The standard was updated in (the fourth edition) and now consists of five primary parts:
ISO/IEC 15408, widely known as the , is the international standard for evaluating the security functionality and assurance of IT products and systems. The standard provides a framework for consumers to specify security requirements and for developers to have their products independently evaluated. Structure of ISO/IEC 15408 (2022 Edition) iso iec 15408 pdf
Part 3 gives the document its soul. Protection Profiles (PPs) are user-side manifestos. Instead of vendors saying "look at my cool firewall," a government says: "We need a Collaborative Protection Profile for Network Devices ." They define the problem before the solution exists. The standard was updated in (the fourth edition)
– Sets the ground rules for developing evaluation activities derived from the Common Evaluation Methodology (ISO/IEC 18045). Protection Profiles (PPs) are user-side manifestos
The is not a document you read on a beach. It is a dense, technical toolkit designed to remove ambiguity from security claims. Whether you purchase the official copy from ISO or download the free Common Criteria version from NIST, owning this PDF is the first step toward credible IT security evaluation.