This standard specifies the technical requirements and testing and evaluation methods for information system security audit products. The technical requirements include security function requirements, self-security function requirements and security assurance requirements, and proposes classification requirements for information system security audit products. This standard applies to the design, development, testing and evaluation of information system security audit products.