Every security requirement must be traced back to a specific threat or objective.
Achieving ISO/IEC 15408 (Common Criteria) certification involves a rigorous, multi-stage process, including defining the Target of Evaluation (TOE), selecting a Protection Profile, and drafting a Security Target for evaluator scrutiny. Organizations typically aim for specific Evaluation Assurance Levels (EAL) to prove security compliance through documentation review, penetration testing, and secure development verification. Learn more about the evaluation process at KONFIRMITY ISO/IEC 15408-1:2022 - Evaluation criteria for IT security iso iec 15408 pdf
– Defines the terminology and the overall philosophy of the evaluation process. Part 2: Security Functional Components Every security requirement must be traced back to