IS 14990 : Part 3 : 2024/ISO/IEC 15408-3 : 2022 Information Security, Cybersecurity and Privacy Protection - Evaluation Criteria for IT Security - Part 3 Security Assurance Components

ICS 35.030

LITD 17

NATIONAL FOREWORD

This Indian Standard (Part 3) (Third Revision) which is identical with ISO/IEC 15408-3 : 2022 'Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components' issued by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) jointly was adopted by the Bureau of Indian Standards on the recommendations of Information Systems Security and Privacy Sectional Committee and approval of the Electronics and Information Technology Division Council.

This standard was originally published in 2001 and was identical with ISO/IEC 15408-3 : 1999. The first revision of this standard was published in 2006 and was identical with ISO/IEC 15408-3 : 2005. The second revision of this standard was published in 2016 and was identical with ISO/IEC 15408-3 : 2008. The third revision aligns this Indian Standard with ISO/IEC 15408-3 : 202.2

The main changes in this edition are as follows:

a) The terminology has been reviewed and updated;

b) The exact conformance type has been incorporated;

c) Low assurance PPs have been removed and direct rationale PPs have been incorporated;

d) PP-Modules and PP-Configurations for modular evaluations have been incorporated; and

e) Multi-assurance evaluation has been incorporated

Other parts in this series are:

Part 1 Introduction and general model (third revision)

Part 2 Security functional components (third revision)

Part 4 Framework for the specification of evaluation methods and activities

Part 5 Pre-defined packages of security requirements

The text of ISO/IEC standard has been approved as suitable for publication as an Indian Standard without deviations. Certain conventions are however not identical to those used in Indian Standards. Attention is particularly drawn to the following:

a) Wherever the words 'International Standard' appear referring to this standard, they should be read as 'Indian Standard'; and

b) Comma (,) has been used as a decimal marker while in Indian Standards, the current practice is to use a point (.) as the decimal marker.