Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation

This document defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC 15408 series.

Titre manque

General Information

Status

Not Published

ICS

35.030 - IT Security

Technical Committee

ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection

Drafting Committee

ISO/IEC JTC 1/SC 27/WG 3 - Security evaluation, testing and specification

Current Stage

5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat

Start Date

08-Dec-2025

Completion Date

08-Dec-2025

Ref Project

Relations

Consolidates

ISO 18113-4:2022 - In vitro diagnostic medical devices — Information supplied by the manufacturer (labelling) — Part 4: In vitro diagnostic reagents for self-testing

Effective Date

27-Apr-2024

Revises

ISO/IEC 18045:2022 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Methodology for IT security evaluation

Effective Date

28-Oct-2023

ISO/IEC FDIS 18045 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation
Released:11/25/2025

Draft

ISO/IEC FDIS 18045 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation Released:11/25/2025

English language

445 pages

sale 15% off

REDLINE ISO/IEC FDIS 18045 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation
Released:11/25/2025

Draft

REDLINE ISO/IEC FDIS 18045 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Requirements and methodology for IT security evaluation Released:11/25/2025

English language

445 pages

sale 15% off

Standards Content (Sample)

FINAL DRAFT
International
Standard
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
2025-12-08
Requirements and methodology for
Voting terminates on:
IT security evaluation
2026-02-02
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
FINAL DRAFT
International
Standard
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Evaluation criteria for IT security —
Requirements and methodology for
Voting terminates on:
IT security evaluation
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO/IEC 2025
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .viii
Introduction .ix
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Terminology . . 4
5 Verb usage . 5
6 General evaluation guidance . 5
7 Relationship between structures within the CC and the structure of this document . 5
8 Evaluation process and related tasks . 6
8.1 General .6
8.2 Evaluation process overview . .7
8.2.1 Objectives .7
8.2.2 Responsibilities of the roles .7
8.2.3 Relationship of roles .7
8.2.4 General evaluation model .8
8.2.5 Evaluator verdicts .8
8.3 Evaluation input task .9
8.3.1 Objectives .9
8.3.2 Application notes .10
8.3.3 Management of evaluation evidence task .10
8.4 Evaluation sub-activities .11
8.5 Evaluation output task .11
8.5.1 Objectives .11
8.5.2 Management of evaluation outputs .11
8.5.3 Application notes . 12
8.5.4 Write OR task . 12
8.5.5 Write ETR task . 12
9 Protection Profile (PP) evaluation . 19
9.1 Introduction .19
9.2 Application notes .19
9.2.1 Re-using the evaluation results of certified PPs .19
9.3 PP introduction (APE_INT) . 20
9.3.1 Evaluation of sub-activity (APE_INT.1) . 20
9.4 Conformance claims (APE_CCL) .21
9.4.1 Evaluation of sub-activity (APE_CCL.1) .21
9.5 Security problem definition (APE_SPD) .32
9.5.1 Evaluation of sub-activity (APE_SPD.1) .32
9.6 Security objectives (APE_OBJ) . 33
9.6.1 Evaluation of sub-activity (APE_OBJ.1) . 33
9.6.2 Evaluation of sub-activity (APE_OBJ.2) . 35
9.7 Extended components definition (APE_ECD) .37
9.7.1 Evaluation of sub-activity (APE_ECD.1) .37
9.8 Security requirements (APE_REQ) .41
9.8.1 Evaluation of sub-activity (APE_REQ.1) .41
9.8.2 Evaluation of sub-activity (APE_REQ.2). 46
10 Protection Profile Configuration evaluation . 51
10.1 Introduction .51
10.2 PP-Module introduction (ACE_INT) .52
10.2.1 Evaluation of sub-activity (ACE_INT.1) .52
10.3 PP-Module conformance claims (ACE_CCL) . 55

