ISO/IEC FDIS 15408-3
(Main)Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components
This document defines the assurance requirements of the ISO/IEC 15408 series. It includes the individual assurance components from which the evaluation assurance levels and other packages contained in ISO/IEC 15408-5 are composed, and the criteria for evaluation of Protection Profiles (PPs), PP-Configurations, PP-Modules, and Security Targets (STs).
Sécurité de l'information, cybersécurité et protection de la vie privée — Critères d'évaluation pour la sécurité des technologies de l'information — Partie 3: Composants d'assurance de sécurité
General Information
- Status
- Not Published
- Current Stage
- 5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
- Start Date
- 02-Feb-2026
- Completion Date
- 02-Feb-2026
Relations
- Effective Date
- 09-Feb-2026
- Effective Date
- 12-Feb-2026
- Effective Date
- 28-Oct-2023
Overview
ISO/IEC FDIS 15408-3:2026 is an essential international standard in the ISO/IEC 15408 series, focusing on information security, cybersecurity, and privacy protection. Specifically, this document defines security assurance requirements for IT security product evaluations. These assurance components are fundamental to establishing the Evaluation Assurance Levels (EALs) and other assurance packages detailed in ISO/IEC 15408-5. Additionally, the standard provides criteria for the evaluation of Protection Profiles (PPs), PP-Configurations, PP-Modules, and Security Targets (STs).
Organizations adopting ISO/IEC FDIS 15408-3 can systematically demonstrate the reliability and robustness of their IT security products and solutions, creating a foundation for trust in digital environments.
Key Topics
ISO/IEC FDIS 15408-3 covers a broad range of security assurance components essential for IT security evaluation, including:
- Assurance Paradigm: Outlines the general approach and rationale behind the structure of assurance classes, families, and components.
- Evaluation Assurance Levels (EALs): Details how individual assurance components combine to form predefined assurance levels, allowing flexible and scalable evaluations.
- Protection Profile (PP) Evaluation: Specifies criteria for evaluating security requirements defined in PPs, essential for common security needs.
- PP-Module and PP-Configuration Evaluation: Provides a structured approach to modular and configurable PPs, supporting customized and composable security solutions.
- Security Target (ST) Evaluation: Defines how to evaluate STs, the basis for specific product evaluations against desired assurance criteria.
- Development and Lifecycle Support: Includes requirements for secure product development, delivery, and configuration management.
- Guidance Documents and Operational Support: Addresses necessary documentation and procedures to support secure usage and maintenance of IT systems.
- Testing and Vulnerability Assessment: Lays out requirements for comprehensive testing, independent verification, and vulnerability analysis.
Applications
ISO/IEC FDIS 15408-3 provides practical value to organizations and stakeholders in a range of scenarios:
- Product Certification: Supports formal certification by defining the requirements and processes necessary to demonstrate that IT products meet recognized security standards.
- Procurement Specifications: Enables government agencies and enterprises to define and assess minimum security requirements in procurement processes for IT products and systems.
- Global Market Access: Facilitates acceptance of certified products across international markets, reducing the need for redundant evaluations.
- Risk Management: Enhances organizational risk management by providing a structured approach to validating security assurances and ensuring necessary threat mitigations are implemented.
- Development of Security Profiles: Assists industry and consortia in developing standard Protection Profiles for commonly deployed technologies, promoting interoperability and security best practices.
Related Standards
ISO/IEC FDIS 15408-3 is closely related to other standards within the ISO/IEC 15408 (Common Criteria) series and the broader IT security evaluation landscape, including:
- ISO/IEC 15408-1: Introduction and general model for IT security evaluation
- ISO/IEC 15408-2: Security functional components
- ISO/IEC 15408-5: Predefined assurance and security functional packages
- ISO/IEC 18045: Methodology for IT security evaluation
- ISO/IEC 27001: Information security management systems requirements
By aligning with these and other related ISO/IEC standards, organizations can create comprehensive, interoperable, and globally recognized information security and assurance programs.
ISO/IEC FDIS 15408-3 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components Released:19. 01. 2026
REDLINE ISO/IEC FDIS 15408-3 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components Released:19. 01. 2026
Get Certified
Connect with accredited certification bodies for this standard
BSI Group
BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.
