11.6 Security objectives (ASE_OBJ) . 113
11.6.1 Evaluation of sub-activity (ASE_OBJ.1) . 113
11.6.2 Evaluation of sub-activity (ASE_OBJ.2) .114
11.7 Extended components definition (ASE_ECD) .117
11.7.1 Evaluation of sub-activity (ASE_ECD.1) .117
11.8 Security requirements (ASE_REQ). 121
11.8.1 Evaluation of sub-activity (ASE_REQ.1) . 121
11.8.2 Evaluation of sub-activity (ASE_REQ.2) . 127
11.9 TOE summary specification (ASE_TSS) . 133
11.9.1 Evaluation of sub-activity (ASE_TSS.1) . 133
11.9.2 Evaluation of sub-activity (ASE_TSS.2) .134
11.10 Consistency of composite product Security Target (ASE_COMP) . 136
11.10.1 Evaluation of sub-activity (ASE_COMP.1) . 136
12 Development .141
12.1 Introduction .141
12.2 Application notes .141
12.2.1 General .141
12.2.2 Composition .142
12.3 Security architecture (ADV_ARC) .142
12.3.1 Evaluation of sub-activity (ADV_ARC.1) .142
12.4 Functional specification (ADV_FSP) . 146
12.4.1 Evaluation of sub-activity (ADV_FSP.1) . 146
12.4.2 Evaluation of sub-activity (ADV_FSP.2) . 150
12.4.3 Evaluation of sub-activity (ADV_FSP.3) . 155
12.4.4 Evaluation of sub-activity (ADV_FSP.4) . 160
12.4.5 Evaluation of sub-activity (ADV_FSP.5) . 165
12.5 Implementation representation (ADV_IMP) .171
12.5.1 Evaluation of sub-activity (ADV_IMP.1) .171
12.5.2 Evaluation of sub-activity (ADV_IMP.2) . 173
12.6 TSF internals (ADV_INT) .176
12.6.1 Evaluation of sub-activity (ADV_INT.1) .176
12.6.2 Evaluation of sub-activity (ADV_INT.2) . 179
© ISO/IEC 2025 – All rights reserved
iv
12.6.3 Evaluation of sub-activity (ADV_INT.3) . 181
12.7 Formal TSF model (ADV_SPM). 184
12.7.1 Evaluation of sub-activity (ADV_SPM.1) .184
12.8 TOE design (ADV_TDS) .191
12.8.1 Evaluation of sub-activity (ADV_TDS.1) .191
12.8.2 Evaluation of sub-activity (ADV_TDS.2) . 194
12.8.3 Evaluation of sub-activity (ADV_TDS.3) . 199
12.8.4 Evaluation of sub-activity (ADV_TDS.4).209
12.8.5 Evaluation of sub-activity (ADV_TDS.5) . 218
12.9 Composite design compliance (ADV_COMP) . 226
12.9.1 Evaluation of sub-activity (ADV_COMP.1) . 226
13 Guidance documents .228
13.1 Introduction . 228
13.2 Application notes . 228
13.3 Operational user guidance (AGD_OPE) . 228
13.3.1 Evaluation of sub-activity (AGD_OPE.1) . 228
13.4 Preparative procedures (AGD_PRE) . 232
13.4.1 Evaluation of sub-activity (AGD_PRE.1) . 232
14 life cycle support . 234
14.1 Introduction . 234
14.2 Application notes . 234
14.2.1 Composition . 234
14.3 CM capabilities (ALC_CMC) . 235
14.3.1 Evaluation of sub-activity (ALC_CMC.1). 235
14.3.2 Evaluation of sub-activity (ALC_CMC.2) . 236
14.3.3 Evaluation of sub-activity (ALC_CMC.3) . 238
14.3.4 Evaluation of sub-activity (ALC_CMC.4) . 242
14.3.5 Evaluation of sub-activity (ALC_CMC.5) . 247
14.4 CM scope (ALC_CMS) .254
14.4.1 Evaluation of sub-activity (ALC_CMS.1) .254
14.4.2 Evaluation of sub-activity (ALC_CMS.2) . 255
14.4.3 Evaluation of sub-activity (ALC_CMS.3) . 256
14.4.4 Evaluation of sub-activity (ALC_CMS.4) . 258
14.4.5 Evaluation of sub-activity (ALC_CMS.5) . 259
14.5 Delivery (ALC_DEL) .260
14.5.1 Evaluation of sub-activity (ALC_DEL.1) .260
14.6 Developer environment security (ALC_DVS) . 262
14.6.1 Evaluation of sub-activity (ALC_DVS.1) . 262
14.6.2 Evaluation of sub-activity (ALC_DVS.2) .264
14.7 Flaw remediation (ALC_FLR) . 267
14.7.1 Evaluation of sub-activity (ALC_FLR.1) . 267
14.7.2 Evaluation of sub-activity (ALC_FLR.2) . 269
14.7.3 Evaluation of sub-activity (ALC_FLR.3) . 273
14.8 Development life cycle definition (ALC_LCD) . 278
14.8.1 Evaluation of sub-activity (ALC_LCD.1) . 278
14.8.2 Evaluation of sub-activity (ALC_LCD.2) .280
14.9 TOE development artefacts (ALC_TDA) .282
14.9.1 Evaluation of sub-activity (ALC_TDA.1) .282
14.9.2 Evaluation of sub-activity (ALC_TDA.2) .286
14.9.3 Evaluation of sub-activity (ALC_TDA.3) .290
14.10 Tools and techniques (ALC_TAT) . 295
14.10.1 Evaluation of sub-activity (ALC_TAT.1). 295
14.10.2 Evaluation of sub-activity (ALC_TAT.2) . 297
14.10.3 Evaluation of sub-activity (ALC_TAT.3) .300
14.11 Integration of composition parts and consistency check of delivery procedures (ALC_
COMP) . 303
