This national standard specifies the steps required to conduct a basic security assessment of ICT products. This standard is intended to respond to the need for evaluation of products whose deployment is planned in environments where the threat level is basic or substantial, including, in addition, a limited scope within a limited time and effort, allowing costs to be accessible to all types of developers. It is, therefore, a methodology created for the evaluation of products of medium or low criticality. The objective of the evaluation process is to allow an evaluation team to verify if the product conforms to its specification, determining the effectiveness of the implemented security functions and including the results in an Evaluation Technical Report (ETR). To do so, the evaluation is based on the Security Target (ST) Declaration that defines the scope of the evaluation, guidelines for the safe use and configuration of the product and the public information about the product (technical specifications, product sheets, etc.), as well as the product itself (TOE). All these elements will be provided by the sponsor of the evaluation. The requirements established in this standard are generic and applicable to all organizations, regardless of their type, size or nature as long as the products to be evaluated meet the condition of low or substantial threat and criticality level.