Bureau Veritas
Bureau Veritas is a world leader in laboratory testing, inspection and certification services.
DNV
DNV is an independent assurance and risk management provider.
Sponsored listings
Frequently Asked Questions
ISO/IEC FDIS 15408-3 is a draft published by the International Organization for Standardization (ISO). Its full title is "Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components". This standard covers: This document defines the assurance requirements of the ISO/IEC 15408 series. It includes the individual assurance components from which the evaluation assurance levels and other packages contained in ISO/IEC 15408-5 are composed, and the criteria for evaluation of Protection Profiles (PPs), PP-Configurations, PP-Modules, and Security Targets (STs).
This document defines the assurance requirements of the ISO/IEC 15408 series. It includes the individual assurance components from which the evaluation assurance levels and other packages contained in ISO/IEC 15408-5 are composed, and the criteria for evaluation of Protection Profiles (PPs), PP-Configurations, PP-Modules, and Security Targets (STs).
ISO/IEC FDIS 15408-3 is classified under the following ICS (International Classification for Standards) categories: 35.030 - IT Security. The ICS classification helps identify the subject area and facilitates finding related standards.
ISO/IEC FDIS 15408-3 has the following relationships with other standards: It is inter standard links to EN ISO/IEC 19896-3:2025, FprEN ISO/IEC 15408-3, ISO/IEC 15408-3:2022. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
ISO/IEC FDIS 15408-3 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.
Standards Content (Sample)
FINAL DRAFT
International
Standard
ISO/IEC
FDIS
15408-3
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2026-02-02
Part 3:
Voting terminates on:
2026-03-30
Security assurance components
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 3: Composants d'assurance de sécurité
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
ISO/IEC FDIS 154083:2026(en) © ISO/IEC 2026
FINAL DRAFT
International
Standard
ISO/IEC
FDIS
15408-3
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
Part 3:
Voting terminates on:
Security assurance components
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 3: Composants d'assurance de sécurité
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO/IEC 2026
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ISO/IEC FDIS 154083:2026(en) © ISO/IEC 2026
© ISO/IEC 2026 – All rights reserved
ii
Contents Page
Foreword .x
Introduction .xi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview . 5
5 Assurance paradigm . 5
5.1 General .5
5.2 CC approach .5
5.3 Assurance approach .5
5.3.1 General .5
5.3.2 Significance of vulnerabilities .5
5.3.3 Cause of vulnerabilities .6
5.3.4 CC assurance .6
5.3.5 Assurance through evaluation .6
5.4 CC evaluation assurance scale .7
6 Security assurance components . 7
6.1 General .7
6.2 Assurance class structure .7
6.2.1 General .7
6.2.2 Class name .8
6.2.3 Class introduction .8
6.2.4 Class application notes .8
6.2.5 Assurance families .8
6.3 Assurance family structure .8
6.3.1 General .8
6.3.2 Family name .8
6.3.3 Family objectives .8
6.3.4 Component levelling .9
6.3.5 Family application notes .9
6.3.6 Assurance components .9
6.4 Assurance component structure .9
6.4.1 General .9
6.4.2 Component name .9
6.4.3 Component objectives . .10
6.4.4 Component application notes .10
6.4.5 Component dependencies .10
6.4.6 Assurance elements .10
6.5 Assurance elements .11
6.6 Component taxonomy .11
7 Class APE Protection Profile (PP) evaluation .11
7.1 General .11
7.2 PP introduction (APE_INT) . 12
7.2.1 Objectives . 12
7.2.2 PP introduction (APE_INT.1) . 13