© ISO/IEC 2025 – All rights reserved
iii
10.3.1 Evaluation of sub-activity (ACE_CCL.1) . 55
10.4 PP-Module security problem definition (ACE_SPD) . 60
10.4.1 Evaluation of sub-activity (ACE_SPD.1) . 60
10.5 PP-Module security objectives (ACE_OBJ) .62
10.5.1 Evaluation of sub-activity (ACE_OBJ.1) .62
10.5.2 Evaluation of sub-activity (ACE_OBJ.2) . 63
10.6 PP-Module extended components definition (ACE_ECD). 66
10.6.1 Evaluation of sub-activity (ACE_ECD.1) . 66
10.7 PP-Module security requirements (ACE_REQ) .70
10.7.1 Evaluation of sub-activity (ACE_REQ.1) .70
10.7.2 Evaluation of sub-activity (ACE_REQ.2) . 75
10.8 PP-Module consistency (ACE_MCO) . 80
10.8.1 Evaluation of sub-activity (ACE_MCO.1) . 80
10.9 PP-Configuration consistency (ACE_CCO) . 84
10.9.1 Evaluation of sub-activity (ACE_CCO.1) . 84
11 Security Target (ST) evaluation .93
11.1 Introduction . 93
11.2 Application notes . 93
11.2.1 Re-using the evaluation results of certified PPs . 93
11.2.2 Composition . 94
11.3 ST introduction (ASE_INT) . 94
11.3.1 Evaluation of sub-activity (ASE_INT.1) . 94
11.4 Conformance claims (ASE_CCL) . 98
11.4.1 Evaluation of sub-activity (ASE_CCL.1) . 98
11.5 Security problem definition (ASE_SPD) . 112
11.5.1 Evaluation of sub-activity (ASE_SPD.1) . 112
11.6 Security objectives (ASE_OBJ) . 113
11.6.1 Evaluation of sub-activity (ASE_OBJ.1) . 113
11.6.2 Evaluation of sub-activity (ASE_OBJ.2) .114
11.7 Extended components definition (ASE_ECD) .117
11.7.1 Evaluation of sub-activity (ASE_ECD.1) .117
11.8 Security requirements (ASE_REQ). 121
11.8.1 Evaluation of sub-activity (ASE_REQ.1) . 121
11.8.2 Evaluation of sub-activity (ASE_REQ.2) . 127
11.9 TOE summary specification (ASE_TSS) . 133
11.9.1 Evaluation of sub-activity (ASE_TSS.1) . 133
11.9.2 Evaluation of sub-activity (ASE_TSS.2) .134
11.10 Consistency of composite product Security Target (ASE_COMP) . 136
11.10.1 Evaluation of sub-activity (ASE_COMP.1) . 136
12 Development .141
12.1 Introduction .141
12.2 Application notes .141
12.2.1 General .141
12.2.2 Composition .142
12.3 Security architecture (ADV_ARC) .142
12.3.1 Evaluation of sub-activity (ADV_ARC.1) .142
12.4 Functional specification (ADV_FSP) . 146
12.4.1 Evaluation of sub-activity (ADV_FSP.1) . 146
12.4.2 Evaluation of sub-activity (ADV_FSP.2) . 150
12.4.3 Evaluation of sub-activity (ADV_FSP.3) . 155
12.4.4 Evaluation of sub-activity (ADV_FSP.4) . 160
12.4.5 Evaluation of sub-activity (ADV_FSP.5) . 165
12.5 Implementation representation (ADV_IMP) .171
12.5.1 Evaluation of sub-activity (ADV_IMP.1) .171
12.5.2 Evaluation of sub-activity (ADV_IMP.2) . 173
12.6 TSF internals (ADV_INT) .176
12.6.1 Evaluation of sub-activity (ADV_INT.1) .176
12.6.2 Evaluation of sub-activity (ADV_INT.2) . 179

