FprEN ISO 15408-5

SLOVENSKI STANDARD
oSIST prEN ISO/IEC 15408-5:2024
01-november-2024
Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Merila za
vrednotenje varnosti IT - 5. del: Vnaprej določeni paketi varnostnih zahtev (ISO/IEC
DIS 15408-5:2024)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT
security - Part 5: Pre-defined packages of security requirements (ISO/IEC DIS 15408-
5:2024)
Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre -
Evaluationskriterien für IT-Sicherheit - Teil 5: Vordefinierte Pakete von
Sicherheitsanforderungen
Sécurité de l'information, cybersécurité et protection de la vie privée - Critères
d'évaluation pour la sécurité des technologies de l'information - Partie 5: Paquets
prédéfinis d'exigences de sécurité (ISO/IEC DIS 15408-5:2024)
Ta slovenski standard je istoveten z: prEN ISO/IEC 15408-5
ICS:
35.030 Informacijska varnost IT Security
oSIST prEN ISO/IEC 15408-5:2024 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

oSIST prEN ISO/IEC 15408-5:2024

oSIST prEN ISO/IEC 15408-5:2024
DRAFT
International
Standard
ISO/IEC
DIS
15408-5
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2024-08-19
Part 5:
Voting terminates on:
2024-11-11
Pre-defined packages of security
requirements
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 5: Paquets prédéfinis d'exigences de sécurité
ICS: ISO ics
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Reference number
© ISO/IEC 2024
ISO/IEC DIS 15408-5:2024(en)
oSIST prEN ISO/IEC 15408-5:2024
DRAFT
ISO/IEC DIS 15408-5:2024(en)
International
Standard
ISO/IEC
DIS
15408-5
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2024-08-19
Part 5:
Voting terminates on:
2024-11-11
Pre-defined packages of security
requirements
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 5: Paquets prédéfinis d'exigences de sécurité
ICS: ISO ics
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
© ISO/IEC 2024
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
BE CONSIDERED IN THE LIGHT OF THEIR
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
or ISO’s member body in the country of the requester.
NATIONAL REGULATIONS.
ISO copyright office
RECIPIENTS OF THIS DRAFT ARE INVITED
CP 401 • Ch. de Blandonnet 8
TO SUBMIT, WITH THEIR COMMENTS,
CH-1214 Vernier, Geneva
NOTIFICATION OF ANY RELEVANT PATENT
Phone: +41 22 749 01 11
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
© ISO/IEC 2024
ISO/IEC DIS 15408-5:2024(en)
© ISO/IEC 2024 – All rights reserved
ii
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
Contents Page
Foreword .vi
Legal notice .vii
Introduction .viii
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 2
4 Evaluation assurance levels (EAL) . 2
4.1 Family name .2
4.2 Family overview .2
4.2.1 Relationship between assurances and assurance levels .2
4.3 Family objectives .4
4.4 Evaluation assurance level 1 (EAL1) — Functionally tested .5
4.4.1 Package name .5
4.4.2 Package type .5
4.4.3 Package overview .5
4.4.4 Package objectives .5
4.4.5 Package components.5
4.5 Evaluation assurance level 2 (EAL2) — Structurally tested .6
4.5.1 Package name .6
4.5.2 Package type .6
4.5.3 Package overview .6
4.5.4 Package objectives .6
4.5.5 Package components.7
4.6 Evaluation assurance level 3 (EAL3) — Methodically tested and checked .7
4.6.1 Package name .7
4.6.2 Package type .7
4.6.3 Package overview .7
4.6.4 Package objectives .7
4.6.5 Package components.8
4.7 Evaluation assurance level 4 (EAL4) — Methodically designed, tested and reviewed .8
4.7.1 Package name .8
4.7.2 Package type .8
4.7.3 Package overview .9
4.7.4 Package objectives .9
4.7.5 Package components.9
4.8 Evaluation assurance level 5 (EAL5) — Semi-formally designed and tested .10
4.8.1 Package name .10
4.8.2 Package type .10
4.8.3 Package overview .10
4.8.4 Package objectives .10
4.8.5 Package components.11
4.9 Evaluation assurance level 6 (EAL6) — Semi-formally verified design and tested .11
4.9.1 Package name .11
4.9.2 Package type .11
4.9.3 Package overview .11
4.9.4 Package objectives . 12
4.9.5 Package components. 12
4.10 Evaluation assurance level 7 (EAL7) — Formally verified design and tested . 13
4.10.1 Package name . 13
4.10.2 Package type . 13
4.10.3 Package overview . 13
4.10.4 Package objectives . 13
4.10.5 Package components. 13

