That morning bowl of oatmeal has a lot more in common with ISO/IEC 15408 than you probably thought.

For starters, oatmeal is machined to certain specifics, certified gluten-free, very unexciting, and yes, it’s nutritious.  Consider it a basic building block of a healthy breakfast.

ISO 15408 is the international standard for certifying computer security. You could say that ISO 15408, also called the Common Criteria, provides the basic recipe for cooking up a secure IT product or system. This is the framework by which organizations show that their product specs, the implementation, and security evaluations have all been done in a systematic and repeatable way. While there are no guarantees of security, it reduces the risk of a monster screw-up – just like measuring the raw oats, milk, and salt helps reduce the chances of a runny or burnt bowl of oatmeal.

Boring yes, but experience shows us that most individuals cook their oatmeal in a systematic way because they want dependable results. And, the same is true for their security.
And it is really is different than the ISO 27001 specifications for implementing an information security management system (ISMS). (A lot more will be said about  ISO 27001 at a different time.)

ISO 15408 establishes eleven different families of functional and guarantee constraint classes for evaluating security. These are much more detailed than the average oatmeal recipe and include everything from audit to user data protection:

    • Audit
    • Communication
    • Cryptographic support
    • User data protection
    • Identification and authentication
    • Security management
    • Privacy
    • Security functions protection
    • Resource utilization
    • Access
    • Trusted path/channels

An exhaustive list? Yes. But now it gets better. Safetica 5 is able to cover 2/3s of these functional component requirements. Just in the user data protection class (labeled as FDP), Safetica helps its clients meet nine requirements including:

    • FDP_ACC – Access control policy
    • FDP_IFF – Information flow control functions
    • FDP_RIP – Residual information protection

So remember when it comes to ISO/IEC 15408 – and your organization’s need to follow the Common Criteria – Safetica provides some great cooking guidance.  To take a look at the complete list, just download the PDF or contact Safetica.

Safetica team

Next articles

Safetica ONE 11.0: Taking the Safetica product experience to a whole new level

Fueled by insightful feedback from our customers and extensive research of industry trends, we bring you our latest product release - Safetica ONE 11.0!

Safetica NXT strengthens its promise of being both a smart and simple DLP SaaS solution

Now with over 300+ built-in templates in data classification and protection​ plus an improved easy-to-use navigation 

Safetica ONE 10.2 Released: Improved OCR, UX, Updates for Large Environments

We are happy to introduce changes that improve Safetica ONE again: from secondary language support to improved user experience for forced reboots or network integration limited to critical apps.