CSA Group Information technology - Security techniques - Methodology for IT security evaluation (Adopted ISO/IEC 18045:2008, second edition, 2008-08-15)

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). This Standard supersedes CAN/CSA-ISO/IEC 18045-06 (adoption of ISO/IEC 18045:2005). At the time of publication, ISO/IEC 18045:2008 is available from ISO and IEC in English only. CSA will publish the French version when it becomes available from ISO and IEC. Scope This International Standard is a companion document to the evaluation criteria for IT security defined in ISO/IEC 15408. It defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408. This International Standard does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance.