EN ISO/IEC 15408-4:2023

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 4: Framework for the specification of evaluation methods and activities (ISO/IEC 15408-4:2022) EN ISO/IEC 15408-4:2023

General information

60.60 Standard published   Dec 6, 2023


CEN/CLC/JTC 13 Cybersecurity and Data Protection

European Norm

35.030   IT Security


The ISO/IEC 15408 series permits comparability between the results of independent security evaluations. The ISO/IEC 15408 series does so by providing a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation. ISO/IEC 18045 provides a companion methodology for some of the assurance requirements specified in the ISO/IEC 15408 series, ISO/IEC 15408-1 and ISO/IEC 18045 also allow that more specific Evaluation Activities (EAs) may be derived for use in particular evaluation contexts. Specification of such Evaluation Activities is already occurring amongst practitioners and this creates a need for a specification for defining such Evaluation Activities.

This document, ISO/IEC 15408-4, provides a standardised framework for specifying objective, repeatable and reproducible Evaluation Methods (EMs), and Evaluation Activities.

Life cycle


EN ISO/IEC 15408-4:2023
60.60 Standard published
Dec 6, 2023


prEN ISO/IEC 15408-4 rev


Adopted from ISO/IEC 15408-4:2022 IDENTICAL