© ISO/IEC 2024 – All rights reserved
iii
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
5 Composed assurance packages (CAP) . 14
5.1 Family name .14
5.2 Family overview .14
5.2.1 Relationship between assurances and assurance packages . 15
5.3 Family objectives .17
5.4 Composed assurance package A (CAP-A) — Structurally composed .18
5.4.1 Package name .18
5.4.2 Package type .18
5.4.3 Package overview .18
5.4.4 Package objectives .18
5.4.5 Package components.18
5.5 Composed assurance package B (CAP-B) — Methodically composed .19
5.5.1 Package name .19
5.5.2 Package type .19
5.5.3 Package overview .19
5.5.4 Package objectives .19
5.5.5 Package components. 20
5.6 Composed assurance package C (CAP-C) — Methodically composed, tested and
reviewed . 20
5.6.1 Package name . 20
5.6.2 Package type . 20
5.6.3 Package overview . 20
5.6.4 Package objectives . 20
5.6.5 Package components.21
6 Composite product packages (COMP) .21
6.1 Family name .21
6.2 Family overview .21
6.3 Family objectives . 22
6.4 Composite product package 1 (COMP1) — Consistent, integrated, tested and assessed . 22
6.4.1 Package name . 22
6.4.2 Package type . 22
6.4.3 Package overview . 22
6.4.4 Package objectives . 22
6.4.5 Package components. 22
7 Protection profile assurances (PPA) .23
7.1 Family name . 23
7.2 Family overview . 23
7.3 Family objectives . 23
7.4 Protection profile assurance DR (PPA-DR) — Direct rationale . 23
7.4.1 Package name . 23
7.4.2 Package type . 23
7.4.3 Package overview . 23
7.4.4 Package objectives .24
7.4.5 Package components.24
7.5 Protection profile assurance STD (PPA-STD) — Standard .24
7.5.1 Package name .24
7.5.2 Package type .24
7.5.3 Package overview .24
7.5.4 Package objectives .24
7.5.5 Package components.24
8 Security target assurances (STA) .25
8.1 Family name . 25
8.2 Family overview . 25
8.3 Family objectives . 25
8.4 Security target assurance DR (STA-DR) — Direct rationale . 25
8.4.1 Package name . 25
8.4.2 Package type . 25

© ISO/IEC 2024 – All rights reserved
iv
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
8.4.3 Package overview . 25
8.4.4 Package objectives . 26
8.4.5 Package components. 26
8.5 Security target assurance STD (STA-STD) — Standard . 26
8.5.1 Package name . 26
8.5.2 Package type . 26
8.5.3 Package overview . 26
8.5.4 Package objectives . 26
8.5.5 Package components. 26

© ISO/IEC 2024 – All rights reserved
v
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO [had/had not] received notice of
(a) patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, Information security, cybersecurity and privacy protection.
This second edition cancels and replaces the first edition (ISO/IEC 15408-5:2022), which has been technically
revised.
The main changes are as follows:
— the document has been restructured;
— composite product package has been updated.
A list of all parts in the ISO/IEC 15408 series can be found on the ISO website.
The catalogue of security assurance requirements defined in this document is provided in machine readable
format (XML) at: https://standards.iso.org/iso-iec/TBD.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