© ISO/IEC 2025 – All rights reserved
iv
12.6.3 Evaluation of sub-activity (ADV_INT.3) . 181
12.7 Formal TSF model (ADV_SPM). 184
12.7.1 Evaluation of sub-activity (ADV_SPM.1) .184
12.8 TOE design (ADV_TDS) .191
12.8.1 Evaluation of sub-activity (ADV_TDS.1) .191
12.8.2 Evaluation of sub-activity (ADV_TDS.2) . 194
12.8.3 Evaluation of sub-activity (ADV_TDS.3) . 199
12.8.4 Evaluation of sub-activity (ADV_TDS.4).209
12.8.5 Evaluation of sub-activity (ADV_TDS.5) . 218
12.9 Composite design compliance (ADV_COMP) . 226
12.9.1 Evaluation of sub-activity (ADV_COMP.1) . 226
13 Guidance documents .228
13.1 Introduction . 228
13.2 Application notes . 228
13.3 Operational user guidance (AGD_OPE) . 228
13.3.1 Evaluation of sub-activity (AGD_OPE.1) . 228
13.4 Preparative procedures (AGD_PRE) . 232
13.4.1 Evaluation of sub-activity (AGD_PRE.1) . 232
14 life cycle support . 234
14.1 Introduction . 234
14.2 Application notes . 234
14.2.1 Composition . 234
14.3 CM capabilities (ALC_CMC) . 235
14.3.1 Evaluation of sub-activity (ALC_CMC.1). 235
14.3.2 Evaluation of sub-activity (ALC_CMC.2) . 236
14.3.3 Evaluation of sub-activity (ALC_CMC.3) . 238
14.3.4 Evaluation of sub-activity (ALC_CMC.4) . 242
14.3.5 Evaluation of sub-activity (ALC_CMC.5) . 247
14.4 CM scope (ALC_CMS) .254
14.4.1 Evaluation of sub-activity (ALC_CMS.1) .254
14.4.2 Evaluation of sub-activity (ALC_CMS.2) . 255
14.4.3 Evaluation of sub-activity (ALC_CMS.3) . 256
14.4.4 Evaluation of sub-activity (ALC_CMS.4) . 258
14.4.5 Evaluation of sub-activity (ALC_CMS.5) . 259
14.5 Delivery (ALC_DEL) .260
14.5.1 Evaluation of sub-activity (ALC_DEL.1) .260
14.6 Developer environment security (ALC_DVS) . 262
14.6.1 Evaluation of sub-activity (ALC_DVS.1) . 262
14.6.2 Evaluation of sub-activity (ALC_DVS.2) .264
14.7 Flaw remediation (ALC_FLR) . 267
14.7.1 Evaluation of sub-activity (ALC_FLR.1) . 267
14.7.2 Evaluation of sub-activity (ALC_FLR.2) . 269
14.7.3 Evaluation of sub-activity (ALC_FLR.3) . 273
14.8 Development life cycle definition (ALC_LCD) . 278
14.8.1 Evaluation of sub-activity (ALC_LCD.1) . 278
14.8.2 Evaluation of sub-activity (ALC_LCD.2) .280
14.9 TOE development artefacts (ALC_TDA) .282
14.9.1 Evaluation of sub-activity (ALC_TDA.1) .282
14.9.2 Evaluation of sub-activity (ALC_TDA.2) .286
14.9.3 Evaluation of sub-activity (ALC_TDA.3) .290
14.10 Tools and techniques (ALC_TAT) . 295
14.10.1 Evaluation of sub-activity (ALC_TAT.1). 295
14.10.2 Evaluation of sub-activity (ALC_TAT.2) . 297
14.10.3 Evaluation of sub-activity (ALC_TAT.3) .300
14.11 Integration of composition parts and consistency check of delivery procedures (ALC_
COMP) . 303
14.11.1 Evaluation of sub-activity (ALC_COMP.1) . 303

