Independent testing of functional specs of IT industry product developers’ security products by an institution from customer or manufacturer according to a standard, certifying of compatibility and controlling the continuity of situation is needed.
Additionally; it is necessary to ensure to the customer that the requirements of products are being met by security functions and the comparability between national and international evaluations are being provided.
It is the (ISO 15408) security standard which has been developed to identify product and/or systems security levels of Common Criteria information Technologies and to test independent laboratories, based on TCSEC and ITSEC standards and is accepted by International Organisation For Standardisation (ISO) in 1999 International Information Technologies Security Evaluation Standard.
Turkish Standards Institution in the name of Turkey has accepted evaluations of certificate producer countries by signing in September 2003 Common Criteria Recognition Agreement signed by countries which accept this Standard and has implemented Common Criteria Certification Scheme which is established in TURKISH STANDARDS INSTITUTION INFORMATION TECHNOLOGIES TEST and CERTIFICATION DEPARTMENT.
IT products which has taken ISO 17025 accreditation from Turkish Standards Institution as National Common Criteria Certification Body and has the certificates given according to results of licensed TSE independent test laboratory, are obtaining safeguards in efficiency of security criteria to determined threats and in appliance of these criteria rightly on product.
In this perspective Common Criteria Standard represents completely the criteria that is introduced as a result of long term and international performance for evaluations of information Technologies security.
Common Criteria Standard has been published by International Organisation For Standardisation (ISO) in 3 chapters.
These chapters are specified below:
TS ISO/IEC 15408-1
Information Technologies- Security Techniques - Evaluation Criteria for Information Technologies (IT) Security –Chapter 1:Introduction and General Model
TS ISO/IEC 15408-2
Information Technologies-Security Techniques- Evaluation Criteria for Information Technologies (IT) Security -Chapter 2:Security Functional Requirements
TS ISO/IEC 15408-3
Information Technologies-Security Techniques -Evaluation Criteria for Information Technologies (IT) Security-Chapter3: Security Assurance Requirements