14.11.1 Evaluation of sub-activity (ALC_COMP.1) . 303
© ISO/IEC 2025 – All rights reserved
v
15 Tests .305
15.1 Introduction . 305
15.2 Application notes . 305
15.2.1 General . 305
15.2.2 Understanding the expected behaviour of the TOE .306
15.2.3 Testing vs. alternate approaches to verify the expected behaviour of
functionality . 306
15.2.4 Verifying the adequacy of tests . 307
15.2.5 Composition . 307
15.3 Coverage (ATE_COV) . 307
15.3.1 Evaluation of sub-activity (ATE_COV.1) . 307
15.3.2 Evaluation of sub-activity (ATE_COV.2) .308
15.3.3 Evaluation of sub-activity (ATE_COV.3) .309
15.4 Depth (ATE_DPT) . 311
15.4.1 Evaluation of sub-activity (ATE_DPT.1) . . 311
15.4.2 Evaluation of sub-activity (ATE_DPT.2) .314
15.4.3 Evaluation of sub-activity (ATE_DPT.3) .317
15.5 Functional tests (ATE_FUN) .319
15.5.1 Evaluation of sub-activity (ATE_FUN.1) .319
15.5.2 Evaluation of sub-activity (ATE_FUN.2) . 322
15.6 Independent testing (ATE_IND) . 326
15.6.1 Evaluation of sub-activity (ATE_IND.1) . 326
15.6.2 Evaluation of sub-activity (ATE_IND.2) . 330
15.7 Composite functional testing (ATE_COMP) . 335
15.7.1 Evaluation of sub-activity (ATE_COMP.1) . 335
16 Vulnerability assessment .336
16.1 Introduction . 336
16.2 Application notes . 337
16.2.1 Composition . 337
16.3 Vulnerability analysis (AVA_VAN) . 337
16.3.1 Evaluation of sub-activity (AVA_VAN.1). 337
16.3.2 Evaluation of sub-activity (AVA_VAN.2) . 342
16.3.3 Evaluation of sub-activity (AVA_VAN.3) .349
16.3.4 Evaluation of sub-activity (AVA_VAN.4) . 358
16.3.5 Evaluation of sub-activity (AVA_VAN.5) .365
16.4 Composite vulnerability assessment (AVA_COMP) . 373
16.4.1 Evaluation of sub-activity (AVA_COMP.1). 373
17 Composition .376
17.1 Introduction .376
17.2 Application notes .376
17.3 Composition rationale (ACO_COR) . 377
17.3.1 Evaluation of sub-activity (ACO_COR.1) . 377
17.4 Development evidence (ACO_DEV) . .383
17.4.1 Evaluation of sub-activity (ACO_DEV.1) .383
17.4.2 Evaluation of sub-activity (ACO_DEV.2) .385
17.4.3 Evaluation of sub-activity (ACO_DEV.3) .387
17.5 Reliance of dependent component (ACO_REL) .390
17.5.1 Evaluation of sub-activity (ACO_REL.1) .390
17.5.2 Evaluation of sub-activity (ACO_REL.2) . 392
17.6 Composed TOE testing (ACO_CTT) .394
17.6.1 Evaluation of sub-activity (ACO_CTT.1) .394
17.6.2 Evaluation of sub-activity (ACO_CTT.2) . 397
17.7 Composition vulnerability analysis (ACO_VUL) .401
17.7.1 Evaluation of sub-activity (ACO_VUL.1) .401
17.7.2 Evaluation of sub-activity (ACO_VUL.2) .404
17.7.3 Evaluation of sub-activity (ACO_VUL.3) .408
Annex A (informative) General evaluation guidance and requirements .413
© ISO/IEC 2025 – All rights reserved
vi
Annex B (normative) Vulnerability assessment (AVA) .421
Annex C (informative) Evaluation techniques and tools - Semi-formal and formal methods .441
Bibliography . 445
© ISO/IEC 2025 – All rights reserved
vii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of
...
Style Definition
...
Style Definition
...
Style Definition
FDIS ISO/IEC FDIS 18045(E) .
Style Definition
...
ISO/IEC JTC 1/SC 27/WG 3
Style Definition
...
Style Definition
Secretariat: DIN .
Style Definition
...
Date: 2025-10-0711-24
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
Information security, cybersecurity and privacy protection — .
Style Definition
Evaluation criteria for IT security — Requirements and .
Style Definition
methodology for IT security evaluation .
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
FDIS stage
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Warning for WDs and CDs
Style Definition
...
This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
Style Definition
...
change without notice and may not be referred to as an International Standard.
Style Definition
...
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
Style Definition
...
which they are aware and to provide supporting documentation.
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
ISO/CEN PARALLEL PROCESSING
Style Definition
...
Style Definition
...
Style Definition
A model document of an International Standard (the Model International Standard) is available at: .