7.3 Conformance claims (APE_CCL) . 13
7.3.1 Objectives . 13
7.3.2 Conformance claims (APE_CCL.1) . 13
7.4 Security problem definition (APE_SPD) . 15
7.4.1 Objectives . 15
7.4.2 Security problem definition (APE_SPD.1) . 15
7.5 Security objectives (APE_OBJ) . 15
© ISO/IEC 2026 – All rights reserved
iii
7.5.1 Objectives . 15
7.5.2 Component levelling . 15
7.5.3 Security objectives for the operational environment (APE_OBJ.1) . 15
7.5.4 Security objectives (APE_OBJ.2) . .16
7.6 Extended components definition (APE_ECD) .17
7.6.1 Objectives .17
7.6.2 Extended components definition (APE_ECD.1) .17
7.7 Security requirements (APE_REQ) .18
7.7.1 Objectives .18
7.7.2 Component levelling .18
7.7.3 Direct rationale security requirements (APE_REQ.1) .18
7.7.4 Derived security requirements (APE_REQ.2) .19
8 Class ACE Protection Profile Configuration evaluation .20
8.1 General . 20
8.2 PP-Module introduction (ACE_INT) . 22
8.2.1 Objectives . 22
8.2.2 PP-Module introduction (ACE_INT.1) . 22
8.3 PP-Module conformance claims (ACE_CCL) . 22
8.3.1 Objectives . 22
8.3.2 PP-Module conformance claims (ACE_CCL.1) . 23
8.4 PP-Module security problem definition (ACE_SPD) .24
8.4.1 Objectives .24
8.4.2 PP-Module security problem definition (ACE_SPD.1) .24
8.5 PP-Module security objectives (ACE_OBJ) .24
8.5.1 Objectives .24
8.5.2 Component levelling .24
8.5.3 PP-Module security objectives for the operational environment (ACE_OBJ.1) .24
8.5.4 PP-Module security objectives (ACE_OBJ.2) . 25
8.6 PP-Module extended components definition (ACE_ECD). 26
8.6.1 Objectives . 26
8.6.2 PP-Module extended components definition (ACE_ECD.1) . 26
8.7 PP-Module security requirements (ACE_REQ) .27
8.7.1 Objectives .27
8.7.2 Component levelling .27
8.7.3 PP-Module direct rationale security requirements (ACE_REQ.1) .27
8.7.4 PP-Module derived security requirements (ACE_REQ.2) . 28
8.8 PP-Module consistency (ACE_MCO) . 29
8.8.1 Objectives . 29
8.8.2 PP-Module consistency (ACE_MCO.1) . 29
8.9 PP-Configuration consistency (ACE_CCO) . 30
8.9.1 Objectives . 30
8.9.2 PP-Configuration consistency (ACE_CCO.1) . 30
9 Class ASE Security Target (ST) evaluation .32
9.1 General .32
9.2 ST introduction (ASE_INT) . 34
9.2.1 Objectives . 34
9.2.2 ST introduction (ASE_INT.1) . 34
9.3 Conformance claims (ASE_CCL) . 34
9.3.1 Objectives . 34
9.3.2 Conformance claims (ASE_CCL.1) . 35
9.4 Security problem definition (ASE_SPD) . 36
9.4.1 Objectives . 36
9.4.2 Security problem definition (ASE_SPD.1) . 36
9.5 Security objectives (ASE_OBJ) . 36
9.5.1 Objectives . 36
9.5.2 Component levelling . 36
9.5.3 Security objectives for the operational environment (ASE_OBJ.1) . 36
9.5.4 Security objectives (ASE_OBJ.2) .37
© ISO/IEC 2026 – All rights reserved
iv
9.6 Extended components definition (ASE_ECD) . 38
9.6.1 Objectives . 38
9.6.2 Extended components definition (ASE_ECD.1) . 38
9.7 Security requirements (ASE_REQ). 39
9.7.1 Objectives . 39
9.7.2 Component levelling . 39
9.7.3 Direct rationale security requirements (ASE_REQ.1) . 39
9.7.4 Derived security requirements (ASE_REQ.2). 40
9.8 TOE summary specification (ASE_TSS) .41
9.8.1 Objectives .41
9.8.2 Component levelling .41
9.8.3 TOE summary specification (ASE_TSS.1) .41
9.8.4 TOE summary specification with architectural design summary (ASE_TSS.2) .42
9.9 Consistency of composite product Security Target (ASE_COMP) .42
9.9.1 Objectives .42
9.9.2 Component levelling .43
9.9.3 Application notes .43
9.9.4 Consistency of Security Target (ST) (ASE_COMP.1) . 44
10 Class ADV Development .44
10.1 General . 44
10.2 Security architecture (ADV_ARC) . 50
10.2.1 Objectives . 50
10.2.2 Component levelling . 50
10.2.3 Application notes . 50
10.2.4 Security architecture description (ADV_ARC.1) .51
10.3 Functional specification (ADV_FSP) .52