© ISO/IEC 2025 – All rights reserved
v
15 Tests .305
15.1 Introduction . 305
15.2 Application notes . 305
15.2.1 General . 305
15.2.2 Understanding the expected behaviour of the TOE .306
15.2.3 Testing vs. alternate approaches to verify the expected behaviour of
functionality . 306
15.2.4 Verifying the adequacy of tests . 307
15.2.5 Composition . 307
15.3 Coverage (ATE_COV) . 307
15.3.1 Evaluation of sub-activity (ATE_COV.1) . 307
15.3.2 Evaluation of sub-activity (ATE_COV.2) .308
15.3.3 Evaluation of sub-activity (ATE_COV.3) .309
15.4 Depth (ATE_DPT) . 311
15.4.1 Evaluation of sub-activity (ATE_DPT.1) . . 311
15.4.2 Evaluation of sub-activity (ATE_DPT.2) .314
15.4.3 Evaluation of sub-activity (ATE_DPT.3) .317
15.5 Functional tests (ATE_FUN) .319
15.5.1 Evaluation of sub-activity (ATE_FUN.1) .319
15.5.2 Evaluation of sub-activity (ATE_FUN.2) . 322
15.6 Independent testing (ATE_IND) . 326
15.6.1 Evaluation of sub-activity (ATE_IND.1) . 326
15.6.2 Evaluation of sub-activity (ATE_IND.2) . 330
15.7 Composite functional testing (ATE_COMP) . 335
15.7.1 Evaluation of sub-activity (ATE_COMP.1) . 335
16 Vulnerability assessment .336
16.1 Introduction . 336
16.2 Application notes . 337
16.2.1 Composition . 337
16.3 Vulnerability analysis (AVA_VAN) . 337
16.3.1 Evaluation of sub-activity (AVA_VAN.1). 337
16.3.2 Evaluation of sub-activity (AVA_VAN.2) . 342
16.3.3 Evaluation of sub-activity (AVA_VAN.3) .349
16.3.4 Evaluation of sub-activity (AVA_VAN.4) . 358
16.3.5 Evaluation of sub-activity (AVA_VAN.5) .365
16.4 Composite vulnerability assessment (AVA_COMP) . 373
16.4.1 Evaluation of sub-activity (AVA_COMP.1). 373
17 Composition .376
17.1 Introduction .376
17.2 Application notes .376
17.3 Composition rationale (ACO_COR) . 377
17.3.1 Evaluation of sub-activity (ACO_COR.1) . 377
17.4 Development evidence (ACO_DEV) . .383
17.4.1 Evaluation of sub-activity (ACO_DEV.1) .383
17.4.2 Evaluation of sub-activity (ACO_DEV.2) .385
17.4.3 Evaluation of sub-activity (ACO_DEV.3) .387
17.5 Reliance of dependent component (ACO_REL) .390
17.5.1 Evaluation of sub-activity (ACO_REL.1) .390
17.5.2 Evaluation of sub-activity (ACO_REL.2) . 392
17.6 Composed TOE testing (ACO_CTT) .394
17.6.1 Evaluation of sub-activity (ACO_CTT.1) .394
17.6.2 Evaluation of sub-activity (ACO_CTT.2) . 397
17.7 Composition vulnerability analysis (ACO_VUL) .401
17.7.1 Evaluation of sub-activity (ACO_VUL.1) .401
17.7.2 Evaluation of sub-activity (ACO_VUL.2) .404
17.7.3 Evaluation of sub-activity (ACO_VUL.3) .408
Annex A (informative) General evaluation guidance and requirements .413

© ISO/IEC 2025 – All rights reserved
vi
Annex B (normative) Vulnerability assessment (AVA) .421
Annex C (informative) Evaluation techniques and tools - Semi-formal and formal methods .441
Bibliography . 445

© ISO/IEC 2025 – All rights reserved
vii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of
...

Style Definition
...
Style Definition
...
Style Definition
FDIS ISO/IEC FDIS 18045(E) .
Style Definition
...
ISO/IEC JTC 1/SC 27/WG 3
Style Definition
...
Style Definition
Secretariat: DIN .
Style Definition
...
Date: 2025-10-0711-24
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
Information security, cybersecurity and privacy protection — .
Style Definition
Evaluation criteria for IT security — Requirements and .
Style Definition
methodology for IT security evaluation .
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
FDIS stage
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Warning for WDs and CDs
Style Definition
...
This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
Style Definition
...
change without notice and may not be referred to as an International Standard.
Style Definition
...
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
Style Definition
...
which they are aware and to provide supporting documentation.
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
ISO/CEN PARALLEL PROCESSING
Style Definition
...
Style Definition
...
Style Definition
A model document of an International Standard (the Model International Standard) is available at: .
https://www.iso.org/drafting-standards.html
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
ISO #####-#:####(X)
2 © ISO #### – All rights reserved

© ISO
Formatted: Font: Bold
ISO #####-#:####(X/IEC FDIS 18045:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
© ISO/IEC 2025
Line spacing: single
Formatted: Indent: Left: 0 cm, Right: 0 cm, Space
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
Before: 0 pt, No page break before, Adjust space
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
between Latin and Asian text, Adjust space between
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
Asian text and numbers, Border: Top: (No border)
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Formatted: German (Germany)
Website: www.iso.orgwww.iso.org
Published in Switzerland
Formatted: English (United Kingdom)

