BS EN ISO/IEC 15408-2:2020

Comprehensive Information Security Standard

BS EN ISO/IEC 15408-2:2020 is a critical standard for ensuring the security of information technology systems and products. This standard, also known as the Common Criteria for Information Technology Security Evaluation, provides a framework for evaluating the security features and capabilities of IT products and systems.

Rigorous Evaluation Criteria

The standard outlines a set of security requirements and evaluation methods that IT products and systems must meet to be considered secure. These requirements cover a wide range of security aspects, including:- Identification and authentication- Access control- Security audit- Cryptography- Protection of the TOE security functions- Resource utilization- Access to TOE security functions and data

Compliance Benefits

By adhering to the requirements set forth in BS EN ISO/IEC 15408-2:2020, organizations can ensure that their IT systems and products are:- Secure and resistant to known threats and vulnerabilities- Compliant with industry-standard security best practices- Interoperable with other secure IT systems and products- Trusted by customers and stakeholders

Comprehensive Evaluation Process

The standard also defines a comprehensive evaluation process that IT products and systems must undergo to be certified as compliant. This process involves:- Defining the security target and security requirements- Designing and implementing the security features- Performing extensive testing and evaluation- Obtaining independent third-party certification

Broad Applicability

BS EN ISO/IEC 15408-2:2020 is applicable to a wide range of IT products and systems, including:- Operating systems- Networking equipment- Databases- Application software- Embedded systems- Cryptographic modulesBy adhering to this standard, organizations can ensure that their IT infrastructure and products are secure, reliable, and trusted by their customers and stakeholders.