iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

prEN ISO/IEC 15408-1

(Main)

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC DIS 15408-1:2024)

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC DIS 15408-1:2024)

This document establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.
This document provides an overview of all parts of the ISO/IEC 15408 series. It describes the various parts of the ISO/IEC 15408 series; defines the terms and abbreviations to be used in all parts of the standard; establishes the core concept of a Target of Evaluation (TOE); describes the evaluation context and describes the audience to which the evaluation criteria is addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.
This document introduces:
—    the key concepts of Protection Profiles (PP), PP-Modules, PP-Configurations, packages, Security Targets (ST), and conformance types;
—    a description of the organization of security components throughout the model;
—    the various operations by which the functional and assurance components given in ISO/IEC 15408‑2 and ISO/IEC 15408‑3 can be tailored through the use of permitted operations;
—    general information about the evaluation methods given in ISO/IEC 18045;
—    guidance for the application of ISO/IEC 15408‑4 in order to develop evaluation methods (EM) and evaluation activities (EA) derived from ISO/IEC 18045;
—    general information about the pre-defined Evaluation Assurance Levels (EALs) defined in ISO/IEC 15408‑5;
—    information in regard to the scope of evaluation schemes.

Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre - Evaluationskriterien für IT-Sicherheit - Teil 1: Einführung und allgemeines Modell

Sécurité de l'information, cybersécurité et protection de la vie privée - Critères d'évaluation pour la sécurité des technologies de l'information - Partie 1: Introduction et modèle général (ISO/IEC DIS 15408-1:2024)

Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Merila za vrednotenje varnosti IT - 1. del: Uvod in splošni model (ISO/IEC DIS 15408-1:2024)

General Information

Status
Not Published
Publication Date
11-Mar-2026
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Current Stage
4060 - Closure of enquiry - Enquiry
Start Date
11-Nov-2024
Completion Date
11-Nov-2024
Ref Project
oSIST prEN ISO/IEC 15408-1:2024 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC DIS 15408-1:2024)

Relations

Revises
EN ISO/IEC 15408-1:2023 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC 15408-1:2022)
Effective Date
22-May-2024

Buy Standard

prEN ISO/IEC 15408-1:2024 - BARVEprEN ISO/IEC 15408-1:2024 - BARVE
PreviousNext
Draft
prEN ISO/IEC 15408-1:2024 - BARVE
English language
150 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-november-2024
Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Merila za
vrednotenje varnosti IT - 1. del: Uvod in splošni model (ISO/IEC DIS 15408-1:2024)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT
security - Part 1: Introduction and general model (ISO/IEC DIS 15408-1:2024)
Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre -
Evaluationskriterien für IT-Sicherheit - Teil 1: Einführung und allgemeines Modell
Sécurité de l'information, cybersécurité et protection de la vie privée - Critères
d'évaluation pour la sécurité des technologies de l'information - Partie 1: Introduction et
modèle général (ISO/IEC DIS 15408-1:2024)
Ta slovenski standard je istoveten z: prEN ISO/IEC 15408-1
ICS:
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

