That morning bowl of oatmeal has a lot more in common with ISO/IEC 15408 than you probably thought.

For starters, oatmeal is machined to certain specifics, certified gluten-free, very unexciting, and yes, it’s nutritious.  Consider it a basic building block of a healthy breakfast.

ISO 15408 is the international standard for certifying computer security. You could say that ISO 15408, also called the Common Criteria, provides the basic recipe for cooking up a secure IT product or system. This is the framework by which organizations show that their product specs, the implementation, and security evaluations have all been done in a systematic and repeatable way. While there are no guarantees of security, it reduces the risk of a monster screw-up – just like measuring the raw oats, milk, and salt helps reduce the chances of a runny or burnt bowl of oatmeal.

Boring yes, but experience shows us that most individuals cook their oatmeal in a systematic way because they want dependable results. And, the same is true for their security.
And it is really is different than the ISO 27001 specifications for implementing an information security management system (ISMS). (A lot more will be said about  ISO 27001 at a different time.)

ISO 15408 establishes eleven different families of functional and guarantee constraint classes for evaluating security. These are much more detailed than the average oatmeal recipe and include everything from audit to user data protection:

    • Audit
    • Communication
    • Cryptographic support
    • User data protection
    • Identification and authentication
    • Security management
    • Privacy
    • Security functions protection
    • Resource utilization
    • Access
    • Trusted path/channels

An exhaustive list? Yes. But now it gets better. Safetica 5 is able to cover 2/3s of these functional component requirements. Just in the user data protection class (labeled as FDP), Safetica helps its clients meet nine requirements including:

    • FDP_ACC – Access control policy
    • FDP_IFF – Information flow control functions
    • FDP_RIP – Residual information protection

So remember when it comes to ISO/IEC 15408 – and your organization’s need to follow the Common Criteria – Safetica provides some great cooking guidance.  To take a look at the complete list, just download the PDF or contact Safetica.

Safetica team

Next articles

Safetica ONE 10.0: The new generation of DLP integrated with Insider threat protection features

The new content inspection and OCR, risk detection, and data analytics API integration, new branding in the products' user interfaces and improved the overall user experience.

VIDEO: Sensitive Data Protection and Company Operations Audit with Safetica

Learn how can Safetica solve your company sensitive data protection and operation audit goals!

Security or uninterrupted work? With Safetica 9.9 you get both.

New version brings override of DLP policies or control of when file content scan is needed. And announcing public beta of Safetica 9.10 with OCR!
Safetica uses small cookies to improve your website experience. You may disable them from your browser settings at any time. Learn more.