10.3.1 Objectives .52
10.3.2 Component levelling .52
10.3.3 Application notes .52
10.3.4 Basic functional specification (ADV_FSP.1) . 55
10.3.5 Security-enforcing functional specification (ADV_FSP.2) . 55
10.3.6 Functional specification with complete summary (ADV_FSP.3) . 56
10.3.7 Complete functional specification (ADV_FSP.4) .57
10.3.8 Complete semi-formal functional specification with additional error
information (ADV_FSP.5).57
10.3.9 Complete semi-formal functional specification with additional formal
specification (ADV_FSP.6). 58
10.4 Implementation representation (ADV_IMP) .59
10.4.1 Objectives .59
10.4.2 Component levelling .59
10.4.3 Application notes .59
10.4.4 Implementation representation of the TSF (ADV_IMP.1) . 60
10.4.5 Complete mapping of the implementation representation of the TSF (ADV_IMP.2) .61
10.5 TSF internals (ADV_INT) .62
10.5.1 Objectives .62
10.5.2 Component levelling .62
10.5.3 Application notes .62
10.5.4 Well-structured subset of TSF internals (ADV_INT.1) .62
10.5.5 Well-structured internals (ADV_INT.2) . 63
10.5.6 Minimally complex internals (ADV_INT.3) . 64
10.6 Formal TSF model (ADV_SPM). 65
10.6.1 Objectives . 65
10.6.2 Component levelling . 65
10.6.3 Application notes . 65
10.6.4 Formal TSF model (ADV_SPM.1) . 66
10.7 TOE design (ADV_TDS) .67
10.7.1 Objectives .67
10.7.2 Component levelling .67
© ISO/IEC 2026 – All rights reserved
v
10.7.3 Application notes .67
10.7.4 Basic design (ADV_TDS.1) . 68
10.7.5 Architectural design (ADV_TDS.2) . 69
10.7.6 Basic modular design (ADV_TDS.3) .70
10.7.7 Semi-Formal modular design (ADV_TDS.4) .71
10.7.8 Complete semi-formal modular design (ADV_TDS.5) .71
10.7.9 Complete semi-formal modular design with formal high-level design
presentation (ADV_TDS.6) . 72
10.8 Composite design compliance (ADV_COMP) . 73
10.8.1 Objectives . 73
10.8.2 Component levelling . 73
10.8.3 Application notes . 73
10.8.4 Design compliance with the base component-related user guidance, ETR for
composite evaluation and report of the base component evaluation authority
(ADV_COMP.1) .74
11 Class AGD guidance documents .75
11.1 General . 75
11.2 Operational user guidance (AGD_OPE) . 75
11.2.1 Objectives . 75
11.2.2 Component levelling .76
11.2.3 Application notes .76
11.2.4 Operational user guidance (AGD_OPE.1) .76
11.3 Preparative procedures (AGD_PRE) . 77
11.3.1 Objectives . 77
11.3.2 Component levelling . 77
11.3.3 Application notes . 77
11.3.4 Preparative procedures (AGD_PRE.1) . 78
12 Class ALC life cycle support .78
12.1 General . 78
12.2 CM capabilities (ALC_CMC) . 80
12.2.1 Objectives . 80
12.2.2 Component levelling . 81
12.2.3 Application notes . 81
12.2.4 Labelling of the TOE (ALC_CMC.1) . 81
12.2.5 Use of the CM system (ALC_CMC.2) . 82
12.2.6 Authorization controls (ALC_CMC.3) . 83
12.2.7 Production support, acceptance procedures and automation (ALC_CMC.4) . 84
12.2.8 Advanced support (ALC_CMC.5) . 85
12.3 CM scope (ALC_CMS) . 87
12.3.1 Objectives . 87
12.3.2 Component levelling . 87
12.3.3 Application notes . 87
12.3.4 TOE CM coverage (ALC_CMS.1) . 87
12.3.5 Parts of the TOE CM coverage (ALC_CMS.2) . 88
12.3.6 Implementation representation CM coverage (ALC_CMS.3) . 89
12.3.7 Problem tracking CM coverage (ALC_CMS.4) . 89
12.3.8 Development tools CM coverage (ALC_CMS.5) . 90
12.4 Delivery (ALC_DEL) .91
12.4.1 Objectives .91
12.4.2 Component levelling .91
12.4.3 Application notes .91
12.4.4 Delivery procedures (ALC_DEL.1) . 92
12.5 Developer environment security (ALC_DVS) . 92
12.5.1 Objectives . 92
12.5.2 Component levelling . 92
12.5.3 Application notes . 93
12.5.4 Identification of security controls (ALC_DVS.1) . 93
12.5.5 Sufficiency of security controls (ALC_DVS.2) . 93
© ISO/IEC 2026 – All rights reserved
vi
12.6 Flaw remediation (ALC_FLR) . 94
...
