ISO/IEC 15408-5:2022
(Main)Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 5: Pre-defined packages of security requirements
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 5: Pre-defined packages of security requirements
This document provides packages of security assurance and security functional requirements that have been identified as useful in support of common usage by stakeholders. EXAMPLE Examples of provided packages include the evaluation assurance levels (EAL) and the composed assurance packages (CAPs). This document presents: — evaluation assurance level (EAL) family of packages that specify pre-defined sets of security assurance components that may be referenced in PPs and STs and which specify appropriate security assurances to be provided during an evaluation of a target of evaluation (TOE); — composition assurance (CAP) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during an evaluation of composed TOEs; — composite product (COMP) package that specifies a set of security assurance components used for specifying appropriate security assurances to be provided during an evaluation of a composite product TOEs; — protection profile assurance (PPA) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during a protection profile evaluation; — security target assurance (STA) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during a security target evaluation. The users of this document can include consumers, developers, and evaluators of secure IT products.
Sécurité de l'information, cybersécurité et protection de la vie privée — Critères d'évaluation pour la sécurité des technologies de l'information — Partie 5: Paquets prédéfinis d'exigences de sécurité
General Information
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 15408-5
First edition
2022-08
Information security, cybersecurity
and privacy protection — Evaluation
criteria for IT security —
Part 5:
Pre-defined packages of security
requirements
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 5: Paquets prédéfinis d'exigences de sécurité
Reference number
ISO/IEC 15408-5:2022(E)
© ISO/IEC 2022
---------------------- Page: 1 ----------------------
ISO/IEC 15408-5:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2022 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 15408-5:2022(E)
Contents Page
Foreword .v
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Evaluation assurance levels .2
4.1 Family name . 2
4.2 Evaluation assurance level overview . 2
4.2.1 General . 2
4.2.2 Relationship between assurances and assurance levels . 2
4.3 Evaluation assurance level objectives . 4
4.4 Evaluation assurance levels . 5
4.4.1 General . 5
4.4.2 Evaluation assurance level 1 (EAL1) — Functionally tested . 5
4.4.3 Evaluation assurance level 2 (EAL2) — Structurally tested . 6
4.4.4 Evaluation assurance level 3 (EAL3) — Methodically tested and checked . 7
4.4.5 Evaluation assurance level 4 (EAL4) — Methodically designed, tested and
reviewed . 9
4.4.6 Evaluation assurance level 5 (EAL5) — Semi-formally verified designed
and tested . 10
4.4.7 Evaluation assurance level 6 (EAL6) — Semi-formally verified design and
tested .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.