Vendors seeking CC certification produce a Security Target based on a relevant Protection Profile. An accredited laboratory then tests the product against the claims. The resulting EAL indicates the depth of rigor:
While older versions often circulated as three-part PDF sets, the edition has expanded to five comprehensive parts to provide more flexibility and better guidance for modern IT environments: ISO/IEC 15408-2 iso/iec 15408 pdf
ISO/IEC 15408 is a standard for the evaluation of IT products' security functionality. It provides a framework for evaluating the security properties of a product, such as its ability to resist attacks, protect sensitive data, and maintain the integrity of its functions. Vendors seeking CC certification produce a Security Target
ISO/IEC 15408 is organized into three main parts: It provides a framework for evaluating the security
A Protection Profile for Secure PDF Processors could be developed, mandating that the software sandbox rendering engines, disable automatic script execution unless explicitly enabled, and validate signature certificates according to a defined trust model.
