ISO/IEC FDIS 15408-2
(Main)Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 2: Security functional components
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 2: Security functional components
This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that meets the common security functionality requirements of many IT products.
Sécurité de l'information, cybersécurité et protection de la vie privée — Critères d'évaluation pour la sécurité des technologies de l'information — Partie 2: Composants fonctionnels de sécurité
General Information
- Status
- Not Published
- Current Stage
- 5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
- Start Date
- 02-Feb-2026
- Completion Date
- 02-Feb-2026
Relations
- Effective Date
- 09-Feb-2026
- Effective Date
- 12-Feb-2026
- Effective Date
- 28-Oct-2023
Overview
ISO/IEC FDIS 15408-2: Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 2: Security functional components is an international standard developed by ISO. This document is a crucial part of the ISO/IEC 15408 series, often known as the Common Criteria, and focuses on establishing the required structure and content of security functional components for information technology (IT) security evaluations. These components are essential for defining the security functionality required for a wide variety of IT products and systems.
By providing a comprehensive catalogue of security functional components, ISO/IEC FDIS 15408-2 enables organizations, developers, and security evaluators to consistently specify, implement, and assess the security features of IT products.
Key Topics
- Structure of Security Functional Components: Outlines the organization and systematic categorization of security functional components, ensuring clarity and consistency during evaluation.
- Functional Requirement Paradigm: Introduces the underlying paradigm for defining and interpreting security functional requirements, which is critical for effective implementation and assessment.
- Component Catalogue: Presents a detailed list of security functionality that addresses common needs, including:
- Security audit
- Cryptographic support
- User data protection
- Identification and authentication
- Security management
- Privacy
- Protection of the security functions themselves (TSF Protection)
- Component and Class Structure: Explains the hierarchical arrangement from broad classes down to individual components and elements, providing a well-defined framework for IT security requirements.
- Guidelines for Use: Offers recommendations on selecting and applying components relevant to particular IT systems and security objectives.
Applications
Implementing ISO/IEC FDIS 15408-2 delivers significant value across different sectors and use cases:
- Security Evaluation and Certification: Used as a key reference in evaluating products against international benchmarks, supporting the Common Criteria certification process.
- Product Development: Assists IT and cybersecurity product developers in specifying and designing robust security features based on standardized functional requirements.
- Procurement: Enables governmental bodies and enterprises to set clear, internationally recognized security requirements when acquiring IT solutions.
- Risk Management: Supports organizations in identifying and mitigating risks by ensuring products meet defined security functionality.
- Regulatory Compliance: Facilitates adherence to international security best practices and regulatory mandates, especially where certification or benchmarked assurance levels are required.
Common application domains include operating systems, network devices, smart cards, security appliances, and cloud services.
Related Standards
ISO/IEC FDIS 15408-2 is closely related to several other international standards in IT security, including:
- ISO/IEC 15408-1: Concepts and principles for security evaluation.
- ISO/IEC 15408-3: Security assurance components.
- ISO/IEC 18045: Methodology for the evaluation of IT security.
- ISO/IEC 27001 / 27002: Information security management systems and best practices.
- ISO/IEC 19790: Security requirements for cryptographic modules.
These standards collectively establish a comprehensive toolkit for security specification, implementation, and evaluation in line with global cybersecurity and privacy protection requirements.
By leveraging ISO/IEC FDIS 15408-2, organizations can ensure their IT products align with internationally recognized security criteria, enhancing trust, interoperability, and compliance across markets.
Buy Documents
ISO/IEC FDIS 15408-2 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 2: Security functional components Released:19. 01. 2026
REDLINE ISO/IEC FDIS 15408-2 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 2: Security functional components Released:19. 01. 2026
Get Certified
Connect with accredited certification bodies for this standard
BSI Group
BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.
Bureau Veritas
Bureau Veritas is a world leader in laboratory testing, inspection and certification services.
DNV
DNV is an independent assurance and risk management provider.