Style Definition
...
Style Definition
...
Style Definition
1 FDIS ISO/IEC FDIS 15408-3(E) .
Style Definition
...
2 ISO/IEC JTC 1/SC 27/WG 3
Style Definition
...
Style Definition
3 Secretariat: DIN .
Style Definition
...
4 Date: 2025-10-222026-01-19
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
5 Information security, cybersecurity and privacy protection — .
Style Definition
6 Evaluation criteria for IT security — — .
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
7 Part 3:
Style Definition
...
8 Security assurance components
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
10 Sécurité de l'information, cybersécurité et protection de la vie privée — Critères d'évaluation pour la
Style Definition
...
11 sécurité des technologies de l'information —
Style Definition
...
12 Partie 3: Composants d'assurance de sécurité Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
TTTTTThhhhhhiiiiiissssss d d d d d drrrrrraftaftaftaftaftaft i i i i i issssss s s s s s suuuuuubbbbbbmmmmmmiiiiiittttttttttttedededededed t t t t t toooooo a pa pa pa pa pa pararararararallel vallel vallel vallel vallel vallel vooooootttttte e e e e e iiiiiinnnnnn I I I I I ISSSSSSOOOOOO,,,,,, C C C C C CEEEEEENNNNNN.
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
ISO #####-#:####(X)
Formatted: release-version, Left, Indent: Left: 0 cm,
Right: 0 cm, Border: Top: (No border), Bottom: (No
border), Left: (No border), Right: (No border)
13 FDIS stage
15 Warning for WDs and CDs
16 This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
17 change without notice and may not be referred to as an International Standard.
18 Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
19 which they are aware and to provide supporting documentation.
22 A model document of an International Standard (the Model International Standard) is available at:
23 https://www.iso.org/drafting-standards.html
2 © ISO #### – All rights reserved
Formatted: Font: Bold
ISO #####-#:####(X/IEC FDIS 15408-3:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
© ISO/IEC 2026
Line spacing: single
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
Formatted: Indent: Left: 0 cm, Right: 0 cm, Adjust
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
space between Latin and Asian text, Adjust space
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
between Asian text and numbers
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Formatted: German (Germany)
Website: www.iso.orgwww.iso.org
Formatted: German (Germany)
Published in Switzerland
Formatted: Font: 10 pt
Formatted: Font: 10 pt
Formatted: Font: 11 pt
Formatted: FooterPageRomanNumber, Space After: 0
pt, Line spacing: single
iv © ISO #### /IEC 2026 – All rights reserved
iv
FDIS ISO/IEC FDIS 15408-3 (E:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Contents
Formatted: HeaderCentered, Left, Space After: 0 pt,
Line spacing: single
Foreword . xv
Formatted: Space Before: 48 pt
Introduction . xvi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Overview . 5
5 Assurance paradigm . 6
5.1 General. 6
5.2 CC approach . 6
5.3 Assurance approach. 6
5.4 CC evaluation assurance scale . 8
6 Security assurance components . 8
6.1 General. 8
6.2 Assurance class structure . 8
6.3 Assurance family structure . 9
6.4 Assurance component structure . 11
6.5 Assurance elements . 13
6.6 Component taxonomy . 13
7 Class APE Protection Profile (PP) evaluation . 14
7.1 General. 14
7.2 PP introduction (APE_INT) . 15