https://www.iso.org/drafting-standards.html
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
ISO #####-#:####(X)
2 © ISO #### – All rights reserved
© ISO
Formatted: Font: Bold
ISO #####-#:####(X/IEC FDIS 18045:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
© ISO/IEC 2025
Line spacing: single
Formatted: Indent: Left: 0 cm, Right: 0 cm, Space
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
Before: 0 pt, No page break before, Adjust space
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
between Latin and Asian text, Adjust space between
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
Asian text and numbers, Border: Top: (No border)
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Formatted: German (Germany)
Website: www.iso.orgwww.iso.org
Published in Switzerland
Formatted: English (United Kingdom)
Formatted: Font: 10 pt
Formatted: Font: 10 pt
Formatted: Font: 11 pt
Formatted: FooterPageRomanNumber, Space After: 0
pt, Line spacing: single
iv © ISO #### /IEC 2025 – All rights reserved
iv
FDIS ISO/IEC FDIS 18045 (E:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Contents
Formatted: HeaderCentered, Left, Space After: 0 pt,
Line spacing: single
Foreword . xiii
Formatted: Space Before: 48 pt
Introduction . xv
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Terminology . 5
5 Verb usage . 6
6 General evaluation guidance . 6
7 Relationship between structures within the CC and the structure of this document . 6
8 Evaluation process and related tasks . 7
8.1 General. 7
8.2 Evaluation process overview . 8
8.3 Evaluation input task. 13
8.4 Evaluation sub-activities . 14
8.5 Evaluation output task . 14
9 Protection Profile (PP) evaluation . 24
9.1 Introduction . 24
9.2 Application notes . 25
9.3 PP introduction (APE_INT) . 25
9.4 Conformance claims (APE_CCL) . 27
9.5 Security problem definition (APE_SPD) . 38
9.6 Security objectives (APE_OBJ) . 40
9.7 Extended components definition (APE_ECD) . 44
9.8 Security requirements (APE_REQ) . 48
10 Protection Profile Configuration evaluation. 60
10.1 Introduction . 60
10.2 PP-Module introduction (ACE_INT) . 62
10.3 PP-Module conformance claims (ACE_CCL) . 64
10.4 PP-Module security problem definition (ACE_SPD) . 70
10.5 PP-Module security objectives (ACE_OBJ). 72
10.6 PP-Module extended components definition (ACE_ECD) . 76
10.7 PP-Module security requirements (ACE_REQ) . 81
10.8 PP-Module consistency (ACE_MCO) . 93
10.9 PP-Configuration consistency (ACE_CCO) . 97
11 Security Target (ST) evaluation . 106
11.1 Introduction . 106
11.2 Application notes . 106
11.3 ST introduction (ASE_INT) . 107
11.4 Conformance claims (ASE_CCL) . 111
Formatted: Font: 10 pt
11.5 Security problem definition (ASE_SPD) . 127
Formatted: Font: 10 pt
11.6 Security objectives (ASE_OBJ) . 128
Formatted: Font: 10 pt
11.7 Extended components definition (ASE_ECD) . 132
11.8 Security requirements (ASE_REQ) . 137
Formatted: FooterCentered, Left, Line spacing: single
11.9 TOE summary specification (ASE_TSS) . 150
Formatted: Font: 11 pt
11.10 Consistency of composite product Security Target (ASE_COMP) . 153
Formatted: FooterPageRomanNumber, Left, Space
12 Development . 159
After: 0 pt, Line spacing: single
© ISO /IEC 2025 – All rights reserved
v
ISO #####-#:####(X/IEC FDIS 18045:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
12.1 Introduction . 159
Line spacing: single
12.2 Application notes . 159
12.3 Security architecture (ADV_ARC) . 161
12.4 Functional specification (ADV_FSP) . 166
12.5 Implementation representation (ADV_IMP) . 193
12.6 TSF internals (ADV_INT) . 199
12.7 Formal TSF model (ADV_SPM) . 208
12.8 TOE design (ADV_TDS) . 215
12.9 Composite design compliance (ADV_COMP) . 255
13 Guidance documents . 258
13.1 Introduction . 258
13.2 Application notes . 258
13.3 Operational user guidance (AGD_OPE) . 258
13.4 Preparative procedures (AGD_PRE) . 262
14 life cycle support . 264
14.1 Introduction . 264
14.2 Application notes . 264
14.3 CM capabilities (ALC_CMC) . 265
14.4 CM scope (ALC_CMS) . 287
14.5 Delivery (ALC_DEL) . 294
14.6 Developer environment security (ALC_DVS) . 295
14.7 Flaw remediation (ALC_FLR) . 301
14.8 Development life cycle definition (ALC_LCD) . 316
14.9 TOE development artefacts (ALC_TDA) . 321
14.10 Tools and techniques (ALC_TAT) . 334
14.11 Integration of composition parts and consistency check of delivery procedures
(ALC_COMP) . 344
15 Tests . 347
15.1 Introduction . 347
15.2 Application notes . 347
15.3 Coverage (ATE_COV) . 349
15.4 Depth (ATE_DPT) . 354
15.5 Functional tests (ATE_FUN) . 363
15.6 Independent testing (ATE_IND) . 371
15.7 Composite functional testing (ATE_COMP) . 381
16 Vulnerability assessment . 383
16.1 Introduction . 383
16.2 Application notes . 383
16.3 Vulnerability analysis (AVA_VAN) . 384
16.4 Composite vulnerability assessment (AVA_COMP) . 425
17 Composition . 428
17.1 Introduction . 428
17.2 Application notes . 428
17.3 Composition rationale (ACO_COR) . 430
17.4 Development evidence (ACO_DEV) . 437
17.5 Reliance of dependent component (ACO_REL) . 443
17.6 Composed TOE testing (ACO_CTT) . 449
Formatted: Font: 10 pt
17.7 Composition vulnerability analysis (ACO_VUL) . 456
Formatted: Font: 10 pt
