A standard that establishes the general concepts and principles of IT security evaluation and specifies a general model of evaluation. It includes catalogs of security requirements in a standardized language.