The IT Law Wiki
Advertisement

Definition[]

Common Criteria is a

[g]overning document that provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems.[1]

Security[]

The term Common Criteria (CC) may refer to the International Common Criteria for Information Technology Security Evaluation, which is an international standard (ISO/IEC 15408). It is a set of internationally-accepted semantic tools and constructs for describing the security needs of customers and the security attributes of products. It is an International Organization for Standardization standard and the subject of a multilateral agreement among 26 nations, known as the Common Criteria Recognition Arrangement (CCRA).

The Common Criteria provides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area of IT security.

Use of Common Criteria "protection profiles" and "security targets" greatly aids the development of products (and to some extent systems) that have IT security functions. The rigor and repeatability of the Common Criteria methodology provides for thorough definition of user security needs. Security targets provide system integrators with key information needed in the procurement of components and implementation of secure IT systems.[2]

The original Common Criteria was produced in 1993. In 1996, Common Criteria v1.0 was produced; in 1998, v2.0 was produced; and in 1999, v2.1, was produced. CC v2.1 complies with ISO/IEC 15448.

References[]

Advertisement