What is ISO-IEC 19790:2018?

ISO-IEC 19790:2018, also known as the ISO/IEC Common Criteria for Information Technology Security Evaluation, is a globally recognized standard that provides a framework for evaluating the security of IT products and systems. This standard was developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to establish consistent and repeatable criteria for assessing the trustworthiness of security features built into these products.

Why is ISO-IEC 19790:2018 important?

With the increasing dependence on technology in our daily lives, it has become crucial to ensure the security and reliability of IT systems. ISO-IEC 19790:2018 plays a critical role in achieving this goal. By adhering to the requirements specified in this standard, organizations can evaluate the trustworthiness of IT products and systems before deployment, making informed decisions about their security.

This standard provides a common language for vendors, purchasers, and users to communicate about security requirements and ensures that products claiming compliance have undergone rigorous evaluation.

Key components of ISO-IEC 19790:2018

ISO-IEC 19790:2018 defines a set of security functional requirements and assurance requirements for IT products. The security functional requirements specify the functionality that the product's security features should possess. These requirements cover areas such as access control, cryptography, auditability, and more.

The assurance requirements, on the other hand, focus on the processes and methods used during the development, production, and maintenance of the IT product. These requirements aim to provide assurance that the claimed security functionality has been correctly implemented and will operate as intended.

Benefits of ISO-IEC 19790:2018

Compliance with ISO-IEC 19790:2018 brings several benefits to both producers and consumers of IT products and systems. For producers, adherence to this standard enhances the credibility of their security claims, enabling them to sell their products in a competitive market. It also provides a systematic approach for designing and developing secure products.

For consumers, ISO-IEC 19790:2018 offers assurance that the purchased IT products and systems meet certain security requirements and have undergone rigorous evaluation. This helps organizations make informed decisions, mitigate risks, and ensure the reliability and integrity of their IT infrastructure.

In conclusion, ISO-IEC 19790:2018 is an essential standard for evaluating the security of IT products and systems. It provides a common language, sets functional and assurance requirements, and offers numerous benefits to both producers and consumers. By adhering to this standard, organizations can enhance the security and trustworthiness of their IT environments.