Sponsored listings
Frequently Asked Questions
ISO/IEC FDIS 15408-2 is a draft published by the International Organization for Standardization (ISO). Its full title is "Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 2: Security functional components". This standard covers: This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that meets the common security functionality requirements of many IT products.
This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that meets the common security functionality requirements of many IT products.
ISO/IEC FDIS 15408-2 is classified under the following ICS (International Classification for Standards) categories: 35.030 - IT Security. The ICS classification helps identify the subject area and facilitates finding related standards.
ISO/IEC FDIS 15408-2 has the following relationships with other standards: It is inter standard links to EN ISO/IEC 19896-3:2025, FprEN ISO/IEC 15408-2, ISO/IEC 15408-2:2022. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
ISO/IEC FDIS 15408-2 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.
Standards Content (Sample)
FINAL DRAFT
International
Standard
ISO/IEC
FDIS
15408-2
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2026-02-02
Part 2:
Voting terminates on:
2026-03-30
Security functional components
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 2: Composants fonctionnels de sécurité
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
ISO/IEC FDIS 154082:2026(en) © ISO/IEC 2026
FINAL DRAFT
International
Standard
ISO/IEC
FDIS
15408-2
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
Part 2:
Voting terminates on:
Security functional components
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 2: Composants fonctionnels de sécurité
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO/IEC 2026
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ISO/IEC FDIS 154082:2026(en) © ISO/IEC 2026
© ISO/IEC 2026 – All rights reserved
ii
Contents Page
Foreword . xv
Introduction . xvi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Overview . 4
5.1 General .4
5.2 Organization of this document . .5
6 Functional requirements paradigm . . 5
7 Security functional components . 8
7.1 Overview .8
7.2 Functional class structure .9
7.2.1 General .9
7.2.2 Class name .9
7.2.3 Class introduction .9
7.2.4 Class informative notes .9
7.2.5 Functional families .9
7.3 Functional family structure .9
7.3.1 General .9
7.3.2 Family name .10
7.3.3 Family Behaviour .10
7.3.4 Component levelling and description .10
7.3.5 Component management .10
7.3.6 Component audit .11
7.3.7 Family application notes .11
7.3.8 Family evaluator notes.11
7.3.9 Functional components .11
7.4 Functional component structure . 12
7.4.1 General . 12
7.4.2 Component name . 12
7.4.3 Component relationships . 12
7.4.4 Component rationale . 13
7.4.5 Component notes . . 13
7.4.6 Functional elements . 13
7.5 Functional elements. 13
7.6 Component catalogue .14
7.6.1 General .14
7.6.2 Highlighting of component changes . 15
8 Class FAU Security audit .15
8.1 Introduction . 15
8.2 Notes on class FAU .17
8.2.1 General information about audit requirements .17
8.2.2 Audit requirements in a distributed environment .17
8.3 Security audit automatic response (FAU_ARP) .18
8.3.1 Family Behaviour .18
8.3.2 Component levelling and description .18
8.3.3 Component management .18
8.3.4 Component audit .18
8.3.5 Application notes .18
8.3.6 FAU_ARP.1 Security alarms .19
8.4 Security audit data generation (FAU_GEN) .19
© ISO/IEC 2026 – All rights reserved
iii