Annex A (informative) General evaluation guidance and requirements. 469
Formatted: Font: 11 pt
Annex B (normative) Vulnerability assessment (AVA) . 479
Formatted: FooterPageRomanNumber, Space After: 0
pt, Line spacing: single
vi © ISO #### /IEC 2025 – All rights reserved
vi
FDIS ISO/IEC FDIS 18045 (E:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Annex C (informative) Evaluation techniques and tools - Semi-formal and formal methods . 503
Formatted: HeaderCentered, Left, Space After: 0 pt,
Bibliography . 508
Line spacing: single
Introduction . x
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Terminology . 5
5 Verb usage . 5
6 General evaluation guidance . 5
7 Relationship between structures within the CC and the structure of this document . 5
8 Evaluation process and related tasks . 6
8.1 General. 6
8.2 Evaluation process overview . 7
8.2.1 Objectives . 7
8.2.2 Responsibilities of the roles . 7
8.2.3 Relationship of roles . 7
8.2.4 General evaluation model . 8
8.2.5 Evaluator verdicts. 8
8.3 Evaluation input task. 9
8.3.1 Objectives . 9
8.3.2 Application notes . 9
8.3.3 Management of evaluation evidence sub-task . 10
8.4 Evaluation sub-activities . 11
8.5 Evaluation output task . 11
8.5.1 Objectives . 11
8.5.2 Management of evaluation outputs . 11
8.5.3 Application notes . 12
8.5.4 Write OR sub-task . 12
8.5.5 Write ETR sub-task. 12
9 Protection Profile (PP) evaluation . 19
9.1 Introduction . 19
9.2 Application notes . 19
9.2.1 Re-using the evaluation results of certified PPs . 19
9.3 PP introduction (APE_INT) . 20
9.3.1 Evaluation of sub-activity (APE_INT.1) . 20
9.4 Conformance claims (APE_CCL) . 21
9.4.1 Evaluation of sub-activity (APE_CCL.1) . 21
9.5 Security problem definition (APE_SPD) . 31
9.5.1 Evaluation of sub-activity (APE_SPD.1) . 31
9.6 Security objectives (APE_OBJ) . 32
Formatted: Font: 10 pt
9.6.1 Evaluation of sub-activity (APE_OBJ.1) . 32
Formatted: Font: 10 pt
9.6.2 Evaluation of sub-activity (APE_OBJ.2) . 34
9.7 Extended components definition (APE_ECD) . 36
Formatted: Font: 10 pt
9.7.1 Evaluation of sub-activity (APE_ECD.1) . 36
Formatted: FooterCentered, Left, Line spacing: single
9.8 Security requirements (APE_REQ) . 40
Formatted: Font: 11 pt
9.8.1 Evaluation of sub-activity (APE_REQ.1) . 40
9.8.2 Evaluation of sub-activity (APE_REQ.2) . 45
Formatted: FooterPageRomanNumber, Left, Space
After: 0 pt, Line spacing: single
© ISO /IEC 2025 – All rights reserved
vii
ISO #####-#:####(X/IEC FDIS 18045:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
10 Protection Profile Configuration evaluation. 50
Line spacing: single
10.1 Introduction . 50
10.2 PP-Module introduction (ACE_INT) . 51
10.2.1 Evaluation of sub-activity (ACE_INT.1) . 51
10.3 PP-Module conformance claims (ACE_CCL) . 54
10.3.1 Evaluation of sub-activity (ACE_CCL.1) . 54
10.4 PP-Module security problem definition (ACE_SPD) . 59
10.4.1 Evaluation of sub-activity (ACE_SPD.1) . 59
10.5 PP-Module security objectives (ACE_OBJ). 60
10.5.1 Evaluation of sub-activity (ACE_OBJ.1) . 60
10.5.2 Evaluation of sub-activity (ACE_OBJ.2) . 62
10.6 PP-Module extended components definition (ACE_ECD) . 64
10.6.1 Evaluation of sub-activity (ACE_ECD.1) . 64
10.7 PP-Module security requirements (ACE_REQ) . 68
10.7.1 Evaluation of sub-activity (ACE_REQ.1) . 68
10.7.2 Evaluation of sub-activity (ACE_REQ.2) . 73
10.8 PP-Module consistency (ACE_MCO) . 78
10.8.1 Evaluation of sub-activity (ACE_MCO.1). 78
10.9 PP-Configuration consistency (ACE_CCO) . 82
10.9.1 Evaluation of sub-activity (ACE_CCO.1) . 82
11 Security Target (ST) evaluation . 90
11.1 Introduction . 90
11.2 Application notes . 90
11.2.1 Re-using the evaluation results of certified PPs . 90
11.2.2 Composition . 91
11.3 ST introduction (ASE_INT) . 92
11.3.1 Evaluation of sub-activity (ASE_INT.1) . 92
11.4 Conformance claims (ASE_CCL) . 96
11.4.1 Evaluation of sub-activity (ASE_CCL.1) . 96
11.5 Security problem definition (ASE_SPD) . 110
11.5.1 Evaluation of sub-activity (ASE_SPD.1) . 110
11.6 Security objectives (ASE_OBJ) . 111
11.6.1 Evaluation of sub-activity (ASE_OBJ.1) . 111
11.6.2 Evaluation of sub-activity (ASE_OBJ.2) . 112
11.7 Extended components definition (ASE_ECD) . 115
11.7.1 Evaluation of sub-activity (ASE_ECD.1) . 115
11.8 Security requirements (ASE_REQ) . 119
11.8.1 Evaluation of sub-activity (ASE_REQ.1) . 119
11.8.2 Evaluation of sub-activity (ASE_REQ.2) . 125
11.9 TOE summary specification (ASE_TSS) . 131
11.9.1 Evaluation of sub-activity (ASE_TSS.1) . 131
11.9.2 Evaluation of sub-activity (ASE_TSS.2) . 132
11.10 Consistency of composite product Security Target (ASE_COMP) . 133
11.10.1 Evaluation of sub-activity (ASE_COMP.1) . 133
12 Development . 138
12.1 Introduction . 138
12.2 Application notes . 138
12.2.1 General. 138
Formatted: Font: 10 pt
12.2.2 Composition . 139
12.3 Security architecture (ADV_ARC) . 139
Formatted: Font: 10 pt
12.3.1 Evaluation of sub-activity (ADV_ARC.1) . 139
Formatted: Font: 11 pt
12.4 Functional specification (ADV_FSP) . 144
Formatted: FooterPageRomanNumber, Space After: 0
12.4.1 Evaluation of sub-activity (ADV_FSP.1) . 144
pt, Line spacing: single
viii © ISO #### /IEC 2025 – All rights reserved
viii
FDIS ISO/IEC FDIS 18045 (E:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
