ISO 15408 Common Criteria To Prepare a Product for the ISO 15408 Common Criteria Process Roughly the following studies are expected to be undertaken. It is reasonable to summarize these studies under guarantee classes. Because in the evaluation process, an Interim Report is generated for each class.

1-ASE Class (ST-Security Target):
For this class, a document called developer-side Security Target is prepared.

In this document, the producer describes his policies, assumptions, the assets in his product, his threats to them, and the precautions he has taken to protect them. It expresses all this and especially the safety functions in the form of templates (SFR) that the ISO 15408 Common Criteria desires rather than a straight document.

2-ADV Class (Design):
Document describing product design. Here are three different documents, although there are different side documents.

a) Design Document (TOE Design Document):
It is the document that the whole design of the product is explained in detail at low level. Here, roughly speaking, all the source code can be tried.
However, it is not accepted that this narration is in the form of a straight line document describing the code.
The product is logically expected to be divided first by the subsystems and then by the modules.
When this division is made, the security functions described in the ST document must conform to the SFRs described in the ISO 15408 Common Criteria.
This subsystem and the relationships between the modules should be shown.
(SFR-Enforcing, SFR_Supporting, SFR-Non interfering) to enforce, support, or disregard security functions of subsystems and modules.

b) Functional Specification Document:
The document that the functional structure of the product is processed through the interfaces.
The internal and external interfaces of the product should be elaborated in this context.
In addition, the parameters entered from these interfaces and the responses received should be described.
Again, the security functions of these interfaces; (TSFI Enforcing, Supporting, Non-Interfering) should be processed and justified.

c) Secure Architectural Document:
Mostly the product is examined in terms of domain separation, non bypassibility and self-protection properties.
Domain Separation explores whether there is a domain separation between the product's application environment or its parts and how the product provides this domain separation feature.
All safety functions of the product should be addressed and how the scenarios in which these functions can be bypassed or disabled should be considered and how the product provides protection against them.
Literature scan should list the attacks that can be done against similar product groups and explain how the product will counter them.

3-AGD Class (Guide Documents):
Within this class, guide documents of the product are created. It is expected that two documents will be formed in this step.

a) Installation Document
b) User Guide Documentation

These are the documents that every developer can prepare or prepare in general terms. What is critical here is that both documents can answer standard questions.

For example: roles, responsibilities, priorities, etc.

What is important here in terms of the ISO 15408 Common Criteria is that the guidance documents are taken into account and treated here in the Security Target document, where the security requirements are left to environmental factors.

4-ALC Class (Development Environment and Life Cycle):
Here, documents related to the product development environment and life cycle are prepared.

Configuration Management System Document
Instrument Used Documents
Delivery Document
Life Cycle Document
Development Environment Security Document
Prepared. These documents need to be prepared in such a way as to respond to the questions of the standard with inputs to be received from the developer.

Also within the scope of this step, the TSE and the laboratory visit the developer's environment (Site Visit). Here, we are in charge of our supervisor and our job is to control and arrange for proper environment.

5-ATE Class (Functional Tests):
This step plans, makes, and documents functional tests for the manufacturer's product. It then matches the tests with the interface, subsystem and modules contained in the "Design Document" and "Functional Specification Document" to show the adequacy of the scope and depth of these tests.

In this context, it can be said that at the most basic two documents will be prepared.

a) Test Document: Includes test plans, tests and results.

b) Test Scope and Depth Document: interface, subsystem and modules.

As a consultant, support is provided to ensure that the content of the Test Document conforms to the ISO 15408 Common Criteria systems. You can support the preparation of the Test Scope and Depth Document.

6-AVA Class (Infiltration Tests):
It's all about penetration tests that the lab will do.