8.4.1 Family Behaviour .19
8.4.2 Component levelling and description .19
8.4.3 Component management .19
8.4.4 Component audit . 20
8.4.5 Application notes . 20
8.4.6 Evaluator notes .21
8.4.7 FAU_GEN.1 Audit data generation .21
8.4.8 FAU_GEN.2 User identity association . 22
8.5 Security audit analysis (FAU_SAA) . 23
8.5.1 Family Behaviour . 23
8.5.2 Component levelling and description . 23
8.5.3 Component management . 23
8.5.4 Component audit .24
8.5.5 Application notes .24
8.5.6 FAU_SAA.1 Potential violation analysis .24
8.5.7 FAU_SAA.2 Profile based anomaly detection . 25
8.5.8 FAU_SAA.3 Simple attack heuristics . 26
8.5.9 FAU_SAA.4 Complex attack heuristics .27
8.6 Security audit review (FAU_SAR) . 29
8.6.1 Family Behaviour . 29
8.6.2 Component levelling and description . 29
8.6.3 Component management . 29
8.6.4 Component audit . 30
8.6.5 Application notes . 30
8.6.6 FAU_SAR.1 Audit review . 30
8.6.7 FAU_SAR.2 Restricted audit review .31
8.6.8 FAU_SAR.3 Selectable audit review .31
8.7 Security audit event selection (FAU_SEL) .32
8.7.1 Family Behaviour .32
8.7.2 Component levelling and description .32
8.7.3 Component management .32
8.7.4 Component audit .32
8.7.5 Application notes .32
8.7.6 FAU_SEL.1 Selective audit . 33
8.8 Security audit data storage (FAU_STG) . 33
8.8.1 Family Behaviour . 33
8.8.2 Component levelling and description . 33
8.8.3 Component management . 34
8.8.4 Component audit . 35
8.8.5 Application notes . 35
8.8.6 FAU_STG.1 Audit data storage location . 35
8.8.7 FAU_STG.2 Protected audit data storage . 36
8.8.8 FAU_STG.3 Guarantees of audit data availability . 36
8.8.9 FAU_STG.4 Action in case of possible audit data loss .37
8.8.10 FAU_STG.5 Prevention of audit data loss . 38
9 Class FCO Communication .38
9.1 Introduction . 38
9.2 Notes on class FCO . . 39
9.3 Non-repudiation of origin (FCO_NRO) . 39
9.3.1 Family Behaviour . 39
9.3.2 Component levelling and description . 39
9.3.3 Component management . 40
9.3.4 Component audit . 40
9.3.5 Application notes . 40
9.3.6 FCO_NRO.1 Selective proof of origin .41
9.3.7 FCO_NRO.2 Enforced proof of origin .42
9.4 Non-repudiation of receipt (FCO_NRR) .42
9.4.1 Family Behaviour .42
© ISO/IEC 2026 – All rights reserved
iv
9.4.2 Component levelling and description .43
9.4.3 Component management .43
9.4.4 Component audit .43
9.4.5 Application notes .43
9.4.6 FCO_NRR.1 Selective proof of receipt . 44
9.4.7 FCO_NRR.2 Enforced proof of receipt .45
10 Class FCS Cryptographic support .46
10.1 Introduction . 46
10.2 Notes on class FCS . 48
10.3 Cryptographic key management (FCS_CKM) . 50
10.3.1 Family Behaviour . 50
10.3.2 Component levelling and description . 50
10.3.3 Component management .51
10.3.4 Component audit .51
10.3.5 Application notes .51
10.3.6 Evaluator notes .52
10.3.7 FCS_CKM.1 Cryptographic key generation .52
10.3.8 FCS_CKM.2 Cryptographic key distribution . 53
10.3.9 FCS_CKM.3 Cryptographic key access . 53
10.3.10 FCS_CKM.5 Cryptographic key derivation . 54
10.3.11 FCS_CKM.6 Timing and event of cryptographic key destruction . 55
10.4 Cryptographic operation (FCS_COP) . 56
10.4.1 Family Behaviour . 56
10.4.2 Component levelling and description . 56
10.4.3 Component management . 56
10.4.4 Component audit . 56
10.4.5 Application notes . 56
10.4.6 FCS_COP.1 Cryptographic operation .57
10.5 Random bit generation (FCS_RBG) . 58
10.5.1 Family Behaviour . 58
10.5.2 Component levelling and description . 58
10.5.3 Component management .59
10.5.4 Component audit .59
10.5.5 Application notes .59
10.5.6 FCS_RBG.1 Random bit generation (RBG) .59
