1 Scope
This document describes a cybersecurity evaluation methodology that can be implemented
using pre-defined time and workload resources, for ICT products . It is intended to be applicable for all three assurance levels defined in the CSA
(i.e. basic, substantial and high).
The methodology comprises different evaluation blocks including assessment activities
that comply with the evaluation requirements of the CSA for the mentioned three assurance
levels. Where appropriate, it can be applied both to third-party evaluation and self-assessment .
BS EN 17640:2022 history
2023BS EN 17640:2022 Fixed-time cybersecurity evaluation methodology for ICT products