© ISO/IEC 2024 – All rights reserved
vi
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
Legal notice
The governmental organizations listed below contributed to the development of this version of the Common
Criteria for Information Technology Security Evaluations. As the joint holders of the copyright in the Common
Criteria for Information Technology Security Evaluations (called CC), they hereby grant non-exclusive license
to ISO/IEC to use CC in the continued development/maintenance of the ISO/IEC 15408 series of standards.
However, these governmental organizations retain the right to use, copy, distribute, translate or modify CC
as they see fit.
Australia The Australian Signals Directorate
Canada Communications Security Establishment
France Agence Nationale de la Sécurité des Systèmes d'Information
Germany Bundesamt für Sicherheit in der Informationstechnik
Japan Information-technology Promotion Agency
Netherlands Netherlands National Communications Security Agency
New Zealand Government Communications Security Bureau
Republic of Korea National Security Research Institute
Spain Centro Criptológico Nacional
Sweden FMV, Swedish Defence Materiel Administration
United Kingdom National Cyber Security Centre
United States The National Security Agency and the National Institute of Standards and
Technology
© ISO/IEC 2024 – All rights reserved
vii
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
Introduction
This document provides pre-defined packages of security requirements. Such security requirements can be
useful for stakeholders as they strive for conformity between evaluations. Packages of security requirements
can also help reduce the effort in developing Protection Profiles (PPs) and Security Targets (STs).
ISO/IEC 15408-1 defines the term “package” and describes the fundamental concepts.
NOTE 1 This document uses bold type to highlight hierarchical relationships between package objectives. This
convention calls for the use of bold type for all new objectives.

© ISO/IEC 2024 – All rights reserved
viii
oSIST prEN ISO/IEC 15408-5:2024
DRAFT International Standard ISO/IEC DIS 15408-5:2024(en)
Information security, cybersecurity and privacy protection —
Evaluation criteria for IT security —
Part 5:
Pre-defined packages of security requirements
1 Scope
This document provides packages of security assurance and security functional requirements that have
been identified as useful in support of common usage by stakeholders.
EXAMPLE 1
Examples of provided packages include the evaluation assurance levels (EAL) and the composed assurance
packages (CAPs).
This document presents:
— Evaluation assurance levels (EAL) (see Clause 4) family of packages that specify pre-defined sets of
security assurance components that may be referenced in PPs and STs and which specify appropriate
security assurances to be provided during an evaluation of a target of evaluation (TOE);
— Composed assurance packages (CAP) (see Clause 5) family of packages that specify sets of security
assurance components used for specifying appropriate security assurances to be provided during an
evaluation of composed TOEs;
— Composite product packages (COMP) (see Clause 6) family of packages that specifies a set of security
assurance components used for specifying appropriate security assurances to be provided during an
evaluation of a composite product TOEs;
— Protection profile assurances (PPA) (see Clause 7) family of packages that specify sets of security
assurance components used for specifying appropriate security assurances to be provided during a
protection profile evaluation;
— Security target assurances (STA) (see Clause 8) family of packages that specify sets of security assurance
components used for specifying appropriate security assurances to be provided during a security target
evaluation.
The users of this document can include consumers, developers, and evaluators of secure IT products.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 15408-1, Information security, cybersecurity and privacy protection — Evaluation criteria for IT
security — Part 1: Introduction and general model
ISO/IEC 15408-3, Information security, cybersecurity and privacy protection — Evaluation criteria for IT
security — Part 3: Security assurance components

