RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2015/06/23 17:37:52

ISO 15408 Common Criteria for Information Technology Security Evaluation

ISO 15408 of "Common Criteria for Information Technology Security Evaluation" (in abbreviated form Common Criteria or CC) was accepted in 1999 as the unified international standard of certification of information systems on security requirements.

See Also: *ISO 50001:2011 * ISO 15926-1:2004 * ISO 9000 * ISO 20000 * ISO/IEC 20000 * ISO 21500, ISO 21504, ISO 21502 Project, Programme and Portfolio Management * ISO 20022

The standard allows to create tasks on security — the unified documents using which a computer system can state requirements to security of a product, developers can declare properties of security of the product, experts in security — to define whether satisfies a product to these statements, and consumers to estimate whether the product is suitable for their computer systems. Thus, the standard provides conditions in which process of the description, developments and checks of a product on requirements for security is made with necessary scrupulousness.

The procedure of certification provided by ISO 15408 has two important differences from other types of conformity assessment. First, in difference, for example, from certification on compliance to specifications, the developer of the certified product is obliged not only to declare safety features of the solution, but also to prove sufficiency of these functions for counteraction to threats, characteristic of those conditions in which operation is supposed. Secondly, in the certificate the trust level (Evaluation Assurance Level, EAL) allowing the consumer of the certified solution to judge that is specified this solution is how deep it was investigated during certification tests.