International standardization activities in SC 27 regarding Security Assurance and Evaluation


IT Security standardization is the task of Subcommittee 27 (SC 27) since its start in Stockholm in 1990. SC 27 is one of the SCs within ISO/IEC JTC 1 which is the body responsible for all types of IT standardization. SC 27 today has over 40 national standardization bodies as members, representing most of the industrial world.

Within SC 27, Working Group 3 is dealing with activities related to Security Assurance and Evaluation of security. The most well-known published standard in this area is “Evaluation Criteria for IT Security", IS 15408, more commonly known as the Common Criteria. The development of 15408 has been, and is, undertaken in close cooperation with the international CC project - which is today an important part of the CCRA (Common Criteria Recognition Arrangement) activities. The active liaison relation between WG 3 and the Common Criteria Development Board (CCDB)(and its predecessors) has been very productive and has been in place for over 10 years.

A number of other standards are developed and maintained by WG 3. The presentation includes on overview of all current WG 3 activities and concludes with a brief outlook on potential future standardization work.