DRAFT
International
Standard
ISO/IEC
DIS
15408-1
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2024-08-19
Part 1:
Voting terminates on:
2024-11-11
Introduction and general model
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 1: Introduction et modèle général
ICS: 35.030
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Reference number
© ISO/IEC 2024
ISO/IEC DIS 15408-1:2024(en)
DRAFT
ISO/IEC DIS 15408-1:2024(en)
International
Standard
ISO/IEC
DIS
15408-1
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2024-08-19
Part 1:
Voting terminates on:
2024-11-11
Introduction and general model
Sécurité de l'information, cybersécurité et protection de la vie
privée — Critères d'évaluation pour la sécurité des technologies
de l'information —
Partie 1: Introduction et modèle général
ICS: 35.030
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
© ISO/IEC 2024
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
BE CONSIDERED IN THE LIGHT OF THEIR
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
or ISO’s member body in the country of the requester.
NATIONAL REGULATIONS.
ISO copyright office
RECIPIENTS OF THIS DRAFT ARE INVITED
CP 401 • Ch. de Blandonnet 8
TO SUBMIT, WITH THEIR COMMENTS,
CH-1214 Vernier, Geneva
NOTIFICATION OF ANY RELEVANT PATENT
Phone: +41 22 749 01 11
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
© ISO/IEC 2024
ISO/IEC DIS 15408-1:2024(en)
© ISO/IEC 2024 – All rights reserved
ii
ISO/IEC DIS 15408-1:2024(en)
Contents Page
Foreword .vi
Introduction .viii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms .13
5 Overview .15
5.1 General . 15
5.2 ISO/IEC 15408 series description . 15
5.2.1 General . 15
5.2.2 Audience . . 15
5.3 Target of evaluation (TOE) .18
5.3.1 General .18
5.3.2 TOE boundaries .19
5.3.3 Different representations of the TOE .19
5.3.4 Different configurations of the TOE .19
5.3.5 Operational environment of the TOE . 20
5.4 Presentation of material in this document . 20
6 General model .20
6.1 Background . 20
6.2 Assets and security controls .21
6.3 Core constructs of the paradigm of the ISO/IEC 15408 series . 23
6.3.1 General . 23
6.3.2 Conformance types .24
6.3.3 Communicating security requirements.24
6.3.4 Meeting the needs of consumers (risk owners) .27
7 Specifying security requirements .28
7.1 Security problem definition (SPD) . 28
7.1.1 General . 28
7.1.2 Threats . 28
7.1.3 Organizational security policies (OSPs) . 29
7.1.4 Assumptions . 29
7.2 Security objectives . 30
7.2.1 General . 30
7.2.2 Security objectives for the TOE . 30
7.2.3 Security objectives for the operational environment .31
7.2.4 Relation between security objectives and the SPD .31
7.2.5 Tracing between security objectives and the SPD .31
7.2.6 Providing a justification for the tracing .32
7.2.7 On countering threats.32
7.2.8 Security objectives: conclusion . 33
7.3 Security requirements . . 33
7.3.1 General . 33
7.3.2 Security Functional Requirements (SFRs) . 33
7.3.3 Security assurance requirements (SARs) . 36
7.3.4 Security requirements: conclusion . 36
8 Security components .38
8.1 Hierarchical structure of security components . 38
8.1.1 General . 38
8.1.2 Class . 38
8.1.3 Family . 38
8.1.4 Component . 38

© ISO/IEC 2024 – All rights reserved
iii
----------------------
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN 17339:2024(Main)
Transportable gas cylinders – Hoop wrapped and fully wrapped carbon composite cylinders and tubes for hydrogen
kSIST FprEN 17339:2024

This document specifies minimum requirements for the materials, design, construction, prototype testing and routine manufacturing inspections of composite gas cylinders and tubes for compressed hydrogen.
NOTE 1 Unless specified in the text, for the purposes of this document, the word “cylinder” includes tubes.
This document applies to
-   fully wrapped composite cylinders (Type 3 and Type 4)
-   hoop wrapped cylinders (Type 2)
with carbon fibres intended to be permanently mounted in a frame (e.g. bundle or trailer) with a test pressure of not less than 300 bar, with:
— non-metallic liners (for Type 4) or seamless metallic liners (for Type 2 and Type 3),
— a maximum water capacity of 3 000 l
— a maximum working pressure of 1 000 bar.
— the product of working pressure times water capacity (p x V) not exceeding 1 000 000 bar.l.
NOTE 2 A glass fibre protective layer is sometimes applied to the external surface of the cylinder

  • Draft
    49 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN ISO/TS 7552-2:2024(Main)
Molecular in vitro diagnostic examinations - Specifications for pre-examination processes for circulating tumour cells (CTCs) in venous whole blood - Part 2: Isolated DNA (ISO/TS 7552-2:2024)
kSIST-TS FprCEN ISO/TS 7552-2:2024

This document specifies requirements and gives recommendations on the handling, storage, CTC enrichment and isolation, DNA isolation and storage, and documentation of venous whole blood specimens intended for the examination of DNA isolated from circulating tumour cells (CTCs) during the pre-examination phase before a molecular examination is performed.
This document is applicable to molecular in vitro diagnostic examinations including laboratory developed tests performed by medical laboratories. It is also intended to be used by laboratory customers, in vitro diagnostics developers and manufacturers, biobanks, institutions, and commercial organizations performing biomedical research, and regulatory authorities.
This document does not cover the isolation of genomic DNA directly from venous whole blood containing CTCs. This is covered in ISO 20186-2.
This document does not cover the isolation of specific white blood cells and subsequent isolation of genomic DNA therefrom or the pre-analytical workflow requirements for viable CTC cryopreservation and culturing.
NOTE 1        The requirements given in this document can also be applied to other circulating rare cells (e.g. foetal cells).
NOTE 2        International, national, or regional regulations or requirements can also apply to specific topics covered in this document.

