Common Criteria ISO 15408:
- A structured methodology for documenting and evaluating security requirements for IT products.
- Used to validate and certify security products based on their protection profiles and evaluation assurance levels.
Key Concepts:
- Evaluation Assurance Levels (EAL):
- EAL0: Inadequate assurance – No assurance of security.
- EAL1: Functionally tested – Basic testing of functionality.
- EAL2: Structurally tested – Testing based on the structure of the product.
- EAL3: Methodically tested and checked – Methodical testing and checks.
- EAL4: Methodically designed, tested, and reviewed – Comprehensive design, testing, and review.
- EAL5: Semi-formally designed and tested – Semi-formal design and testing.
- EAL6: Semi-formally verified design and tested – Semi-formal verification of design and testing.
- EAL7: Formally verified design and tested – Formal verification of design and testing.
- Target of Evaluation (TOE):
- The product or system being evaluated for security.
- Protection Profile (PP):
- A set of security requirements for a category of products designed to meet specific consumer security needs.
- Security Target (ST):
- Describes the security properties and requirements of the TOE.
- Security Functional Requirements (SFRs):
- Specific individual security functions that the TOE must perform.
These elements help ensure that security products meet defined standards and requirements, providing a basis for evaluating their effectiveness and reliability.