This document specifies an extension for the ISO/IEC 15408 series and ISO/IEC 18045 to specify patch management requirements.
The document focuses on the initial TOE. The security assurance requirements specified in this document do not include evaluation or test activities on the final TOE, but on the initial TOE and on the life cycle processes used by manufacturers. Additionally, this document gives guidance to facilitate the evaluation of the TOE including the patch and development processes which support the patch management.
This document lists options for evaluation authorities (or mutual recognition agreements) on how to utilize the additional assurance and additional evidence in their processes to enable the developer to consistently re-certify their updated or patched TOEs to the benefit of the users of these TOEs. The implementation of these options by an evaluation scheme is out of the scope of this document.
Status: Under development
Technical Committee: ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection
- ICS :
- 35.030 IT Security
This standard contributes to the following Sustainable Development Goal:
ISO/IEC CD TS 9569Stage: 30.99
Got a question?
Check out our FAQs
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)
Keep up to date with ISO
Sign up to our newsletter for the latest news, views and product information.