A standard that establishes the general concepts and principles of IT security evaluation and specifies a general model of evaluation. It includes catalogues of security requirements in a standardised language.