12.4.2 Evaluation of sub-activity (ADV_FSP.2) . 148
Formatted: HeaderCentered, Left, Space After: 0 pt,
12.4.3 Evaluation of sub-activity (ADV_FSP.3) . 152
Line spacing: single
12.4.4 Evaluation of sub-activity (ADV_FSP.4) . 158
12.4.5 Evaluation of sub-activity (ADV_FSP.5) . 163
12.5 Implementation representation (ADV_IMP) . 169
12.5.1 Evaluation of sub-activity (ADV_IMP.1) . 169
12.5.2 Evaluation of sub-activity (ADV_IMP.2) . 172
12.6 TSF internals (ADV_INT) . 175
12.6.1 Evaluation of sub-activity (ADV_INT.1) . 175
12.6.2 Evaluation of sub-activity (ADV_INT.2) . 177
12.6.3 Evaluation of sub-activity (ADV_INT.3) . 179
12.7 Formal TSF model (ADV_SPM) . 182
12.7.1 Evaluation of sub-activity (ADV_SPM.1) . 182
12.8 TOE design (ADV_TDS) . 188
12.8.1 Evaluation of sub-activity (ADV_TDS.1) . 188
12.8.2 Evaluation of sub-activity (ADV_TDS.2) . 192
12.8.3 Evaluation of sub-activity (ADV_TDS.3) . 197
12.8.4 Evaluation of sub-activity (ADV_TDS.4) . 207
12.8.5 Evaluation of sub-activity (ADV_TDS.5) . 217
12.9 Composite design compliance (ADV_COMP) . 225
12.9.1 Evaluation of sub-activity (ADV_COMP.1) . 225
13 Guidance documents . 227
13.1 Introduction . 227
13.2 Application notes . 228
13.3 Operational user guidance (AGD_OPE) . 228
13.3.1 Evaluation of sub-activity (AGD_OPE.1) . 228
13.4 Preparative procedures (AGD_PRE) . 231
13.4.1 Evaluation of sub-activity (AGD_PRE.1) . 231
14 life cycle support . 233
14.1 Introduction . 233
14.2 Application notes . 233
14.2.1 Composition . 233
14.3 CM capabilities (ALC_CMC) . 234
14.3.1 Evaluation of sub-activity (ALC_CMC.1) . 234
14.3.2 Evaluation of sub-activity (ALC_CMC.2) . 235
14.3.3 Evaluation of sub-activity (ALC_CMC.3) . 237
14.3.4 Evaluation of sub-activity (ALC_CMC.4) . 241
14.3.5 Evaluation of sub-activity (ALC_CMC.5) . 246
14.4 CM scope (ALC_CMS) . 253
14.4.1 Evaluation of sub-activity (ALC_CMS.1) . 253
14.4.2 Evaluation of sub-activity (ALC_CMS.2) . 254
14.4.3 Evaluation of sub-activity (ALC_CMS.3) . 255
14.4.4 Evaluation of sub-activity (ALC_CMS.4) . 256
14.4.5 Evaluation of sub-activity (ALC_CMS.5) . 257
14.5 Delivery (ALC_DEL) . 259
14.5.1 Evaluation of sub-activity (ALC_DEL.1) . 259
Formatted: Font: 10 pt
14.6 Developer environment security (ALC_DVS) . 260
Formatted: Font: 10 pt
14.6.1 Evaluation of sub-activity (ALC_DVS.1) . 260
Formatted: Font: 10 pt
14.6.2 Evaluation of sub-activity (ALC_DVS.2) . 262
14.7 Flaw remediation (ALC_FLR) . 265
Formatted: FooterCentered, Left, Line spacing: single
14.7.1 Evaluation of sub-activity (ALC_FLR.1) . 265
Formatted: Font: 11 pt
14.7.2 Evaluation of sub-activity (ALC_FLR.2) . 267
Formatted: FooterPageRomanNumber, Left, Space
14.7.3 Evaluation of sub-activity (ALC_FLR.3) . 271
After: 0 pt, Line spacing: single
© ISO /IEC 2025 – All rights reserved
ix
ISO #####-#:####(X/IEC FDIS 18045:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
14.8 Development life cycle definition (ALC_LCD) . 276
Line spacing: single
14.8.1 Evaluation of sub-activity (ALC_LCD.1) . 276
14.8.2 Evaluation of sub-activity (ALC_LCD.2) . 278
14.9 TOE development artefacts (ALC_TDA) . 280
14.9.1 Evaluation of sub-activity (ALC_TDA.1) . 280
14.9.2 Evaluation of sub-activity (ALC_TDA.2) . 284
14.9.3 Evaluation of sub-activity (ALC_TDA.3) . 288
14.10 Tools and techniques (ALC_TAT) .
...
PROJET FINAL
Norme
internationale
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Sécurité de l'information,
Secrétariat: DIN
cybersécurité et protection de la
Début de vote:
vie privée — Critères d'évaluation
2025-12-08
pour la sécurité des technologies
Vote clos le:
de l'information — Exigences et
2026-02-02
méthodologie pour l'évaluation de
sécurité
Information security, cybersecurity and privacy protection —
Evaluation criteria for IT security — Requirements and
methodology for IT security evaluation
LES DESTINATAIRES DU PRÉSENT PROJET SONT
INVITÉS À PRÉSENTER, AVEC LEURS OBSERVATIONS,
NOTIFICATION DES DROITS DE PROPRIÉTÉ DONT ILS
AURAIENT ÉVENTUELLEMENT CONNAISSANCE ET À
FOURNIR UNE DOCUMENTATION EXPLICATIVE.
OUTRE LE FAIT D’ÊTRE EXAMINÉS POUR
ÉTABLIR S’ILS SONT ACCEPTABLES À DES FINS
INDUSTRIELLES, TECHNOLOGIQUES ET COM-MERCIALES,
AINSI QUE DU POINT DE VUE DES UTILISATEURS, LES
PROJETS DE NORMES
TRAITEMENT PARALLÈLE ISO/CEN
INTERNATIONALES DOIVENT PARFOIS ÊTRE CONSIDÉRÉS
DU POINT DE VUE DE LEUR POSSI BILITÉ DE DEVENIR DES
NORMES POUVANT
SERVIR DE RÉFÉRENCE DANS LA RÉGLEMENTATION
NATIONALE.
Numéro de référence
PROJET FINAL
Norme
internationale
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Sécurité de l'information,
Secrétariat: DIN
cybersécurité et protection de la
Début de vote:
vie privée — Critères d'évaluation
2025-12-08
pour la sécurité des technologies
Vote clos le:
de l'information — Exigences et
2026-02-02
méthodologie pour l'évaluation de
sécurité
Information security, cybersecurity and privacy protection —
Evaluation criteria for IT security — Requirements and
methodology for IT security evaluation
LES DESTINATAIRES DU PRÉSENT PROJET SONT
INVITÉS À PRÉSENTER, AVEC LEURS OBSERVATIONS,
NOTIFICATION DES DROITS DE PROPRIÉTÉ DONT ILS
AURAIENT ÉVENTUELLEMENT CONNAISSANCE ET À
FOURNIR UNE DOCUMENTATION EXPLICATIVE.