Formatted: Font: 10 pt
Formatted: Font: 10 pt
Formatted: Font: 11 pt
Formatted: FooterPageRomanNumber, Space After: 0
pt, Line spacing: single
iv © ISO #### /IEC 2025 – All rights reserved
iv
FDIS ISO/IEC FDIS 18045 (E:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Contents
Formatted: HeaderCentered, Left, Space After: 0 pt,
Line spacing: single
Foreword . xiii
Formatted: Space Before: 48 pt
Introduction . xv
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Terminology . 5
5 Verb usage . 6
6 General evaluation guidance . 6
7 Relationship between structures within the CC and the structure of this document . 6
8 Evaluation process and related tasks . 7
8.1 General. 7
8.2 Evaluation process overview . 8
8.3 Evaluation input task. 13
8.4 Evaluation sub-activities . 14
8.5 Evaluation output task . 14
9 Protection Profile (PP) evaluation . 24
9.1 Introduction . 24
9.2 Application notes . 25
9.3 PP introduction (APE_INT) . 25
9.4 Conformance claims (APE_CCL) . 27
9.5 Security problem definition (APE_SPD) . 38
9.6 Security objectives (APE_OBJ) . 40
9.7 Extended components definition (APE_ECD) . 44
9.8 Security requirements (APE_REQ) . 48
10 Protection Profile Configuration evaluation. 60
10.1 Introduction . 60
10.2 PP-Module introduction (ACE_INT) . 62
10.3 PP-Module conformance claims (ACE_CCL) . 64
10.4 PP-Module security problem definition (ACE_SPD) . 70
10.5 PP-Module security objectives (ACE_OBJ). 72
10.6 PP-Module extended components definition (ACE_ECD) . 76
10.7 PP-Module security requirements (ACE_REQ) . 81
10.8 PP-Module consistency (ACE_MCO) . 93
10.9 PP-Configuration consistency (ACE_CCO) . 97
11 Security Target (ST) evaluation . 106
11.1 Introduction . 106
11.2 Application notes . 106
11.3 ST introduction (ASE_INT) . 107
11.4 Conformance claims (ASE_CCL) . 111
Formatted: Font: 10 pt
11.5 Security problem definition (ASE_SPD) . 127
Formatted: Font: 10 pt
11.6 Security objectives (ASE_OBJ) . 128
Formatted: Font: 10 pt
11.7 Extended components definition (ASE_ECD) . 132
11.8 Security requirements (ASE_REQ) . 137
Formatted: FooterCentered, Left, Line spacing: single
11.9 TOE summary specification (ASE_TSS) . 150
Formatted: Font: 11 pt
11.10 Consistency of composite product Security Target (ASE_COMP) . 153
Formatted: FooterPageRomanNumber, Left, Space
12 Development . 159
After: 0 pt, Line spacing: single
© ISO /IEC 2025 – All rights reserved
v
ISO #####-#:####(X/IEC FDIS 18045:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
12.1 Introduction . 159
Line spacing: single
12.2 Application notes . 159
12.3 Security architecture (ADV_ARC) . 161
12.4 Functional specification (ADV_FSP) . 166
12.5 Implementation representation (ADV_IMP) . 193
12.6 TSF internals (ADV_INT) . 199
12.7 Formal TSF model (ADV_SPM) . 208
12.8 TOE design (ADV_TDS) . 215
12.9 Composite design compliance (ADV_COMP) . 255
13 Guidance documents . 258
13.1 Introduction . 258
13.2 Application notes . 258
13.3 Operational user guidance (AGD_OPE) . 258
13.4 Preparative procedures (AGD_PRE) . 262
14 life cycle support . 264
14.1 Introduction . 264
14.2 Application notes . 264
14.3 CM capabilities (ALC_CMC) . 265
14.4 CM scope (ALC_CMS) . 287
14.5 Delivery (ALC_DEL) . 294
14.6 Developer environment security (ALC_DVS) . 295
