ISO/IEC 18045
ISO/IEC 18045 – Information technology -- Security techniques -- Methodology for IT security evaluation
Published under Risk Management
Title: | ISO/IEC 18045:2005 - Information technology -- Security techniques -- Methodology for IT security evaluation |
Source reference: | http://isotc.iso.org/livelink |
Topic: | Standard containing auditing guidelines for assessment of compliance with ISO/IEC 15408 (Information technology -- Security techniques -- Evaluation criteria for IT security) |
Direct / indirect relevance | Indirect. The text is a meta-norm providing guidelines for compliance evaluation based on the criteria of another standard; not for RM/RA as such. |
Scope: | Publicly available ISO standard, to be followed when evaluating compliance with ISO/IEC 15408 (Information technology --Security techniques -- Evaluation criteria for IT security) |
Legal force: | Nonbinding ISO standard. |
Affected sectors: | Generic. The standard can be followed by any auditor involved in evaluating compliance with ISO/IEC 15408 (Information technology --Security techniques -- Evaluation criteria for IT security). |
Relevant provision(s): | ISO/IEC 18045:2005 is a companion document to ISO/IEC 15408, Information technology --Security techniques -- Evaluation criteria for IT security. ISO/IEC 18045 specifies the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408. (source: http://iso.nocrew.org/) |
Relevance to RM/RA: | The standard is a ‘companion document’, which is thus primarily of used for security professionals involved in evaluating compliance with ISO/IEC 15408 (Information technology --Security techniques -- Evaluation criteria for IT security). Since it describes minimum actions to be performed by such auditors, compliance with ISO/IEC 15408 is impossible if ISO/IEC 18045 has been disregarded. |
Browse the Topics