ISO/IEC 18045

ISO/IEC 18045 – Information technology -- Security techniques -- Methodology for IT security evaluation

Title:	ISO/IEC 18045:2005 - Information technology -- Security techniques -- Methodology for IT security evaluation
Source reference:	http://isotc.iso.org/livelink
Topic:	Standard containing auditing guidelines for assessment of compliance with ISO/IEC 15408 (Information technology -- Security techniques -- Evaluation criteria for IT security)
Direct / indirect relevance	Indirect. The text is a meta-norm providing guidelines for compliance evaluation based on the criteria of another standard; not for RM/RA as such.
Scope:	Publicly available ISO standard, to be followed when evaluating compliance with ISO/IEC 15408 (Information technology --Security techniques -- Evaluation criteria for IT security)
Legal force:	Nonbinding ISO standard.
Affected sectors:	Generic. The standard can be followed by any auditor involved in evaluating compliance with ISO/IEC 15408 (Information technology --Security techniques -- Evaluation criteria for IT security).
Relevant provision(s):	ISO/IEC 18045:2005 is a companion document to ISO/IEC 15408, Information technology --Security techniques -- Evaluation criteria for IT security. ISO/IEC 18045 specifies the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408. (source: http://iso.nocrew.org/)
Relevance to RM/RA:	The standard is a ‘companion document’, which is thus primarily of used for security professionals involved in evaluating compliance with ISO/IEC 15408 (Information technology --Security techniques -- Evaluation criteria for IT security). Since it describes minimum actions to be performed by such auditors, compliance with ISO/IEC 15408 is impossible if ISO/IEC 18045 has been disregarded.

Browse the Topics