10.5.7 FCS_RBG.2 Random bit generation (external seeding) .61
10.5.8 FCS_RBG.3 Random bit generation (internal seeding - single source) .61
10.5.9 FCS_RBG.4 Random bit generation (internal seeding - multiple sources) .62
10.5.10 FCS_RBG.5 Random bit generation (combining entropy sources) .62
10.5.11 FCS_RBG.6 Random bit generation service . 63
10.6 Generation of random numbers (FCS_RNG) . 63
10.6.1 Family Behaviour . 63
10.6.2 Component levelling and description . 64
10.6.3 Component management . 64
10.6.4 Component audit . 64
10.6.5 Application notes . 64
10.6.6 FCS_RNG.1 Random number generation . 64
11 Class FDP User data protection .66
11.1 Introduction . 66
11.2 Notes on class FDP . 69
11.3 Access control policy (FDP_ACC) .71
11.3.1 Family Behaviour .71
11.3.2 Component levelling and description . 72
11.3.3 Component management . 72
11.3.4 Component audit . 72
11.3.5 Application notes . 72
11.3.6 FDP_ACC.1 Subset access control . 73
11.3.7 FDP_ACC.2 Complete access control . 73
© ISO/IEC 2026 – All rights reserved
v
11.4 Access control functions (FDP_ACF) .74
11.4.1 Family Behaviour .74
11.4.2 Component levelling and description .74
11.4.3 Component management .74
11.4.4 Component audit . 75
11.4.5 Application notes . 75
11.4.6 FDP_ACF.1 Security attribute-based access control . 75
11.5 Data authentication (FDP_DAU) . 77
11.5.1 Family Behaviour . 77
11.5.2 Component levelling and description . 77
11.5.3 Component management . 77
11.5.4 Component audit . 77
11.5.5 Application notes . 78
11.5.6 FDP_DAU.1 Basic Data Authentication . 78
11.5.7 FDP_DAU.2 Data Authentication with Identity of Guarantor . 78
11.6 Export from the TOE (FDP_ETC) . 79
11.6.1 Family Behaviour . 79
11.6.2 Component levelling and description . 79
11.6.3 Component management . 80
11.6.4 Component audit . 80
11.6.5 Application notes . 80
11.6.6 FDP_ETC.1 Export of user data without security attributes . 80
11.6.7 FDP_ETC.2 Export of user data with security attributes . 81
11.7 Information flow control policy (FDP_IFC) . 82
11.7.1 Family Behaviour . 82
11.7.2 Component levelling and description . 82
11.7.3 Component management . 82
11.7.4 Component audit . 82
11.7.5 Application notes . 82
11.7.6 FDP_IFC.1 Subset information flow control. 83
11.7.7 FDP_IFC.2 Complete information flow control . 84
11.8 Information flow control functions (FDP_IFF) . 85
11.8.1 Family Behaviour . 85
11.8.2 Component levelling and description . 85
11.8.3 Component management . 86
11.8.4 Component audit . 86
11.8.5 Application notes . 86
11.8.6 FDP_IFF.1 Simple security attributes . 87
11.8.7 FDP_IFF.2 Hierarchical security attributes . 88
11.8.8 FDP_IFF.3 Limited illicit information flows. 90
11.8.9 FDP_IFF.4 Partial elimination of illicit information flows .91
11.8.10 FDP_IFF.5 No illicit information flows .91
11.8.11 FDP_IFF.6 Illicit information flow monitoring . 92
11.9 Information retention control (FDP_IRC) . 92
11.9.1 Family Behaviour . 92
11.9.2 Component levelling and description . 93
11.9.3 Component management . 93
11.9.4 Component audit . 93
11.9.5 Application notes . 93
11.9.6 FDP_IRC.1 Information retention control . 94
11.10 Import from outside of the TOE (FDP_ITC) . 94
11.10.1 Family Behaviour . 94
11.10.2 Component levelling and description . 94
11.10.3 Component management . 95
11.10.4 Component audit . 95
11.10.5 Application notes . 95
11.10.6 FDP_ITC.1 Import of user data without security attributes . 96
11.10.7 FDP_ITC.2 Import of user data with security attributes . 97
11.11 Internal TOE transfer (FDP_ITT) . 98
© ISO/IEC 2026 –
...