DOCUMENT PROTÉGÉ PAR COPYRIGHT
OUTRE LE FAIT D’ÊTRE EXAMINÉS POUR
ÉTABLIR S’ILS SONT ACCEPTABLES À DES FINS
© ISO/IEC 2025
INDUSTRIELLES, TECHNOLOGIQUES ET COM-MERCIALES,
AINSI QUE DU POINT DE VUE DES UTILISATEURS, LES
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
PROJETS DE NORMES
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, TRAITEMENT PARALLÈLE ISO/CEN
INTERNATIONALES DOIVENT PARFOIS ÊTRE CONSIDÉRÉS
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut DU POINT DE VUE DE LEUR POSSI BILITÉ DE DEVENIR DES
NORMES POUVANT
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
SERVIR DE RÉFÉRENCE DANS LA RÉGLEMENTATION
NATIONALE.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
Numéro de référence
© ISO/IEC 2025 – Tous droits réservés
ii
Sommaire Page
Avant-propos .viii
Introduction .ix
1 Domaine d'application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Terminologie . 5
5 Utilisation des verbes . 5
6 Recommandations générales d'évaluation . 5
7 Relation entre les structures au sein de la CC et la structure du présent document . 5
8 Processus d'évaluation et tâches associées . 6
8.1 Généralités .6
8.2 Présentation générale du processus d'évaluation.7
8.2.1 Objectifs .7
8.2.2 Responsabilités des rôles.7
8.2.3 Relations entre les rôles . .7
8.2.4 Modèle général d'évaluation .8
8.2.5 Verdicts de l'évaluateur .8
8.3 Tâche d'entrée de l'évaluation.10
8.3.1 Objectifs .10
8.3.2 Notes d'application .10
8.3.3 Tâche de gestion des preuves d'évaluation .11
8.4 Sous-activités d'évaluation .11
8.5 Tâche de sortie de l'évaluation . 12
8.5.1 Objectifs . 12
8.5.2 Gestion des données de sortie de l'évaluation . 12
8.5.3 Notes d'application . 12
8.5.4 Rédaction de la tâche OR . 12
8.5.5 Rédaction de la tâche ETR. 13
9 Évaluation du profil de protection (PP) .20
9.1 Introduction . 20
9.2 Notes d'application . . . 20
9.2.1 Réutilisation des résultats d'évaluation des PP certifiés . 20
9.3 Introduction du PP (APE_INT) .21
9.3.1 Évaluation de la sous-activité (APE_INT.1) . .21
9.4 Revendications de conformité (APE_CCL) . 22
9.4.1 Évaluation de la sous-activité (APE_CCL.1) . 22
9.5 Définition du problème de sécurité (APE_SPD) . 33
9.5.1 Évaluation de la sous-activité (APE_SPD.1) . 33
9.6 Objectifs de sécurité (APE_OBJ) . 35
9.6.1 Évaluation de la sous-activité (APE_OBJ.1) . 35
9.6.2 Évaluation de la sous-activité (APE_OBJ.2) . 36
9.7 Définition des composants étendus (APE_ECD) . 39
9.7.1 Évaluation de la sous-activité (APE_ECD.1) . 39
9.8 Exigences de sécurité (APE_REQ) .43
9.8.1 Évaluation de la sous-activité (APE_REQ.1) .43
9.8.2 Évaluation de la sous-activité (APE_REQ.2) . 49
10 Évaluation de la configuration du profil de protection .54
10.1 Introduction . 54
10.2 Introduction du module de PP (APE_INT) . 55
10.2.1 Évaluation de la sous-activité (ACE_INT.1) . 55
10.3 Revendications de conformité du module de PP (ACE_CCL) . 58
© ISO/IEC 2025 – Tous droits réservés
iii
10.3.1 Évaluation de la sous-activité (ACE_CCL.1) . 58
10.4 Définition du problème de sécurité du module de PP (ACE_SPD) . 64
10.4.1 Évaluation de la sous-activité (ACE_SPD.1) . 64
10.5 Objectifs de sécurité du module de PP (ACE_OBJ) . 66
10.5.1 Évaluation de la sous-activité (ACE_OBJ.1) . 66
10.5.2 Évaluation de la sous-activité (ACE_OBJ.2) .67
10.6 Définitions des composants étendus du module de PP (ASE_ECD) .70
10.6.1 Évaluation de la sous-activité (ACE_ECD.1) .70
10.7 Exigences en matière de sécurité d'un module de PP (ACE_REQ) .74
10.7.1 Évaluation de la sous-activité (ACE_REQ.1) .74
10.7.2 Évaluation de la sous-activité (ACE_REQ.2) . 80
10.8 Cohérence du module de PP (ACE_MCO) . 85
10.8.1 Évaluation de la sous-activité (ACE_MCO.1) . 85
10.9 Cohérence de la configuration de PP (ACE_CCO). 89
10.9.1 Évaluation de la sous-activité (ACE_CCO.1) . 89
11 Évaluation de la cible de sécurité (ST) .99
11.1 Introduction . 99
11.2 Notes d'application . . . 99
11.2.1 Réutilisation des résultats d'évaluation des PP certifiés . 99
11.2.2 Composition . 99
11.3 Introduction de la ST (ASE_INT) . 100
11.3.1 Évaluation de la sous-activité (ASE_INT.1) . 100
11.4 Revendications de conformité (ASE_CCL) . 104
11.4.1 Évaluation de la sous-activité (ASE_CCL.1) . 104
11.5 Définition du problème de sécurité (ASE_SPD) .119
11.5.1 Évaluation de la sous-activité (ASE_SPD.1) .119
11.6 Objectifs de sécurité (ASE_OBJ) . 120
11.6.1 Évaluation de la sous-activité (ASE_OBJ.1) . 120
11.6.2 Évaluation de la sous-activité (ASE_OBJ.2) . . 122
11.7 Définitions des composants étendus (ASE_ECD) . 124
11.7.1 Évaluation de la sous-activité (ASE_ECD.1). 124
11.8 Exigences de sécurité (ASE_REQ) . 129