7.3 Conformance claims (APE_CCL) . 16
7.4 Security problem definition (APE_SPD) . 18
7.5 Security objectives (APE_OBJ) . 18
7.6 Extended components definition (APE_ECD) . 20
7.7 Security requirements (APE_REQ) . 21
8 Class ACE Protection Profile Configuration evaluation. 23
8.1 General. 23
8.2 PP-Module introduction (ACE_INT) . 26
8.3 PP-Module conformance claims (ACE_CCL) . 27
8.4 PP-Module security problem definition (ACE_SPD) . 29
8.5 PP-Module security objectives (ACE_OBJ). 29
8.6 PP-Module extended components definition (ACE_ECD) . 31
8.7 PP-Module security requirements (ACE_REQ) . 32
8.8 PP-Module consistency (ACE_MCO) . 34
8.9 PP-Configuration consistency (ACE_CCO) . 36
9 Class ASE Security Target (ST) evaluation . 39
9.1 General. 39
9.2 ST introduction (ASE_INT) . 42
9.3 Conformance claims (ASE_CCL) . 42
9.4 Security problem definition (ASE_SPD) . 44
Formatted: Font: 10 pt
9.5 Security objectives (ASE_OBJ) . 44
Formatted: Font: 10 pt
9.6 Extended components definition (ASE_ECD) . 46
9.7 Security requirements (ASE_REQ) . 47
Formatted: FooterCentered, Left, Line spacing: single
9.8 TOE summary specification (ASE_TSS) . 50
Formatted: Font: 11 pt
9.9 Consistency of composite product Security Target (ASE_COMP) . 51
Formatted: FooterPageRomanNumber, Left, Space
10 Class ADV Development . 53
After: 0 pt, Line spacing: single
v
ISO #####-#:####(X/IEC FDIS 15408-3:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
10.1 General. 53
Line spacing: single
10.2 Security architecture (ADV_ARC) . 62
10.3 Functional specification (ADV_FSP) . 64
10.4 Implementation representation (ADV_IMP) . 73
10.5 TSF internals (ADV_INT) . 76
10.6 Formal TSF model (ADV_SPM) . 79
10.7 TOE design (ADV_TDS) . 81
10.8 Composite design compliance (ADV_COMP) . 89
11 Class AGD guidance documents . 91
11.1 General. 91
11.2 Operational user guidance (AGD_OPE) . 92
11.3 Preparative procedures (AGD_PRE) . 94
12 Class ALC life cycle support . 95
12.1 General. 95
12.2 CM capabilities (ALC_CMC) . 100
12.3 CM scope (ALC_CMS) . 108
12.4 Delivery (ALC_DEL) . 114
12.5 Developer environment security (ALC_DVS) . 115
12.6 Flaw remediation (ALC_FLR) . 116
12.7 Development life cycle definition (ALC_LCD) . 120
12.8 TOE development artefacts (ALC_TDA) . 122
12.9 Tools and techniques (ALC_TAT) . 130
12.10 Integration of composition parts and consistency check of delivery procedures
(ALC_COMP) . 133
13 Class ATE Tests . 135
13.1 General. 135
13.2 Coverage (ATE_COV) . 138
13.3 Depth (ATE_DPT) . 140
13.4 Functional tests (ATE_FUN) . 144
13.5 Independent testing (ATE_IND) . 146
13.6 Composite functional testing (ATE_COMP) . 150
14 Class AVA Vulnerability assessment . 152
14.1 General. 152
14.2 Application notes . 153
14.3 Vulnerability analysis (AVA_VAN) . 154
14.4 Composite vulnerability assessment (AVA_COMP) . 159
15 Class ACO Composition . 161
15.1 General. 161
15.2 Composition rationale (ACO_COR) . 169
15.3 Development evidence (ACO_DEV) . 170
15.4 Reliance of dependent component (ACO_REL) . 174
15.5 Composed TOE testing (ACO_CTT) . 175
15.6 Composition vulnerability analysis (ACO_VUL) . 178
Annex A (informative) Development (ADV) . 183
Annex B (informative) Composition (ACO) . 209
Bibliography . 222 Formatted: Font: 10 pt
Formatted: Font: 10 pt
Formatted: Font: 11 pt
Introduction . xii
Formatted: FooterPageRomanNumber, Space After: 0
1 Scope . 1
pt, Line spacing: single
vi © ISO #### /IEC 2026 – All rights reserved
vi
