IS 15671 : 2024/ISO/IEC 18045 : 2022 Information Security, Cybersecurity and Privacy Protection - Evaluation Criteria for IT Security - Methodology for IT Security Evaluation

ICS 35.030

LITD 17

NATIONAL FOREWORD

This Indian Standard (Second Revision) which is identical to ISO/IEC 18045 : 2022 'Information security, cybersecurity and privacy protection - Evaluation criteria for it security - Methodology for it security evaluation' issued by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) jointly was adopted by the Bureau of Indian Standards on the recommendations of the Information Systems Security and Privacy Sectional Committee and approval of the Electronics and Information Technology Division Council.

This standard was originally published in 2006 and was identical with ISO/IEC 18045 : 2005. The first revision of this standard was published in 2016 and was identical with ISO/IEC 18045 : 2008. The second revision of this standard aligns this Indian Standard with ISO/IEC 18045 : 2022.

The main changes in this edition are as follows:

a) The exact conformance type has been introduced;

b) Low assurance PPs have been removed and direct rationale PPs have been introduced;

c) PP-modules and PP-configurations for modular evaluations have been introduced; and

d) Multi-assurance evaluation has been introduced.

The text of ISO/IEC standard has been approved as suitable for publication as an Indian Standard without deviations. Certain conventions are however not identical to those used in Indian Standards. Attention is particularly drawn to the following:

a) Wherever the words 'International Standard' appears referring to this standard, they should be read as 'Indian Standard'; and

b) Comma (,) has been used as a decimal marker while in Indian Standards, the current Practice is to use a point (.) as the decimal marker.