Style Definition
...
Style Definition
...
Style Definition
1 FDIS ISO/IEC FDIS 15408-2(E) .
Style Definition
...
2 ISO/IEC JTC 1/SC 27/WG 3
Style Definition
...
Style Definition
3 Secretariat: DIN .
Style Definition
...
4 Date: 2025-10-242026-01-19
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
5 Information security, cybersecurity and privacy protection — .
Style Definition
6 Evaluation criteria for IT security — — .
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
7 Part 2:
Style Definition
...
8 Security functional components
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
10 Sécurité de l'information, cybersécurité et protection de la vie privée — Critères d'évaluation pour la
Style Definition
...
11 sécurité des technologies de l'information —
Style Definition
...
12 Partie 2: Composants fonctionnels de sécurité Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
TTTTTThhhhhhiiiiiissssss d d d d d drrrrrraftaftaftaftaftaft i i i i i issssss s s s s s suuuuuubbbbbbmmmmmmiiiiiittttttttttttedededededed t t t t t toooooo a pa pa pa pa pa pararararararallel vallel vallel vallel vallel vallel vooooootttttte e e e e e iiiiiinnnnnn I I I I I ISSSSSSOOOOOO,,,,,, C C C C C CEEEEEENNNNNN.
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
ISO #####-#:####(X)
Formatted: release-version, Left, Indent: Left: 0 cm,
Right: 0 cm, Border: Top: (No border), Bottom: (No
border), Left: (No border), Right: (No border)
13 FDIS stage
15 Warning for WDs and CDs
16 This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
17 change without notice and may not be referred to as an International Standard.
18 Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
19 which they are aware and to provide supporting documentation.
22 A model document of an International Standard (the Model International Standard) is available at:
23 https://www.iso.org/drafting-standards.html
2 © ISO #### – All rights reserved
Formatted: Font: Bold
ISO #####-#:####(X/IEC FDIS 15408-2:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
© ISO/IEC 2026
Line spacing: single
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
Formatted: Indent: Left: 0 cm, Right: 0 cm, Adjust
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
space between Latin and Asian text, Adjust space
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
between Asian text and numbers
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Formatted: German (Germany)
Website: www.iso.orgwww.iso.org
Formatted: German (Germany)
Published in Switzerland
Formatted: Font: 10 pt
Formatted: Font: 10 pt
Formatted: Font: 11 pt
Formatted: FooterPageRomanNumber, Space After: 0
pt, Line spacing: single
iv © ISO #### /IEC 2026 – All rights reserved
iv
FDISISO/IEC FDIS 15408-2(E:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Contents
Formatted: HeaderCentered, Left, Space After: 0 pt,
Line spacing: single
Foreword . xxi
Formatted: Space Before: 48 pt
Introduction . xxiii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Overview . 6
5.1 General. 6
5.2 Organization of this document . 6
6 Functional requirements paradigm . 7
7 Security functional components . 11
7.1 Overview . 11
7.2 Functional class structure . 11
7.3 Functional family structure . 12
7.4 Functional component structure . 15
7.5 Functional elements . 17
7.6 Component catalogue . 18
8 Class FAU Security audit . 20
