The primary aim of the evaluation of software products is to provide appropriate, acceptable, understandable, and for the interested parties – developers, suppliers, customers, users, assessors, certifying bodies — useful proof of the product’s quality and security and other relevant characteristics.
Our Evaluation Division uses the following four methodologies:
- Evaluating the quality of software products
This evaluation methodology is applicable to all ready-made software products, and inspects and certifies whether the requirements described in the ISO/IEC 25051 standard are met. Apart from the general requirements regarding the product description and the user manual, the focus of the process is connected to the quality requirements concerning the software, more precisely the software quality features described in standard ISO/IEC 25010. These are as follows: functional suitability, reliability, performance-efficiency, operability, security, compatibility, maintainability and portability.
- Security evaluation of software products
This evaluation methodology is applicable to software products for which business continuity and security and crucial; the evaluation itself is the model defined in standard ISO/IEC 15408, and follows the requirements of ISO/IEC 18045, which contains the related evaluation methodology. The final result of the evaluations is an evaluation report based on methodology ISO/IEC 18045.
The evaluation is based on various documents related to development – security appropriation, planning documents, guidance documents, life cycle support documents, documents concerning testing, and the software to be run and assessed itself – and it focuses on the security features prescribed in standard ISO/IEC 25010.
- Security evaluation of information technology systems
This evaluation methodology is applicable to information technology systems for which business continuity and security are crucial. The evaluation concerning the security of the information technology systems follows the requirements of the evaluation methodology prescribed in KIB recommendation number 28. The evaluation is based on various documents related to development – system security appropriation, security plans, guidance documents, documents concerning testing – and it focuses on the security features prescribed in standard ISO/IEC 25010.
- Cryptographic security evaluation of software products
This evaluation method is applicable to software modules performing cryptographic mechanisms.
Evaluation concerning the cryptographic security of software products is based on the model – related to the security requirements of cryptographic modules – described in standard ISO/IEC 19790 and is focused on the following complementary cryptographic features of the security features prescribed in standard ISO/IEC 25010: confidentiality, integrity and non-repudiation. Our laboratory has developed a detailed methodological procedure for the lowest level – Level 1 – of the four security levels prescribed in standard ISO/IEC 19790. The final result of the evaluation is an evaluation report based on the guidelines described in standard ISO/IEC 19790.