14.7 Flaw remediation (ALC_FLR) . 301
14.8 Development life cycle definition (ALC_LCD) . 316
14.9 TOE development artefacts (ALC_TDA) . 321
14.10 Tools and techniques (ALC_TAT) . 334
14.11 Integration of composition parts and consistency check of delivery procedures
(ALC_COMP) . 344
15 Tests . 347
15.1 Introduction . 347
15.2 Application notes . 347
15.3 Coverage (ATE_COV) . 349
15.4 Depth (ATE_DPT) . 354
15.5 Functional tests (ATE_FUN) . 363
15.6 Independent testing (ATE_IND) . 371
15.7 Composite functional testing (ATE_COMP) . 381
16 Vulnerability assessment . 383
16.1 Introduction . 383
16.2 Application notes . 383
16.3 Vulnerability analysis (AVA_VAN) . 384
16.4 Composite vulnerability assessment (AVA_COMP) . 425
17 Composition . 428
17.1 Introduction . 428
17.2 Application notes . 428
17.3 Composition rationale (ACO_COR) . 430
17.4 Development evidence (ACO_DEV) . 437
17.5 Reliance of dependent component (ACO_REL) . 443
17.6 Composed TOE testing (ACO_CTT) . 449
Formatted: Font: 10 pt
17.7 Composition vulnerability analysis (ACO_VUL) . 456
Formatted: Font: 10 pt
Annex A (informative) General evaluation guidance and requirements. 469
Formatted: Font: 11 pt
Annex B (normative) Vulnerability assessment (AVA) . 479
Formatted: FooterPageRomanNumber, Space After: 0
pt, Line spacing: single
vi © ISO #### /IEC 2025 – All rights reserved
vi
FDIS ISO/IEC FDIS 18045 (E:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Annex C (informative) Evaluation techniques and tools - Semi-formal and formal methods . 503
Formatted: HeaderCentered, Left, Space After: 0 pt,
Bibliography . 508
Line spacing: single
Introduction . x
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Terminology . 5
5 Verb usage . 5
6 General evaluation guidance . 5
7 Relationship between structures within the CC and the structure of this document . 5
8 Evaluation process and related tasks . 6
8.1 General. 6
8.2 Evaluation process overview . 7
8.2.1 Objectives . 7
8.2.2 Responsibilities of the roles . 7
8.2.3 Relationship of roles . 7
8.2.4 General evaluation model . 8
8.2.5 Evaluator verdicts. 8
8.3 Evaluation input task. 9
8.3.1 Objectives . 9
8.3.2 Application notes . 9
8.3.3 Management of evaluation evidence sub-task . 10
8.4 Evaluation sub-activities . 11
8.5 Evaluation output task . 11
8.5.1 Objectives . 11
8.5.2 Management of evaluation outputs . 11
8.5.3 Application notes . 12
8.5.4 Write OR sub-task . 12
8.5.5 Write ETR sub-task. 12
9 Protection Profile (PP) evaluation . 19
9.1 Introduction . 19
9.2 Application notes . 19
9.2.1 Re-using the evaluation results of certified PPs . 19
9.3 PP introduction (APE_INT) . 20
9.3.1 Evaluation of sub-activity (APE_INT.1) . 20
9.4 Conformance claims (APE_CCL) . 21
9.4.1 Evaluation of sub-activity (APE_CCL.1) . 21
9.5 Security problem definition (APE_SPD) . 31
9.5.1 Evaluation of sub-activity (APE_SPD.1) . 31
9.6 Security objectives (APE_OBJ) . 32
Formatted: Font: 10 pt
9.6.1 Evaluation of sub-activity (APE_OBJ.1) . 32
Formatted: Font: 10 pt
9.6.2 Evaluation of sub-activity (APE_OBJ.2) . 34
9.7 Extended components definition (APE_ECD) . 36
Formatted: Font: 10 pt
9.7.1 Evaluation of sub-activity (APE_ECD.1) . 36
Formatted: FooterCentered, Left, Line spacing: single