8.1 Introduction . 20
8.2 Notes on class FAU . 24
8.3 Security audit automatic response (FAU_ARP) . 25
8.4 Security audit data generation (FAU_GEN) . 26
8.5 Security audit analysis (FAU_SAA) . 31
8.6 Security audit review (FAU_SAR) . 38
8.7 Security audit event selection (FAU_SEL) . 42
8.8 Security audit data storage (FAU_STG) . 44
9 Class FCO Communication . 50
9.1 Introduction . 50
9.2 Notes on class FCO . 50
9.3 Non-repudiation of origin (FCO_NRO) . 51
9.4 Non-repudiation of receipt (FCO_NRR) . 55
10 Class FCS Cryptographic support . 59
10.1 Introduction . 59
10.2 Notes on class FCS . 63
10.3 Cryptographic key management (FCS_CKM) . 65
10.4 Cryptographic operation (FCS_COP) . 73
10.5 Random bit generation (FCS_RBG) . 76
10.6 Generation of random numbers (FCS_RNG) . 83
11 Class FDP User data protection . 86
11.1 Introduction . 86
Formatted: Font: 10 pt
11.2 Notes on class FDP . 92
Formatted: Font: 10 pt
11.3 Access control policy (FDP_ACC) . 95
11.4 Access control functions (FDP_ACF) . 98
Formatted: FooterCentered, Left, Line spacing: single
11.5 Data authentication (FDP_DAU) . 101
Formatted: Font: 11 pt
11.6 Export from the TOE (FDP_ETC) . 104
Formatted: FooterPageRomanNumber, Left, Space
11.7 Information flow control policy (FDP_IFC) . 107
After: 0 pt, Line spacing: single
v
ISO #####-#:####(X/IEC FDIS 15408-2:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
11.8 Information flow control functions (FDP_IFF) . 110
Line spacing: single
11.9 Information retention control (FDP_IRC) . 119
11.10 Import from outside of the TOE (FDP_ITC) . 122
11.11 Internal TOE transfer (FDP_ITT) . 126
11.12 Residual information protection (FDP_RIP) . 133
11.13 Rollback (FDP_ROL) . 136
11.14 Stored data confidentiality (FDP_SDC) . 139
11.15 Stored data integrity (FDP_SDI) . 141
11.16 Inter-TSF user data confidentiality transfer protection (FDP_UCT) . 144
11.17 Inter-TSF user data integrity transfer protection (FDP_UIT) . 146
12 Class FIA Identification and authentication . 150
12.1 Introduction . 150
12.2 Notes on class FIA . 153
12.3 Authentication failures (FIA_AFL) . 154
12.4 Authentication proof of identity (FIA_API) . 157
12.5 User attribute definition (FIA_ATD) . 158
12.6 Specification of secrets (FIA_SOS) . 160
12.7 User authentication (FIA_UAU) . 163
12.8 User identification (FIA_UID) . 171
12.9 User-subject binding (FIA_USB) . 173
13 Class FMT Security management . 175
13.1 Introduction . 175
13.2 Notes on class FMT . 179
13.3 Limited capabilities and availability (FMT_LIM) . 179
13.4 Management of functions in TSF (FMT_MOF) . 182
13.5 Management of security attributes (FMT_MSA) . 184
13.6 Management of TSF data (FMT_MTD) . 189
13.7 Revocation (FMT_REV) . 193
13.8 Security attribute expiration (FMT_SAE) . 195
13.9 Specification of Management Functions (FMT_SMF) . 196
13.10 Security management roles (FMT_SMR) . 198
14 Class FPR Privacy . 202
14.1 Introduction . 202
14.2 Notes on class FPR . 203
14.3 Anonymity (FPR_ANO) . 204
14.4 Pseudonymity (FPR_PSE) . 207
14.5 Unlinkability (FPR_UNL) . 213
14.6 Unobservability (FPR_UNO) . 216
15 Class FPT Protection of the TSF . 221
15.1 Introduction . 221
15.2 Notes on class FPT . 227
15.3 TOE emanation (FPT_EMS) . 228
15.4 Fail secure (FPT_FLS). 230
15.5 TSF initialization (FPT_INI) . 231
15.6 Availability of exported TSF data (FPT_ITA) . 233
15.7 Confidentiality of exported TSF data (FPT_ITC) . 234
