The paper concerns IT security development and evaluation processes according to the Common Criteria – CC (ISO/IEC 15408) family of standards, and is based on the results of the au-thor’s earlier works dealing with modelling of these processes. The paper focuses on the workout of the security environment specification based on the previously identified features of an IT security-related product, presented in [2]. The security environment presents the nature and scope of the IT security-related product and discusses the threats, policy rules and assumptions of the product working environment. This specification is used for the security objectives definition, which is the basis for further IT security development stages. The UML-based approach was introduced to specify the secu-rity environment using predefined generics contained within the design library. It is part of the com-mon development framework and a computer-aided tool developed on the framework. Using the UML in the Common Criteria based IT security development process allows achieving more consistent designs in an easier way.