A document statement prepared by a vendor that outlines the specific security capabilities of the product being evaluated.
A numerical rating from EAL1 to EAL7 that reflects the depth and rigor of the evaluation process. Understanding Evaluation Assurance Levels (EAL)
The vendor hires an accredited, independent Common Criteria Testing Laboratory (CCTL). The lab inspects the source code, examines development pipelines, runs penetration tests, and runs vulnerability assessments to confirm the ST claims are accurate. 3. Certification and Oversight iso iec 15408 pdf
ISO/IEC 15408 is formally known as the "Common Criteria for Information Technology Security Evaluation" (often abbreviated as "CC"). It is an international standard that provides a structured and universally recognized set of tools for evaluating the security of an IT product or system.
This lists the from EAL1 to EAL7.
ISO/IEC 15408 is the cornerstone of IT product security certification. By understanding the standard, organizations can ensure that their products meet strict, internationally recognized security requirements, fostering trust and security in an interconnected world. Whether you are a developer preparing for certification or a buyer looking to secure your infrastructure, the Common Criteria framework is an indispensable tool.
– Includes standard security assurance packages and Evaluation Assurance Levels (EALs) . Key Concepts in Evaluation A document statement prepared by a vendor that
Essentially, it moves security from "take our word for it" to "here is the verified proof." The Components of the ISO/IEC 15408 PDF