© ISO/IEC 2024 – All rights reserved
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
3 Terms, definitions and abbreviated terms
For the purposes of this document, the terms, definitions, and abbreviated terms given in ISO/IEC 15408-1
and ISO/IEC 15408-3 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at www .iso .org/ obp;
— IEC Electropedia: available at www .electropedia .org.
4 Evaluation assurance levels (EAL)
4.1 Family name
The name of this family of packages is evaluation assurance levels (EALs).
4.2 Family overview
The EALs provide an increasing scale that balances the level of assurance obtained with the cost and
feasibility of acquiring that degree of assurance. The approach of ISO/IEC 15408-1 identifies the separate
concepts of assurance in a TOE at the end of the evaluation, and of maintenance of that assurance during the
operational use of the TOE.
NOTE 1 Not all families and components given in ISO/IEC 15408-3 are included in the EALs. This is not to say that
these do not provide meaningful and desirable assurances. Instead, it is expected that these families and components
can be considered for augmentation of an EAL in those Protection Profiles (PPs) and Security Targets (STs) for which
they provide utility. Additionally, some classes found in ISO/IEC 15408-3 are not relevant for the EALs. Examples
of such classes include Class APE Protection Profile (PP) evaluation (see ISO/IEC 15408-3, Clause 7) and Class ACO
Composition (see ISO/IEC 15408-3, Clause 15).
A set of assurance components have been chosen for each EAL.
A higher level of assurance than that provided by a given EAL can be achieved by:
— including additional assurance components from other assurance families; or
— replacing an assurance component with a higher-level assurance component from the same assurance family.
4.2.1 Relationship between assurances and assurance levels
Figure 1 illustrates the relationship between the security assurance requirements (SARs) found in
ISO/IEC 15408-3 and the assurance levels defined in this document. While assurance components further
decompose into assurance elements, assurance elements cannot be individually referenced by assurance levels.

© ISO/IEC 2024 – All rights reserved
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
Figure 1 — Assurance and assurance level association
NOTE 1 The arrow in the figure represents a reference from an EAL to an assurance component within the class
where it is defined.
Table 1 represents a summary of the EAL.

© ISO/IEC 2024 – All rights reserved
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
Table 1 — Evaluation assurance level summary
Assurance class Assurance Family EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7
ADV Development ADV_ARC 1 1 1 1 1 1
ADV_FSP 1 2 3 4 5 5 6
ADV_IMP 1 1 2 2
ADV_INT 2 3 3
ADV_SPM 1 1
ADV_TDS 1 2 3 4 5 6
AGD Guidance AGD_OPE 1 1 1 1 1 1 1
documents
AGD_PRE 1 1 1 1 1 1 1
ALC Life-cycle support ALC_CMC 1 2 3 4 4 5 5
ALC_CMS 1 2 3 4 5 5 5
ALC_DEL 1 1 1 1 1 1
ALC_DVS 1 1 1 2 2
ALC_LCD 1 1 1 1 2
ALC_TAT 1 2 3 3
ASE Security Target (ST) ASE_CCL 1 1 1 1 1 1 1
evaluation
ASE_ECD 1 1 1 1 1 1 1
ASE_INT 1 1 1 1 1 1 1
ASE_OBJ 1 2 2 2 2 2 2
ASE_REQ 1 2 2 2 2 2 2
ASE_SPD 1 1 1 1 1 1
ASE_TSS 1 1 1 1 1 1 1
ATE Tests ATE_COV 1 2 2 2 3 3
ATE_DPT 1 1 3 3 4
ATE_FUN 1 1 1 1 2 2
ATE_IND 1 2 2 2 2 2 3
AVA Vulnerability AVA_VAN 1 2 2 3 4 5 5
assessment
The columns represent a hierarchically ordered set of EALs, while the rows represent assurance families.
Each number in the resulting matrix identifies a specific assurance component where applicable.
Those items marked in grey are not applicable in the EAL specification. However, they can be used to
augment the EAL package.
NOTE 2 Although the Flaw remediation (ALC_FLR) (see ISO/IEC 15408-3, 12.7) and TOE development artefacts
(ALC_TDA) (see ISO/IEC 15408-3, 12.10) families are not shown, they are often used as an augmentation to the EALs.
4.3 Family objectives
Seven hierarchically ordered evaluation assurance levels are defined in this document for the rating of a
TOE’s assurance. They are hierarchically ordered inasmuch as each EAL represents more assurance than all
lower EALs. The increase in assurance from EAL to EAL is accomplished by substitution of a hierarchically
higher assurance component from the same assurance family (i.e. increasing rigour, scope and/or depth) and
from the addition of assurance components from other assurance families (i.e. adding new requirements).
These EALs consist of an appropriate combination of assurance components as described in ISO/IEC 15408-3.
More precisely, each EAL includes no more than one component of each assurance family and all the
assurance dependencies of every component are addressed.

