UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

CEN - EN 17640

Fixed-time cybersecurity evaluation methodology for ICT products

active, Most Current
Organization: CEN
Publication Date: 1 October 2022
Status: active
Page Count: 58
ICS Code (IT Security): 35.030
scope:

This document describes a cybersecurity evaluation methodology that can be implemented using pre-defined time and workload resources, for ICT products. It is intended to be applicable for all three assurance levels defined in the CSA (i.e. basic, substantial and high).

The methodology comprises different evaluation blocks including assessment activities that comply with the evaluation requirements of the CSA for the mentioned three assurance levels. Where appropriate, it can be applied both to third-party evaluation and self-assessment.

Document History

EN 17640
October 1, 2022
Fixed-time cybersecurity evaluation methodology for ICT products
This document describes a cybersecurity evaluation methodology that can be implemented using pre-defined time and workload resources, for ICT products. It is intended to be applicable for all three...

References

This document references:
EN ISO/IEC 15408-1 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model
Published by CEN on December 1, 2023
This document establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is...
This document references:
EN ISO/IEC 15408-2 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 2: Security functional components
Published by CEN on December 1, 2023
This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that meets the...
This document references:
EN ISO/IEC 15408-3 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components
Published by CEN on December 1, 2023
This document defines the assurance requirements of the ISO/IEC 15408 series. It includes the individual assurance components from which the evaluation assurance levels and other packages contained...
This document references:
EN ISO/IEC 17000 - Conformity assessment - Vocabulary and general principles
Published by CEN on June 1, 2020
This document specifies general terms and definitions relating to conformity assessment (including the accreditation of conformity assessment bodies) and to the use of conformity assessment to...
This document references:
EN ISO/IEC 17025 - General requirements for the competence of testing and calibration laboratories
Published by CEN on December 1, 2017
This document specifies the general requirements for the competence, impartiality and consistent operation of laboratories. This document is applicable to all organizations performing laboratory...
This document references:
EN ISO/IEC 18045 - Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Methodology for IT security evaluation
Published by CEN on November 1, 2023
This document defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC...
This document references:
EN 303 645 - CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements
Published by ETSI on June 1, 2020
The present document specifies high-level security and data protection provisions for consumer IoT devices that are connected to network infrastructure (such as the Internet or home network) and...
This document references:
IEC 62443-4-1 - Security for industrial automation and control systems – Part 4-1: Secure product development lifecycle requirements
Published by IEC on January 1, 2018
This part of IEC 62443 specifies process requirements for the secure development of products used in industrial automation and control systems. It defines a secure development life-cycle (SDL) for...
This document references:
IEC 62443-4-2 - Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components
Published by IEC on February 1, 2019
This part of IEC 62443 provides detailed technical control system component requirements (CRs) associated with the seven foundational requirements (FRs) described in IEC TS 62443- 1-1 including...
This document references:
ISO/IEC 19896-1 - IT security techniques - Competence requirements for information security testers and evaluators - Part 1: Introduction, concepts and general requirements
Published by ISO on February 1, 2018
This document defines terms and establishes an organized set of concepts and relationships to understand the competency requirements for information security assurance conformance-testing and...
View Less
View All
Advertisement