ISO/IEC 15408-1:2026

Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 1: Introduction and general model

Publication date: May 19, 2026

General information

Current stage: 60.60 Effective date: May 19, 2026

Originator: ISO/IEC

Owner: ISO/IEC JTC 1/SC 27

Type: International Standard

ICS: 35.030

Languages: English French

Buying

Status: Published

PDF

Paper

PDF and Paper

Language

Language in which you want to receive the document.

Scope

This document establishes the general concepts and principles of information technology (IT) security evaluation. It specifies the general model of evaluation given in this document, which in its entirety is intended to be used as the basis for evaluation of security properties of IT products.
This document provides an overview of all parts of the ISO/IEC 15408 series. It describes the various parts of the ISO/IEC 15408 series i.e.

defines the terms and abbreviations used in all parts of the series; establishes the core concept of a Target of Evaluation (TOE);
describes the evaluation context; and
describes the audience to which the evaluation criteria is addressed.

Additionally, this document introduces the basic security concepts necessary for the evaluation of IT products.

Life cycle

PREVIOUSLY

WITHDRAWN
ISO/IEC 15408-1:2022

NOW

PUBLISHED
ISO/IEC 15408-1:2026
60.60 Standard published
May 19, 2026

National adoptions

dnaSRPS EN ISO/IEC 15408-1:2026

ISS

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC 15408-1:2026)

50.60 Close of voting. Proof returned by secretariat

I224 more