The answer to both questions lies in the international standard known as ISO/IEC 15408, more commonly referred to as the .
Part 2 is the technical catalog of security functions. It is essentially a massive menu of security features that a product can claim to possess. It is organized into classes, families, and components. iso iec 15408 pdf