9.8 Security requirements (APE_REQ) . 40
Formatted: Font: 11 pt
9.8.1 Evaluation of sub-activity (APE_REQ.1) . 40
9.8.2 Evaluation of sub-activity (APE_REQ.2) . 45
Formatted: FooterPageRomanNumber, Left, Space
After: 0 pt, Line spacing: single
© ISO /IEC 2025 – All rights reserved
vii
ISO #####-#:####(X/IEC FDIS 18045:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
10 Protection Profile Configuration evaluation. 50
Line spacing: single
10.1 Introduction . 50
10.2 PP-Module introduction (ACE_INT) . 51
10.2.1 Evaluation of sub-activity (ACE_INT.1) . 51
10.3 PP-Module conformance claims (ACE_CCL) . 54
10.3.1 Evaluation of sub-activity (ACE_CCL.1) . 54
10.4 PP-Module security problem definition (ACE_SPD) . 59
10.4.1 Evaluation of sub-activity (ACE_SPD.1) . 59
10.5 PP-Module security objectives (ACE_OBJ). 60
10.5.1 Evaluation of sub-activity (ACE_OBJ.1) . 60
10.5.2 Evaluation of sub-activity (ACE_OBJ.2) . 62
10.6 PP-Module extended components definition (ACE_ECD) . 64
10.6.1 Evaluation of sub-activity (ACE_ECD.1) . 64
10.7 PP-Module security requirements (ACE_REQ) . 68
10.7.1 Evaluation of sub-activity (ACE_REQ.1) . 68
10.7.2 Evaluation of sub-activity (ACE_REQ.2) . 73
10.8 PP-Module consistency (ACE_MCO) . 78
10.8.1 Evaluation of sub-activity (ACE_MCO.1). 78
10.9 PP-Configuration consistency (ACE_CCO) . 82
10.9.1 Evaluation of sub-activity (ACE_CCO.1) . 82
11 Security Target (ST) evaluation . 90
11.1 Introduction . 90
11.2 Application notes . 90
11.2.1 Re-using the evaluation results of certified PPs . 90
11.2.2 Composition . 91
11.3 ST introduction (ASE_INT) . 92
11.3.1 Evaluation of sub-activity (ASE_INT.1) . 92
11.4 Conformance claims (ASE_CCL) . 96
11.4.1 Evaluation of sub-activity (ASE_CCL.1) . 96
11.5 Security problem definition (ASE_SPD) . 110
11.5.1 Evaluation of sub-activity (ASE_SPD.1) . 110
11.6 Security objectives (ASE_OBJ) . 111
11.6.1 Evaluation of sub-activity (ASE_OBJ.1) . 111
11.6.2 Evaluation of sub-activity (ASE_OBJ.2) . 112
11.7 Extended components definition (ASE_ECD) . 115
11.7.1 Evaluation of sub-activity (ASE_ECD.1) . 115
11.8 Security requirements (ASE_REQ) . 119
11.8.1 Evaluation of sub-activity (ASE_REQ.1) . 119
11.8.2 Evaluation of sub-activity (ASE_REQ.2) . 125
11.9 TOE summary specification (ASE_TSS) . 131
11.9.1 Evaluation of sub-activity (ASE_TSS.1) . 131
11.9.2 Evaluation of sub-activity (ASE_TSS.2) . 132
11.10 Consistency of composite product Security Target (ASE_COMP) . 133
11.10.1 Evaluation of sub-activity (ASE_COMP.1) . 133
12 Development . 138
12.1 Introduction . 138
12.2 Application notes . 138
12.2.1 General. 138
Formatted: Font: 10 pt
12.2.2 Composition . 139
12.3 Security architecture (ADV_ARC) . 139
Formatted: Font: 10 pt
12.3.1 Evaluation of sub-activity (ADV_ARC.1) . 139
Formatted: Font: 11 pt
12.4 Functional specification (ADV_FSP) . 144
Formatted: FooterPageRomanNumber, Space After: 0
12.4.1 Evaluation of sub-activity (ADV_FSP.1) . 144
pt, Line spacing: single
viii © ISO #### /IEC 2025 – All rights reserved
viii
FDIS ISO/IEC FDIS 18045 (E:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
12.4.2 Evaluation of sub-activity (ADV_FSP.2) . 148
Formatted: HeaderCentered, Left, Space After: 0 pt,
12.4.3 Evaluation of sub-activity (ADV_FSP.3) . 152
