The present document gives guidance on the application of security countermeasures to service capabilities. It covers the construction of services from service capabilities and how a security evaluation of a service capability should be performed. The present document examines and gives guidance on the use of the Composition assurance class defined by the Common Criteria working group in order to be able to answer the question: “if components A and B are evaluated as having security ratings X and Y what is the security rating that can be assigned to the combination of A and B?” The present document builds on the guidance to the Common Criteria for Information Technology Security Evaluation given in EG 202 387 [3] with a particular view to assessing the security of the NGN. In the NGN context, where services are not explicitly defined but are made from combining service capabilities, the present document gives guidance on the means to apply effective security to both service capabilities in isolation, and to service capabilities in combination. The guidance reviews the service capability model in clause 4 and examines the requirements for security arising from the service capability requirements defined for NGN-R1 in clause 5. The analysed security requirements are presented in the form of ISO/IEC 15408-2 [17] functional models. Clause 6 presents a review of the Common Criteria Composition assurance class and describes its impact on the ETSI standardization process. Annex A reviews the use of cryptographic techniques in the NGN. A number of assumptions of the design of NGN for security analysis to take place are made on the NGN development process. The assumption in the present document is that the NGN has been developed using top-down decomposition of the specification, using techniques of planned validation of the specification, with careful recording of design decisions and validation results.