  • Draft
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 12520:2024(Main)
Furniture - Safety, strength and durability - Requirements for domestic seating
kSIST FprEN 12520:2024

This document specifies the minimum requirements for the safety, strength and durability of all types of domestic seating for adults. It also specifies additional test methods for seat side-to-side durability as well as finger entrapment and shear and compression.
It does not apply to ranked seating, seating for non-domestic use, office work chairs, chairs for educational institutions, outdoor seating and to links for linked seating for which European Standards exist.
It does not include requirements for the durability of upholstery materials, castors, reclining and tilting mechanisms and seat height adjustment mechanisms.
It does not include requirements for electrical safety.
It does not include requirements for the resistance to ageing, degradation, flammability and ergonomics.
The requirements are based on use by persons weighing up to 110 kg.
Annex A (normative) specifies the seat side-to-side durability test in D-G points.
Annex B (informative) gives rationales for some of the tests referred to in Table 1.
Annex C (normative) specifies the test methods for finger entrapment and shear and compression.
Annex D (normative) specifies the seat loading point for seating with suspended flexible material.

  • Draft
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN ISO/TS 7552-3:2024(Main)
Molecular in vitro diagnostic examinations - Specifications for pre-examination processes for circulating tumour cells (CTCs) in venous whole blood - Part 3: Preparations for analytical CTC staining (ISO/TS 7552-3:2024)
KSIST-TS FprCEN ISO/TS 7552-3:2024

This document specifies requirements and gives recommendations on the handling, storage, CTC enrichment, preparation for CTC staining, and documentation of venous whole blood specimens intended for staining of CTCs during the pre-examination phase before an examination is performed.
This document is applicable to molecular in vitro diagnostic examinations including laboratory developed tests performed by medical laboratories. It is also intended to be used by laboratory customers, in vitro diagnostics developers, and manufacturers, biobanks, institutions, and commercial organizations performing biomedical research, and regulatory authorities.
This document does not cover pre-analytical workflow requirements for viable CTC cryopreservation and culturing.
Different dedicated measures are taken for stabilizing CTCs genomic DNA and RNA that are not described in this document; they are covered in ISO 7552-1 and ISO 7552-2.
NOTE 1        The requirements given in this document can also be applied to other circulating rare cells (e.g. foetal cells).
NOTE 2        International, national or regional regulations or requirements can also apply to specific topics covered in this document.

  • Draft
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 81-31:2024(Main)
Safety rules for the construction and installation of lifts - Lifts for the transport of goods only - Part 31: Accessible goods only lifts
oSIST prEN 81-31:2022

1.1   This document specifies the safety rules for new accessible goods only lifts with traction, positive or hydraulic drive, permanently installed and only used by users (see 3.57), serving fixed and permanent landing levels, having a carrier made of a single load carrying area, designed for the transportation of goods only, moving along a fixed path by rigid guide rails and inclined not more than 15° to the vertical, with rated speed not exceeding 1 m/s.
This document covers accessible goods only lifts with rated load exceeding 300 kg and not intended to transport persons.
1.2   For the purpose of this document, a goods only lift carrier is regarded as accessible where one of the following conditions is satisfied:
a)   floor area of the carrier is greater than 1,0 m2;
b)   depth of the carrier is greater than 1,0 m;
c)   clear height of the carrier is greater than 1,20 m.
In case the carrier is without a roof, it is considered accessible when the clear height of the landing doors is greater than 1,20 m.
1.3   Two types of accessible goods only lifts are addressed:
a)   Type A, where the intended use is bound to the maximum rated speed of 0,30 m/s;
b)   Type B, where the intended use is bound to the maximum rated speed of 1,0 m/s.
1.4   In addition to the requirements of this document, supplementary requirements are to be considered in special cases (operation subject to ATEX rules, operational in ambiental condition not addressed by this standard, seismic conditions, transporting dangerous goods, etc.).
1.5   This document does not cover:
a)   accessible goods only lifts:
1)   with more than one lift machine;
i)   where loading and unloading is automated, or the carrier floor is fitted with mobile devices (e.g. rollers) for loading and unloading purposes;
ii)   intended to carry bulk loads (such as loose sand, gravel, etc.);
iii)   with drive systems other than those stated in 4.8;
b)   lifting tables according to EN 1570-1 and EN 1570-2;
c)   lifting appliances, such as appliances with more than one carrier, skips, goods only lifts for construction sites, for underground applications, mine winding gear, goods only lifts on seagoing vessels and mobile offshore units, construction and maintenance appliances in wind turbines, goods only lifts specially designed and constructed for research purposes for temporary use in laboratories, goods only lifts specially designed and constructed for military or police purposes;
d)   safety during operation of transport, erection, repairs and dismantling of accessible goods only lifts;
e)   the use of translucent material for the walls of the well and machinery spaces, for the carrier with the exception of the landing doors vision panels;
f)   the use of programmable electronic systems in safety related applications for lifts (PESSRAL);
g)   hydraulic lifts where the setting of the pressure relief valve exceeds 50 MPa;
h)   any form of radiation except EMC;
i)   fire propagation;
j)   energy dissipation type buffers;
k)   the possibility of two simultaneous acts of imprudence and/or the abuse of instructions for use.
l)   ambient temperature in the well and machinery spaces lower than +5 °C and higher than +40 °C;
m)   health and safety of animals.
However, this document can usefully be taken as a basis.
Noise and vibrations are not dealt with in this document as they are not considered a significant nor relevant hazard for the actual type of the accessible goods only lifts.
1.6   The requirements of this document are such that the possibility of a failure of an electric safety device or a safety component complying with all the requirements of this document needs not to be taken into consideration.
1.7   This document is not applicable to accessible goods only lifts which were manufactured before the date of its publication as EN.