© ISO/IEC 2024 – All rights reserved
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
The notion of “augmentation” allows the addition of assurance components (from assurance families not
already included in the EAL) or the substitution of assurance components (with another hierarchically
higher assurance component in the same assurance family) to an EAL. Of the assurance constructs defined
in ISO/IEC 15408-1, only EALs may be augmented. The notion of an “EAL minus a constituent assurance
component” is not recognized in ISO/IEC 15408-1 as a valid claim. Augmentation carries with it the obligation
on the part of the claimant to justify the utility and added value of the added assurance component to the
EAL. An EAL may also be augmented with extended assurance requirements.
NOTE 1 An EAL cannot be augmented if it is included in an ST that claims exact conformance to a PP.
4.4 Evaluation assurance level 1 (EAL1) — Functionally tested
4.4.1 Package name
The name of the package is evaluation assurance level 1 (EAL1) — Functionally tested.
4.4.2 Package type
This is an assurance package.
4.4.3 Package overview
EAL1 is applicable where some confidence in correct operation is required, but the threats to security are
not viewed as serious. It is of value where independent assurance is required to support the contention that
due care has been exercised with respect to the protection of personal or similar information.
EAL1 requires only a limited ST. It is sufficient to simply state the required security functional requirements
(SFRs) for the TOE, rather than deriving them from threats, organizational security policies (OSPs) and
assumptions through security objectives.
EAL1 provides an evaluation of the TOE as made available to the customer, including independent testing
against a specification, and an examination of the guidance documentation provided. It is intended that an
EAL1 evaluation can be successfully conducted without assistance from the developer of the TOE, and for
minimal outlay.
An evaluation at this level provides evidence that the TOE functions in a manner consistent with its
documentation.
4.4.4 Package objectives
EAL1 provides a basic level of assurance by a limited ST and an analysis of the SFRs in that ST using
a functional and interface specification and guidance documentation, to understand the security
behaviour.
The analysis is supported by a search for potential vulnerabilities in the public domain and
independent testing (functional and penetration) of the TOE security functionality (TSF).
EAL1 also provides assurance through unique identification of the TOE and of the relevant evaluation
documents.
This EAL provides a meaningful increase in assurance over unevaluated IT.
4.4.5 Package components
Table 2 gives the assurance components included in EAL1.

© ISO/IEC 2024 – All rights reserved
oSIST prEN ISO/IEC 15408-5:2024
ISO/IEC DIS 15408-5:2024(en)
Table 2 — EAL1
Assurance class Assurance Component
ADV Development ADV_FSP.1, Basic functional specification
AGD Guidance documents AGD_OPE.1, Operational user guidance
AGD_PRE.1, Preparative procedures
ALC Life-cycle support ALC_CMC.1, Labelling of the TOE
ALC_CMS.1, TOE CM coverage
ASE Security Target (ST) evaluation ASE_CCL.1, Conformance claims
ASE_ECD.1, Extended components definition
ASE_INT.1, ST introduction
ASE_OBJ.1, Security objectives for the operational environment
ASE_REQ.1, Direct rationale security requirements
ASE_TSS.1, TOE summary specification
ATE Tests ATE_IND.1, Independent testing - conformance
AVA Vulnerability assessment AVA_VAN.1, Vulnerability survey
4.5 Evaluation assurance level 2 (EAL2) — Structurally tested
4.5.1 Package name
The name of the package is evaluation assurance level 2 (EAL2) — Structurally tested.
4.5.2 Package type
This is an assurance package.
4.5.3 Package overview
EAL2 requires the co-operation of the developer in ter
...