FDIS ISO/IEC FDIS 15408-3 (E:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
2 Normative references . 1
Formatted: HeaderCentered, Left, Space After: 0 pt,
3 Terms and definitions . 1
Line spacing: single
4 Overview . 5
5 Assurance paradigm . 5
5.1 General. 5
5.2 CC approach . 5
5.3 Assurance approach. 6
5.3.1 General. 6
5.3.2 Significance of vulnerabilities . 6
5.3.3 Cause of vulnerabilities . 6
5.3.4 CC assurance . 7
5.3.5 Assurance through evaluation . 7
5.4 CC evaluation assurance scale . 7
6 Security assurance components . 7
6.1 General. 7
6.2 Assurance class structure . 8
6.2.1 General. 8
6.2.2 Class name . 8
6.2.3 Class introduction . 8
6.2.4 Class application notes . 8
6.2.5 Assurance families. 8
6.3 Assurance family structure . 8
6.3.1 General. 8
6.3.2 Family name. 9
6.3.3 Family objectives . 9
6.3.4 Component levelling . 9
6.3.5 Family application notes . 9
6.3.6 Assurance components . 9
6.4 Assurance component structure . 9
6.4.1 General. 9
6.4.2 Component name . 10
6.4.3 Component objectives . 10
6.4.4 Component application notes . 10
6.4.5 Component dependencies . 10
6.4.6 Assurance elements . 11
6.5 Assurance elements . 11
6.6 Component taxonomy . 12
7 Class APE Protection Profile (PP) evaluation . 12
7.1 General. 12
7.2 PP introduction (APE_INT) . 13
7.2.1 Objectives . 13
7.2.2 PP introduction (APE_INT.1) . 13
7.3 Conformance claims (APE_CCL) . 14
7.3.1 Objectives . 14
7.3.2 Conformance claims (APE_CCL.1) . 14
7.4 Security problem definition (APE_SPD) . 15 Formatted: Font: 10 pt
7.4.1 Objectives . 15
Formatted: Font: 10 pt
7.4.2 Security problem definition (APE_SPD.1) . 16
Formatted: FooterCentered, Left, Line spacing: single
7.5 Security objectives (APE_OBJ) . 16
7.5.1 Objectives . 16
Formatted: Font: 11 pt
7.5.2 Component levelling . 16
Formatted: FooterPageRomanNumber, Left, Space
7.5.3 Security objectives for the operational environment (APE_OBJ.1) . 16
After: 0 pt, Line spacing: single
vii
ISO #####-#:####(X/IEC FDIS 15408-3:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
7.5.4 Security objectives (APE_OBJ.2) . 17
Line spacing: single
7.6 Extended components definition (APE_ECD) . 18
7.6.1 Objectives . 18
7.6.2 Extended components definition (APE_ECD.1) . 18
7.7 Security requirements (APE_REQ) . 19
7.7.1 Objectives . 19
7.7.2 Component levelling . 19
7.7.3 Direct rationale security requirements (APE_REQ.1) . 19
7.7.4 Derived security requirements (APE_REQ.2) . 20
8 Class ACE Protection Profile Configuration evaluation. 21
8.1 General. 21
8.2 PP-Module introduction (ACE_INT) . 22
8.2.1 Objectives . 22
8.2.2 PP-Module introduction (ACE_INT.1) . 23
8.3 PP-Module conformance claims (ACE_CCL) . 23
8.3.1 Objectives . 23
8.3.2 PP-Module conformance claims (ACE_CCL.1) . 23
8.4 PP-Module security problem definition (ACE_SPD) . 25
8.4.1 Objectives . 25
8.4.2 PP-Module security problem definition (ACE_SPD.1) . 25
8.5 PP-Module security objectives (ACE_OBJ). 25
8.5.1 Objectives . 25
8.5.2 Component levelling . 25
8.5.3 PP-Module security objectives for the operational environment (ACE_OBJ.1) . 26
8.5.4 PP-Module security objectives (ACE_OBJ.2) . 26
8.6 PP-Module extended components definition (ACE_ECD) . 27
8.6.1 Objectives . 27
8.6.2 PP-Module extended components definition (ACE_ECD.1) . 27
8.7 PP-Module security requirements (ACE_REQ) . 28
8.7.1 Objectives . 28
8.7.2 Component levelling . 28
8.7.3 PP-Module direct rationale security requirements (ACE_REQ.1) . 28
8.7.4 PP-Module derived security requirements (ACE_REQ.2) . 29