15.8 Integrity of exported TSF data (FPT_ITI). 236
Formatted: Font: 10 pt
15.9 Internal TOE TSF data transfer (FPT_ITT) . 239
15.10 TSF physical protection (FPT_PHP) . 243
Formatted: Font: 10 pt
15.11 Trusted recovery (FPT_RCV) . 247
Formatted: Font: 11 pt
15.12 Replay detection (FPT_RPL) . 253
Formatted: FooterPageRomanNumber, Space After: 0
15.13 State synchrony protocol (FPT_SSP) . 254
pt, Line spacing: single
vi © ISO #### /IEC 2026 – All rights reserved
vi
FDISISO/IEC FDIS 15408-2(E:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
15.14 Time stamps (FPT_STM) . 257
Formatted: HeaderCentered, Left, Space After: 0 pt,
15.15 Inter-TSF TSF data consistency (FPT_TDC) . 259
Line spacing: single
15.16 Testing of external entities (FPT_TEE) . 261
15.17 Internal TOE TSF data replication consistency (FPT_TRC) . 263
15.18 TSF self-test (FPT_TST) . 265
16 Class FRU Resource utilization. 268
16.1 Introduction . 268
16.2 Notes on class FRU . 269
16.3 Fault tolerance (FRU_FLT) . 269
16.4 Priority of service (FRU_PRS) . 271
16.5 Resource allocation (FRU_RSA) . 273
17 Class FTA TOE access . 277
17.1 Introduction . 277
17.2 Notes on class FTA . 279
17.3 Limitation on scope of selectable attributes (FTA_LSA) . 280
17.4 Limitation on multiple concurrent sessions (FTA_MCS) . 282
17.5 Session locking and termination (FTA_SSL) . 284
17.6 TOE access banners (FTA_TAB) . 289
17.7 TOE access history (FTA_TAH) . 290
17.8 TOE session establishment (FTA_TSE) . 292
18 Class FTP Trusted path/channels . 294
18.1 Introduction . 294
18.2 Notes on class FTP . 296
18.3 Inter-TSF trusted channel (FTP_ITC) . 296
18.4 Trusted channel protocol (FTP_PRO) . 298
18.5 Trusted path (FTP_TRP) . 304
Bibliography . 307
Introduction . xviii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Overview . 4
5.1 General. 4
5.2 Organization of this document . 4
6 Functional requirements paradigm . 5
7 Security functional components . 8
7.1 Overview . 8
7.2 Functional class structure . 8
7.2.1 General. 8
7.2.2 Class name . 9
Formatted: Font: 10 pt
7.2.3 Class introduction . 9
Formatted: Font: 10 pt
7.2.4 Class informative notes . 9
7.2.5 Functional families . 9
Formatted: FooterCentered, Left, Line spacing: single
7.3 Functional family structure . 9
Formatted: Font: 11 pt
7.3.1 General. 9
Formatted: FooterPageRomanNumber, Left, Space
7.3.2 Family name. 10
After: 0 pt, Line spacing: single
vii
ISO #####-#:####(X/IEC FDIS 15408-2:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
7.3.3 Family behaviour . 10
Line spacing: single
7.3.4 Component levelling and description . 10
7.3.5 Component management . 10
7.3.6 Component audit . 11
7.3.7 Family application notes . 11
7.3.8 Family evaluator notes . 11
7.3.9 Functional components . 11
7.4 Functional component structure . 12
7.4.1 General. 12
7.4.2 Component name . 12
7.4.3 Component relationships. 12
7.4.4 Component rationale . 13
7.4.5 Component notes . 13
7.4.6 Functional elements . 13
7.5 Functional elements . 13
7.6 Component catalogue . 14
7.6.1 General. 14
7.6.2 Highlighting of component changes . 15
8 Class FAU Security audit . 15
8.1 Introduction . 15
8.2 Notes on class FAU . 17
8.2.1 General information about audit requirements . 17
8.2.2 Audit requirements in a distributed environment . 17
8.3 Security audit automatic response (FAU_ARP) . 18
8.3.1 Family Behaviour . 18
8.3.2 Component levelling and description . 18
