ISO/IEC 15408-1:2005

Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general model

The electronic version of this International Standard can be downloaded from the ISO/IEC Information Technology Task Force (ITTF) web site

ISO/IEC 15408-1:2005 defines two forms for expressing IT security functional and assurance requirements. The protection profile (PP) construct allows creation of generalized reusable sets of these security requirements. The PP can be used by prospective consumers for specification and identification of products with IT security features which will meet their needs. The security target (ST) expresses the security requirements and specifies the security functions for a particular product or system to be evaluated, called the target of evaluation (TOE). The ST is used by evaluators as the basis for evaluations conducted in accordance with ISO/IEC 15408.


General information

  • Current status : Withdrawn
    Publication date : 2005-10
  • Edition : 2
    Number of pages :
  • :
    ISO/IEC JTC 1/SC 27
    IT Security techniques
  • 35.030
    IT Security

Got a question?

Check out our FAQs


Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)