11.8.1 Évaluation de la sous-activité (ASE_REQ.1) . 129
11.8.2 Évaluation de la sous-activité (ASE_REQ.2) . 135
11.9 Spécification récapitulative de la TOE (ASE_TSS) .142
11.9.1 Évaluation de la sous-activité (ASE_TSS.1) .142
11.9.2 Évaluation de la sous-activité (ASE_TSS.2) .143
11.10 Cohérence de la cible de sécurité d'un produit composite (ASE_COMP) . 144
11.10.1 Évaluation de la sous-activité (ASE_COMP.1) . 144
12 Développement .149
12.1 Introduction . 149
12.2 Notes d'application . . . 150
12.2.1 Généralités . 150
12.2.2 Composition . 150
12.3 Architecture de sécurité (ADV_ARC) . 151
12.3.1 Évaluation de la sous-activité (ADV_ARC.1) . 151
12.4 Spécifications fonctionnelles (ADV_FSP) . 156
12.4.1 Évaluation de la sous-activité (ADV_FSP.1) . 156
12.4.2 Évaluation de la sous-activité (ADV_FSP.2) . 160
12.4.3 Évaluation de la sous-activité (ADV_FSP.3) . 165
12.4.4 Évaluation de la sous-activité (ADV_FSP.4) .170
12.4.5 Évaluation de la sous-activité (ADV_FSP.5) .176
12.5 Représentation de l'implémentation (ADV_IMP). 182
12.5.1 Évaluation de la sous-activité (ADV_IMP.1) . 182
12.5.2 Évaluation de la sous-activité (ADV_IMP.2) . 185
12.6 Éléments internes de la TSF (ADV_INT) . 188
12.6.1 Évaluation de la sous-activité (ADV_INT.1) . 188
12.6.2 Évaluation de la sous-activité (ADV_INT.2) .191
© ISO/IEC 2025 – Tous droits réservés
iv
12.6.3 Évaluation de la sous-activité (ADV_INT.3) . 193
12.7 Modélisation de TSF formelle (ADV_SPM) . 196
12.7.1 Évaluation de la sous-activité (ADV_SPM.1) . 196
12.8 Conception de la TOE (ADV_TDS) . 202
12.8.1 Évaluation de la sous-activité (ADV_TDS.1). 202
12.8.2 Évaluation de la sous-activité (ADV_TDS.2) . 207
12.8.3 Évaluation de la sous-activité (ADV_TDS.3) . 212
12.8.4 Évaluation de la sous-activité (ADV_TDS.4) . 222
12.8.5 Évaluation de la sous-activité (ADV_TDS.5) . 233
12.9 Conformité de conception composite (ADV_COMP) . 242
12.9.1 Évaluation de la sous-activité (ADV_COMP.1) . 242
13 Guides (d'orientation) . 244
13.1 Introduction .244
13.2 Notes d'application . . .244
13.3 Guide opérationnel de l'utilisateur (AGD_OPE) .244
13.3.1 Évaluation de la sous-activité (AGD_OPE.1) .244
13.4 Guide préparatoire (AGD_PRE) .248
13.4.1 Évaluation de la sous-activité (AGD_PRE.1) .248
14 Support au cycle de vie .250
14.1 Introduction . 250
14.2 Notes d'application . . . 250
14.2.1 Composition . 250
14.3 Capacités CM (ALC_CMC) . 251
14.3.1 Évaluation de la sous-activité (ALC_CMC.1) . 251
14.3.2 Évaluation de la sous-activité (ALC_CMC.2) . 252
14.3.3 Évaluation de la sous-activité (ALC_CMC.3) .254
14.3.4 Évaluation de la sous-activité (ALC_CMC.4) . 258
14.3.5 Évaluation de la sous-activité (ALC_CMC.5) .264
14.4 Périmètre de la CM (ALC_CMS) . 272
14.4.1 Évaluation de la sous-activité (ALC_CMS.1) . 272
14.4.2 Évaluation de la sous-activité (ALC_CMS.2) . 273
14.4.3 Évaluation de la sous-activité (ALC_CMS.3) .274
14.4.4 Évaluation de la sous-activité (ALC_CMS.4) . 275
14.4.5 Évaluation de la sous-activité (ALC_CMS.5) . 277
14.5 Livraison (ALC_DEL) . 278
14.5.1 Évaluation de la sous-activité (ALC_DEL.1) . 278
14.6 Sécurité de l’environnement de développement (ALC_DVS) .280
14.6.1 Évaluation de la sous-activité (ALC_DVS.1) .280
14.6.2 Évaluation de la sous-activité (ALC_DVS.2) .282
14.7 Correction des anomalies (ALC_FLR) .286
14.7.1 Évaluation de la sous-activité (ALC_FLR.1) .286
14.7.2 Évaluation de la sous-activité (ALC_FLR.2) .288
14.7.3 Évaluation de la sous-activité (ALC_FLR.3) . 292
14.8 Définition du cycle de vie de développement (ALC_LCD) .298
14.8.1 Évaluation de la sous-activité (ALC_LCD.1) .298
14.8.2 Évaluation de la sous-activité (ALC_LCD.2) .299
14.9 Artefacts de développement de la TOE (ALC_TDA) . 302
14.9.1 Évaluation de la sous-activité (ALC_TDA.1) . 302
14.9.2 Évaluation de la sous-activité (ALC_TDA.2) . .306
14.9.3 Évaluation de la sous-activité (ALC_TDA.3).310
14.10 Outils et techniques (ALC_TAT) . 315
14.10.1 Évaluation de la sous-activité (ALC_TAT.1) . 315
14.10.2 Évaluation de la sous-activité (ALC_TAT.2) . 318
14.10.3 Évaluation de la sous-activité (ALC_TAT.3) . 321
14.11 Intégration des pièces de composition et de la vérification de cohérence des procédures
de livraison (ALC_COMP) . 324
14.11.1 Évaluation de la sous-activité (ALC_COMP.1) . 324
© ISO/IEC 2025 – Tous droits réservés
v
15 Essais .327
15.1 Introduction . 327
15.2 Notes d'application . . . 327
15.2.1 Généralités . 327
15.2.2 Compréhension du comportement attendu de la TOE . 327
15.2.3 Réalisation d'essais par rapport à d'autres approches visant à contrôler le
comportement attendu des fonctionnalités . 328
