ISO/IEC 15408, universally known as the Common Criteria (CC)
: Vendor-specific documents that describe how a particular product meets the requirements defined in a PP or its own unique security goals.
When working with the PDF, always check the version number. The standard undergoes periodic revisions (such as the transition from version 3.1 to version 4.0/ISO updates) to address emerging cybersecurity threats and modern technology landscapes. iso iec 15408 pdf
As SecureCode's reputation for secure software development grew, so did their market share. The company's success story was featured in industry publications, and they were approached by other organizations seeking guidance on implementing the ISO/IEC 15408 standard.
If you finally open a , the table of contents can be intimidating. Here is a plain-English breakdown of the critical sections you should bookmark. ISO/IEC 15408, universally known as the Common Criteria
Every security requirement must be traced back to a specific threat or objective.
Choose a level (from EAL1 to EAL7) that represents the depth and rigor of the evaluation. 4. Drafting Best Practices Here is a plain-English breakdown of the critical
The text was not like the rest of the standard. It didn't describe access controls or cryptographic modules. It described a vulnerability in the very act of certification . A flaw in the Common Criteria's own logic model: any system that perfectly proves its own security, it argued, contains a Gödelian trap door—a statement that reads "This system cannot be proven secure within the rules of this standard."