Line spacing: single
12.4.4 Evaluation of sub-activity (ADV_FSP.4) . 158
12.4.5 Evaluation of sub-activity (ADV_FSP.5) . 163
12.5 Implementation representation (ADV_IMP) . 169
12.5.1 Evaluation of sub-activity (ADV_IMP.1) . 169
12.5.2 Evaluation of sub-activity (ADV_IMP.2) . 172
12.6 TSF internals (ADV_INT) . 175
12.6.1 Evaluation of sub-activity (ADV_INT.1) . 175
12.6.2 Evaluation of sub-activity (ADV_INT.2) . 177
12.6.3 Evaluation of sub-activity (ADV_INT.3) . 179
12.7 Formal TSF model (ADV_SPM) . 182
12.7.1 Evaluation of sub-activity (ADV_SPM.1) . 182
12.8 TOE design (ADV_TDS) . 188
12.8.1 Evaluation of sub-activity (ADV_TDS.1) . 188
12.8.2 Evaluation of sub-activity (ADV_TDS.2) . 192
12.8.3 Evaluation of sub-activity (ADV_TDS.3) . 197
12.8.4 Evaluation of sub-activity (ADV_TDS.4) . 207
12.8.5 Evaluation of sub-activity (ADV_TDS.5) . 217
12.9 Composite design compliance (ADV_COMP) . 225
12.9.1 Evaluation of sub-activity (ADV_COMP.1) . 225
13 Guidance documents . 227
13.1 Introduction . 227
13.2 Application notes . 228
13.3 Operational user guidance (AGD_OPE) . 228
13.3.1 Evaluation of sub-activity (AGD_OPE.1) . 228
13.4 Preparative procedures (AGD_PRE) . 231
13.4.1 Evaluation of sub-activity (AGD_PRE.1) . 231
14 life cycle support . 233
14.1 Introduction . 233
14.2 Application notes . 233
14.2.1 Composition . 233
14.3 CM capabilities (ALC_CMC) . 234
14.3.1 Evaluation of sub-activity (ALC_CMC.1) . 234
14.3.2 Evaluation of sub-activity (ALC_CMC.2) . 235
14.3.3 Evaluation of sub-activity (ALC_CMC.3) . 237
14.3.4 Evaluation of sub-activity (ALC_CMC.4) . 241
14.3.5 Evaluation of sub-activity (ALC_CMC.5) . 246
14.4 CM scope (ALC_CMS) . 253
14.4.1 Evaluation of sub-activity (ALC_CMS.1) . 253
14.4.2 Evaluation of sub-activity (ALC_CMS.2) . 254
14.4.3 Evaluation of sub-activity (ALC_CMS.3) . 255
14.4.4 Evaluation of sub-activity (ALC_CMS.4) . 256
14.4.5 Evaluation of sub-activity (ALC_CMS.5) . 257
14.5 Delivery (ALC_DEL) . 259
14.5.1 Evaluation of sub-activity (ALC_DEL.1) . 259
Formatted: Font: 10 pt
14.6 Developer environment security (ALC_DVS) . 260
Formatted: Font: 10 pt
14.6.1 Evaluation of sub-activity (ALC_DVS.1) . 260
Formatted: Font: 10 pt
14.6.2 Evaluation of sub-activity (ALC_DVS.2) . 262
14.7 Flaw remediation (ALC_FLR) . 265
Formatted: FooterCentered, Left, Line spacing: single
14.7.1 Evaluation of sub-activity (ALC_FLR.1) . 265
Formatted: Font: 11 pt
14.7.2 Evaluation of sub-activity (ALC_FLR.2) . 267
Formatted: FooterPageRomanNumber, Left, Space
14.7.3 Evaluation of sub-activity (ALC_FLR.3) . 271
After: 0 pt, Line spacing: single
© ISO /IEC 2025 – All rights reserved
ix
ISO #####-#:####(X/IEC FDIS 18045:2025(en) Formatted: Font: 11 pt, Bold
Formatted: Font: 11 pt, Bold
Formatted: HeaderCentered, Left, Space After: 0 pt,
14.8 Development life cycle definition (ALC_LCD) . 276
Line spacing: single
14.8.1 Evaluation of sub-activity (ALC_LCD.1) . 276
14.8.2 Evaluation of sub-activity (ALC_LCD.2) . 278
14.9 TOE development artefacts (ALC_TDA) . 280
14.9.1 Evaluation of sub-activity (ALC_TDA.1) . 280
14.9.2 Evaluation of sub-activity (ALC_TDA.2) . 284
14.9.3 Evaluation of sub-activity (ALC_TDA.3) . 288
14.10 Tools and techniques (ALC_TAT) .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...