8.8 PP-Module consistency (ACE_MCO) . 30
8.8.1 Objectives . 30
8.8.2 PP-Module consistency (ACE_MCO.1) . 30
8.9 PP-Configuration consistency (ACE_CCO) . 31
8.9.1 Objectives . 31
8.9.2 PP-Configuration consistency (ACE_CCO.1) . 31
9 Class ASE Security Target (ST) evaluation . 34
9.1 General. 34
9.2 ST introduction (ASE_INT) . 36
9.2.1 Objectives . 36
9.2.2 ST introduction (ASE_INT.1) . 36
9.3 Conformance claims (ASE_CCL) . 37
9.3.1 Objectives . 37
9.3.2 Conformance claims (ASE_CCL.1) . 37
9.4 Security problem definition (ASE_SPD) . 38
Formatted: Font: 10 pt
9.4.1 Objectives . 38
9.4.2 Security problem definition (ASE_SPD.1). 38
Formatted: Font: 10 pt
9.5 Security objectives (ASE_OBJ) . 39
Formatted: Font: 11 pt
9.5.1 Objectives . 39
Formatted: FooterPageRomanNumber, Space After: 0
9.5.2 Component levelling . 39
pt, Line spacing: single
viii © ISO #### /IEC 2026 – All rights reserved
viii
FDIS ISO/IEC FDIS 15408-3 (E:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
9.5.3 Security objectives for the operational environment (ASE_OBJ.1) . 39
Formatted: HeaderCentered, Left, Space After: 0 pt,
9.5.4 Security objectives (ASE_OBJ.2) . 40
Line spacing: single
9.6 Extended components definition (ASE_ECD) . 41
9.6.1 Objectives . 41
9.6.2 Extended components definition (ASE_ECD.1) . 41
9.7 Security requirements (ASE_REQ) . 41
9.7.1 Objectives . 41
9.7.2 Component levelling . 42
9.7.3 Direct rationale security requirements (ASE_REQ.1) . 42
9.7.4 Derived security requirements (ASE_REQ.2) . 43
9.8 TOE summary specification (ASE_TSS) . 44
9.8.1 Objectives . 44
9.8.2 Component levelling . 44
9.8.3 TOE summary specification (ASE_TSS.1) . 44
9.8.4 TOE summary specification with architectural design summary (ASE_TSS.2) . 45
9.9 Consistency of composite product Security Target (ASE_COMP) . 45
9.9.1 Objectives . 45
9.9.2 Component levelling . 45
9.9.3 Application notes . 46
9.9.4 Consistency of Security Target (ST) (ASE_COMP.1) . 47
10 Class ADV Development . 47
10.1 General. 47
10.2 Security architecture (ADV_ARC) . 53
10.2.1 Objectives . 53
10.2.2 Component levelling . 53
10.2.3 Application notes . 53
10.2.4 Security architecture description (ADV_ARC.1) . 54
10.3 Functional specification (ADV_FSP) . 55
10.3.1 Objectives . 55
10.3.2 Component levelling . 55
10.3.3 Application notes . 55
10.3.4 Basic functional specification (ADV_FSP.1) . 58
10.3.5 Security-enforcing functional specification (ADV_FSP.2) . 58
10.3.6 Functional specification with complete summary (ADV_FSP.3) . 59
10.3.7 Complete functional specification (ADV_FSP.4). 60
10.3.8 Complete semi-formal functional specification with additional error information
(ADV_FSP.5). 61
10.3.9 Complete semi-formal functional specification with additional formal specification
(ADV_FSP.6). 61
10.4 Implementation representation (ADV_IMP) . 62
10.4.1 Objectives . 62
10.4.2 Component levelling . 63
10.4.3 Application notes . 63
10.4.4 Implementation representation of the TSF (ADV_IMP.1). 64
10.4.5 Complete mapping of the implementation representation of the TSF (ADV_IMP.2) . 64
10.5 TSF internals (ADV_INT) . 65
10.5.1 Objectives . 65
Formatted: Font: 10 pt
10.5.2 Component levelling . 65
10.5.3 Application notes . 65
Formatted: Font: 10 pt
10.5.4 Well-structured subset of TSF internals (ADV_INT.1) . 66
Formatted: FooterCentered, Left, Line spacing: single
10.5.5 Well-structured internals (ADV_INT.2) .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...