ISO/IEC 18045

ISO/IEC 18045 – Information technology -- Security techniques -- Methodology for IT security evaluation

Published under Risk Management
Title: ISO/IEC 18045:2005 - Information technology -- Security techniques -- Methodology for IT security evaluation
Source reference: http://isotc.iso.org/livelink
Topic: Standard containing auditing guidelines for assessment of compliance with ISO/IEC 15408 (Information technology -- Security techniques -- Evaluation criteria for IT security)
Direct / indirect relevance Indirect. The text is a meta-norm providing guidelines for compliance evaluation based on the criteria of another standard; not for RM/RA as such.
Scope: Publicly available ISO standard, to be followed when evaluating compliance with ISO/IEC 15408 (Information technology --Security techniques -- Evaluation criteria for IT security)
Legal force: Nonbinding ISO standard.
Affected sectors: Generic. The standard can be followed by any auditor involved in evaluating compliance with ISO/IEC 15408 (Information technology --Security techniques -- Evaluation criteria for IT security).
Relevant provision(s): ISO/IEC 18045:2005 is a companion document to ISO/IEC 15408, Information technology --Security techniques -- Evaluation criteria for IT security. ISO/IEC 18045 specifies the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408.

(source: http://iso.nocrew.org/)
Relevance to RM/RA: The standard is a ‘companion document’, which is thus primarily of used for security professionals involved in evaluating compliance with ISO/IEC 15408 (Information technology --Security techniques -- Evaluation criteria for IT security). Since it describes minimum actions to be performed by such auditors, compliance with ISO/IEC 15408 is impossible if ISO/IEC 18045 has been disregarded.

 

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information