This document describes the cybersecurity evaluation methodology for ICT products. It is intended for use for all three assurance levels as defined in the Cybersecurity Act (i.e. basic, substantial and high).
The methodology is comprised of different evaluation blocks including assessment activities that comply with the evaluation requirements of the CSA for the three levels.
Where appropriate, it can be applied both to 3rd party evaluation and self-assessment.
It is expected that this methodology may be used by different candidate schemes and verticals providing a common framework to evaluate ICT products.