ISO 15408 Common Criteria for Information Technology Security Evaluation

The standard allows to create tasks on security — the unified documents using which a computer system can state requirements to security of a product, developers can declare properties of security of the product, experts in security — to define whether satisfies a product to these statements, and consumers to estimate whether the product is suitable for their computer systems. Thus, the standard provides conditions in which process of the description, developments and checks of a product on requirements for security is made with necessary scrupulousness.

The procedure of certification provided by ISO 15408 has two important differences from other types of conformity assessment. First, in difference, for example, from certification on compliance to specifications, the developer of the certified product is obliged not only to declare safety features of the solution, but also to prove sufficiency of these functions for counteraction to threats, characteristic of those conditions in which operation is supposed. Secondly, in the certificate the trust level (Evaluation Assurance Level, EAL) allowing the consumer of the certified solution to judge that is specified this solution is how deep it was investigated during certification tests.