ISO/IEC TR 19791:2010为操作系统的安全评估提供了指导和标准。它通过考虑ISO/IEC 15408评估中未涉及的操作系统的许多关键方面，扩展了ISO/IEC 15408的范围。所需的主要扩展涉及评估目标周围的操作环境，以及将复杂的操作系统分解为可以单独评估的安全域。 ISO/IEC TR 19791:2010规定: 操作系统的定义和模型； 描述评估此类操作系统所需的ISO/IEC 15408评估概念的扩展； 执行操作系统安全评估的方法和过程；其他安全评估标准，以解决ISO/IEC 15408评估标准未涵盖的操作系统方面。 ISO/IEC TR 19791:2010允许将根据ISO/IEC 15408进行评估的安全产品纳入使用ISO/IEC TR 19791:2010进行整体评估的操作系统中。 ISO/IEC TR 19791:2010仅限于操作系统的安全评估，不考虑其他形式的系统评估。它没有定义识别、评估和接受操作风险的技术。

ISO/IEC TR 19791:2010 provides guidance and criteria for the security evaluation of operational systems. It provides an extension to the scope of ISO/IEC 15408 by taking into account a number of critical aspects of operational systems not addressed in ISO/IEC 15408 evaluation. The principal extensions that are required address evaluation of the operational environment surrounding the target of evaluation, and the decomposition of complex operational systems into security domains that can be separately evaluated. ISO/IEC TR 19791:2010 provides:

1. a definition and model for operational systems;
2. a description of the extensions to ISO/IEC 15408 evaluation concepts needed to evaluate such operational systems;
3. a methodology and process for performing the security evaluation of operational systems;
4. additional security evaluation criteria to address those aspects of operational systems not covered by the ISO/IEC 15408 evaluation criteria.

ISO/IEC TR 19791:2010 permits the incorporation of security products evaluated against ISO/IEC 15408 into operational systems evaluated as a whole using ISO/IEC TR 19791:2010. ISO/IEC TR 19791:2010 is limited to the security evaluation of operational systems and does not consider other forms of system assessment. It does not define techniques for the identification, assessment and acceptance of operational risk.