Common Criteria

The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5.^[1]

Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs, respectively) in a Security Target (ST), and may be taken from Protection Profiles (PPs). Vendors can then implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.^[2] Common Criteria maintains a list of certified products, including operating systems, access control systems, databases, and key management systems.^[3]

^ "Publications: CC Portal". Retrieved 2024-01-06.
^ "Common Criteria - Communication Security Establishment". Archived from the original on 2021-02-01. Retrieved 2015-03-02.
^ "Common Criteria Certified Products". Retrieved 2023-12-30.

[1] "Publications: CC Portal". Retrieved 2024-01-06.

[2] "Common Criteria - Communication Security Establishment". Archived from the original on 2021-02-01. Retrieved 2015-03-02.

[3] "Common Criteria Certified Products". Retrieved 2023-12-30.

[1]

[2]

[3]