ISA/IEC 62443 Cybersecurity Fundamentals Specialist — Question 39

What is the purpose of ISO/IEC 15408 (Common Criteria)?

Answer options

• A. To define a security management organization
• B. To describe a process for risk management
• C. To define a product development evaluation methodology
• D. To describe what constitutes a secure product

Correct answer: C

Explanation

The correct answer is C because ISO/IEC 15408 provides a structured evaluation methodology for assessing the security attributes of products. Options A and B refer to broader concepts of security management and risk management, which are not the focus of the Common Criteria, while option D describes secure product characteristics rather than the evaluation process itself.