This International Standard is a companion document to the evaluation criteria for IT security defined in
ISO/IEC 15408. It defines the minimum actions to be performed by an evaluator in order to conduct an
ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408.
This International Standard does not define evaluator actions for certain high assurance ISO/IEC 15408
components, where there is as yet no generally agreed guidance.
ISO/IEC 18045:2008 Referenced Document
ISO/IEC 15408 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 5: Pre-defined packages of security requirements*, 2022-08-09 Update
ISO/IEC 18045:2008 history
2022ISO/IEC 18045:2022 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Methodology for IT security evaluation
2008ISO/IEC 18045:2008 Information technology.Security techniques.Methodology for IT security evaluation
2005ISO/IEC 18045:2005 Information technology - Security techniques - Methodology for IT security evaluation