  • Draft
    189 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 1426:2024(Main)
Bitumens and bituminous binders - Determination of needle penetration
kSIST FprEN 1426:2024

This document specifies a method for the determination of the needle penetration of bitumens and bituminous binders.
The standard procedure for the determination of the needle penetration (consistency) is described for penetrations up to (330 × 0,1) mm at a temperature of 25 °C. The method also allows for penetrations up to (500 × 0,1) mm using a longer needle.
WARNING - The use of this document can involve hazardous materials, operations and equipment. This document does not purport to address all of the safety problems associated with its use. It is the responsibility of the user of this document to establish appropriate safety and health practices and to determine the applicability of regulatory limitations prior to use.

  • Draft
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 16486-2:2024(Main)
Plastics piping systems for the supply of gaseous fuels - Unplasticized polyamide (PA-U) piping systems with fusion jointing and mechanical jointing - Part 2: Pipes (ISO 16486‑2:2024)
oSIST prEN ISO 16486-2:2024

This document specifies the physical and mechanical properties of pipes made from unplasticized polyamide (PA-U) in accordance with ISO 16486-1, intended to be buried and used for the supply of gaseous fuels.
It also specifies the test parameters for the test methods to which it refers.
The ISO 16486 series is applicable to PA-U piping systems, the components of which are connected by fusion jointing and/or mechanical jointing.
In particular, this document lays down dimensional characteristics and requirements for the marking of pipes.
Pipes conforming to this document are jointed typically by using mechanical, electrofusion or butt fusion techniques.

  • Draft
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 4165-007:2024(Main)
Aerospace series - Connectors, electrical, rectangular, modular - Operating temperature 175 °C continuous - Part 007: Plug for 2 and 4 modules, series 3 - Product standard
kSIST FprEN 4165-007:2023

This document specifies the plug series 3, for 2 and 4 modules used in the family of rectangular electrical connectors, operating temperature 175 °C continuous. The receptacles and accessories corresponding to those plugs are specified in EN 4165 002.

  • Draft
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/CLC ISO/IEC/TS 12791:2024(Main)
Information technology - Artificial intelligence - Treatment of unwanted bias in classification and regression machine learning tasks (ISO/IEC TS 12791:2024)
kSIST-TS FprCEN/CLC ISO/IEC/TS 12791:2024

This document describes how to address unwanted bias in AI systems that use machine learning to conduct classification and regression tasks. This document provides mitigation techniques that can be applied throughout the AI system life cycle in order to treat unwanted bias. This document is applicable to all types and sizes of organization.

  • Draft
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16211:2024(Main)
Ventilation for buildings - Measurement of air flow rates on site - Methods
kSIST FprEN 16211:2024

This document specifies methods for the measurement of air flow rates on site. It provides a description of the air flow rate measurement methods and how measurements are performed within the margins of stipulated method uncertainties. It gives the necessary measurement conditions (e.g. length of straight duct, uniform velocity profile) to achieve the stipulated measurement uncertainties.
The methods for measuring the air flow rate inside ducts do not apply to:
-   ducts that are not circular or rectangular (e.g. oblong ducts);
-   flexible ducts.

  • Draft
    65 pages
    English language
    sale 10% off
    e-Library read for
    1 day