The International Organization for Standardization (ISO) sells the official PDF. As of 2025, a single part of the standard costs approximately 138 to 198 CHF (Swiss Francs). The entire set (Parts 1, 2, and 3) will cost over 500 CHF.
To understand how to define and document security targets.
For further detailed research, you can access the standard through official repositories like the ISO Online Browsing Platform or the Common Criteria Portal for the latest PDF documentation.
The hosts the "Common Criteria v3.1" documents. These are the technical equivalents of ISO/IEC 15408. Search for "CC Portal – Final Specifications." You can download the PDFs for free (Part 1, Part 2, Part 3, and evaluation methodology). iso iec 15408 pdf
The standard is divided into multiple components to guide the evaluation process:
By understanding and applying the concepts within the , stakeholders can build a more secure digital infrastructure.
Managing cryptographic keys and operations. To understand how to define and document security targets
Once upon a time, in a world of rapidly evolving technology, a software development company called "SecureCode" was struggling to ensure the security of their products. With the increasing number of cyber threats and data breaches, their customers were demanding more robust security features.
Disclaimer: This article is for informational purposes. Always consult the official ISO or Common Criteria portal for the latest legal texts and certification requirements.
For manufacturers, certification is a crucial competitive advantage that demonstrates a commitment to security. For buyers, particularly in government or high-security sectors, purchasing products with a CC certificate ensures that the product has been verified against recognized standards. These are the technical equivalents of ISO/IEC 15408
: Certification in one member country is often recognized by others, reducing the need for duplicate testing. 📂 Key Structural Parts
ISO/IEC 15408, commonly known as the , is the international standard for evaluating the security of IT products. Writing documentation for it involves following a rigid framework to ensure that security claims are testable and consistent across global markets. 1. Understand the Core Structure
Using the templates in Part 1 of the PDF, you write a . This document is the contract between you and the evaluator. It lists:
This article serves as both. Below, we will explore what ISO/IEC 15408 is, how to legally access the PDF, its structure, and why it matters for your organization.