8.3.3 Component management . 18
8.3.4 Component audit . 18
8.3.5 Application notes . 18
8.3.6 FAU_ARP.1 Security alarms . 19
8.4 Security audit data generation (FAU_GEN) . 19
8.4.1 Family Behaviour . 19
8.4.2 Component levelling and description . 19
8.4.3 Component management . 19
8.4.4 Component audit . 19
8.4.5 Application notes . 20
8.4.6 Evaluator notes . 21
8.4.7 FAU_GEN.1 Audit data generation . 21
8.4.8 FAU_GEN.2 User identity association . 22
8.5 Security audit analysis (FAU_SAA) . 22
8.5.1 Family Behaviour . 22
8.5.2 Component levelling and description . 23
8.5.3 Component management . 23
8.5.4 Component audit . 24
8.5.5 Application notes . 24
8.5.6 FAU_SAA.1 Potential violation analysis . 24
8.5.7 FAU_SAA.2 Profile based anomaly detection . 24
8.5.8 FAU_SAA.3 Simple attack heuristics . 26
8.5.9 FAU_SAA.4 Complex attack heuristics . 27
Formatted: Font: 10 pt
8.6 Security audit review (FAU_SAR) . 29
Formatted: Font: 10 pt
8.6.1 Family Behaviour . 29
Formatted: Font: 11 pt
8.6.2 Component levelling and description . 29
8.6.3 Component management . 29
Formatted: FooterPageRomanNumber, Space After: 0
8.6.4 Component audit . 29
pt, Line spacing: single
viii © ISO #### /IEC 2026 – All rights reserved
viii
FDISISO/IEC FDIS 15408-2(E:2026(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
8.6.5 Application notes . 29
Formatted: HeaderCentered, Left, Space After: 0 pt,
8.6.6 FAU_SAR.1 Audit review . 30
Line spacing: single
8.6.7 FAU_SAR.2 Restricted audit review . 30
8.6.8 FAU_SAR.3 Selectable audit review . 31
8.7 Security audit event selection (FAU_SEL) . 31
8.7.1 Family Behaviour . 31
8.7.2 Component levelling and description . 31
8.7.3 Component management . 32
8.7.4 Component audit . 32
8.7.5 Application notes . 32
8.7.6 FAU_SEL.1 Selective audit . 32
8.8 Security audit data storage (FAU_STG) . 33
8.8.1 Family Behaviour . 33
8.8.2 Component levelling and description . 33
8.8.3 Component management . 33
8.8.4 Component audit . 34
8.8.5 Application notes . 34
8.8.6 FAU_STG.1 Audit data storage location . 34
8.8.7 FAU_STG.2 Protected audit data storage . 35
8.8.8 FAU_STG.3 Guarantees of audit data availability . 35
8.8.9 FAU_STG.4 Action in case of possible audit data loss . 36
8.8.10 FAU_STG.5 Prevention of audit data loss . 36
9 Class FCO Communication . 37
9.1 Introduction . 37
9.2 Notes on class FCO . 38
9.3 Non-repudiation of origin (FCO_NRO) . 38
9.3.1 Family Behaviour . 38
9.3.2 Component levelling and description . 38
9.3.3 Component management . 38
9.3.4 Component audit . 39
9.3.5 Application notes . 39
9.3.6 FCO_NRO.1 Selective proof of origin . 40
9.3.7 FCO_NRO.2 Enforced proof of origin . 41
9.4 Non-repudiation of receipt (FCO_NRR) . 41
9.4.1 Family Behaviour . 41
9.4.2 Component levelling and description . 41
9.4.3 Component management . 42
9.4.4 Component audit . 42
9.4.5 Application notes . 42
9.4.6 FCO_NRR.1 Selective proof of receipt. 43
9.4.7 FCO_NRR.2 Enforced proof of receipt . 44
10 Class FCS Cryptographic support . 45
10.1 Introduction . 45
10.2 Notes on class FCS . 47
10.3 Cryptographic key management (FCS_CKM) . 48
10.3.1 Family Behaviour . 48
10.3.2 Component levelling and description . 49
Formatted: Font: 10 pt
10.3.3 Component management . 49
Formatted: Font: 10 pt
10.3.4 Component audit . 50
10.3.5 Application notes .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...