15.2.4 Contrôle de l'adéquation des essais . 328
15.2.5 Composition . 329
15.3 Couverture (ATE_COV). 329
15.3.1 Évaluation de la sous-activité (ATE_COV.1) . 329
15.3.2 Évaluation de la sous-activité (ATE_COV.2) . 330
15.3.3 Évaluation de la sous-activité (ATE_COV.3) . 331
15.4 Profondeur (ATE_DPT) . 333
15.4.1 Évaluation de la sous-activité (ATE_DPT.1) . 333
15.4.2 Évaluation de la sous-activité (ATE_DPT.2) . 336
15.4.3 Évaluation de la sous-activité (ATE_DPT.3) . 339
15.5 Essais fonctionnels (ATE_FUN) . 342
15.5.1 Évaluation de la sous-activité (ATE_FUN.1) . . 342
15.5.2 Évaluation de la sous-activité (ATE_FUN.2) .345
15.6 Essais indépendants (ATE_IND) .349
15.6.1 Évaluation de la sous-activité (ATE_IND.1) .349
15.6.2 Évaluation de la sous-activité (ATE_IND.2).354
15.7 Essais fonctionnels composites (ATE_COMP) . 359
15.7.1 Évaluation de la sous-activité (ATE_COMP.1) . 359
16 Estimation des vulnérabilités .361
16.1 Introduction . 361
16.2 Notes d'application . . . 361
16.2.1 Composition . 361
16.3 Analyse des vulnérabilités (AVA_VAN) . 361
16.3.1 Évaluation de la sous-activité (AVA_VAN.1) . 361
16.3.2 Évaluation de la sous-activité (AVA_VAN.2) . 367
16.3.3 Évaluation de la sous-activité (AVA_VAN.3) .374
16.3.4 Évaluation de la sous-activité (AVA_VAN.4) .384
16.3.5 Évaluation de la sous-activité (AVA_VAN.5) . 392
16.4 Évaluation de vulnérabilité composite (AVA_COMP) .401
16.4.1 Évaluation de la sous-activité (AVA_COMP.1) .401
17 Composition . 404
17.1 Introduction .404
17.2 Notes d'application . . .404
17.3 Argumentaire relatif à la composition (ACO_COR).405
17.3.1 Évaluation de la sous-activité (ACO_COR.1) .405
17.4 Preuve de développement (ACO_DEV) .411
17.4.1 Évaluation de la sous-activité (ACO_DEV.1) .411
17.4.2 Évaluation de la sous-activité (ACO_DEV.2) . 413
17.4.3 Évaluation de la sous-activité (ACO_DEV.3) . 415
17.5 Confiance dans les composants dépendants (ACO_REL) .418
17.5.1 Évaluation de la sous-activité (ACO_REL.1) .418
17.5.2 Évaluation de la sous-activité (ACO_REL.2) . 420
17.6 Test de TOE composée (ACO_CTT) . 423
17.6.1 Évaluation de la sous-activité (ACO_CTT.1) . 423
17.6.2 Évaluation de la sous-activité (ACO_CTT.2) . 426
17.7 Analyse de vulnérabilité de composition (ACO_VUL) . 430
17.7.1 Évaluation de la sous-activité (ACO_VUL.1) . 430
17.7.2 Évaluation de la sous-activité (ACO_VUL.2) . 433
17.7.3 Évaluation de la sous-activité (ACO_VUL.3) . 437
Annexe A (informative) Recommandations et exigences générales d'évaluation . 442
© ISO/IEC 2025 – Tous droits réservés
vi
Annexe B (normative) Évaluation de la vulnérabilité (AVA) .451
Annexe C (informative) Techniques et outils d'évaluation — Méthodes semi-formelles et
formelles .473
Bibliographie .478
© ISO/IEC 2025 – Tous droits réservés
vii
Avant-propos
L'ISO (Organisation internationale de normalisation) et l'IEC (Commission électrotechnique internationale)
forment le système spécialisé de la normalisation mondiale. Les organismes nationaux membres de l'ISO
ou de l'IEC participent au développement de Normes Internationales par l'intermédiaire des comités
techniques créés par l'organisation concernée afin de s'occuper des domaines particuliers de l'activité
technique. Les comités techniques de l'ISO et de l'IEC collaborent dans des domaines d'intérêt commun.
D'autres organisations internationales, gouvernementales et non gouvernementales, en liaison avec l'ISO et
l'IEC participent également aux travaux.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont décrites
dans les Directives ISO/IEC, Partie 1. Il convient, en particulier, de prendre note des différents critères
d'approbation requis pour les différents types de documents. Le présent document a été rédigé conformément
aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www.iso.org/directives ou
www.iec.ch/members_experts/refdocs).
L'ISO et l'IEC attirent l'attention sur le fait que la mise en application du présent document peut entraîner
l'utilisation d'un ou de plusieurs brevets. L'ISO et L'IEC ne prennent pas position quant à la preuve, à la
validité et à l'applicabilité de tout droit de propriété revendiqué à cet égard. À la date de publication du
présent document, l'ISO et l'IEC n'avaient pas reçu notification qu'un ou plusieurs brevets pouvaient être
nécessaires à sa mise en application. Toutefois, il y a lieu d'avertir les responsables de la mise en application
du présent document que des informations plus récentes sont susceptibles de figurer dans la base de données
de brevets, disponible à l'adresse www.iso.org/brevets et http
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...