Browse Definitions :
Definition

Common Criteria (CC) for Information Technology Security Evaluation

Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments. Common Criteria is more formally called "Common Criteria for Information Technology Security Evaluation." 

Common Criteria has two key components: Protection Profiles and Evaluation Assurance Levels. A Protection Profile (PPro) defines a standard set of security requirements for a specific type of product, such as a firewall. The Evaluation Assurance Level  (EAL) defines how thoroughly the product is tested.  Evaluation Assurance Levels are scaled from 1-7,  with one being the lowest-level evaluation and seven being the highest-level of evaluation. A higher-level evaluation does not mean the product has a higher level of security, only that the product went through more tests. 

To submit a product for evaluation, the vendor must first complete a Security Target (ST) description, which includes an overview of the product and product's security features, an evaluation of potential security threats and the vendor's self-assessment detailing how the product conforms to the relevant Protection Profile at the Evaluation Assurance Level the vendor chooses to test against. The laboratory then tests the product to verify the product's security features and evaluates how well it meets the specifications defined in the Protection Profile. The results of a successful evaluation form the basis for an official certification of the product. The goal of CC certification is to assure customers that the products they are buying have been evaluated and that the vendor's claims have been verified by a vendor-neutral third party. 

 

Learn more:

The Common Criteria Portal makes the guidelines and specifications available for downloading. 

The Trusted Computer System Evaluation Criteria was superseded by the Common Criteria for Information Technology Security Evaluation in 2005.

This was last updated in March 2011

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

Dateiendungen und Dateiformate

Gesponsert von:

SearchCompliance

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance framework

    A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with...

SearchSecurity

  • Trojan horse (computing)

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, ...

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable ...

  • DNS over HTTPS (DoH)

    DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a ...

SearchHealthIT

  • telemedicine (telehealth)

    Telemedicine is the remote delivery of healthcare services, such as health assessments or consultations, over the ...

  • Project Nightingale

    Project Nightingale is a controversial partnership between Google and Ascension, the second largest health system in the United ...

  • medical practice management (MPM) software

    Medical practice management (MPM) software is a collection of computerized services used by healthcare professionals and ...

SearchDisasterRecovery

SearchStorage

  • M.2 SSD

    An M.2 SSD is a solid-state drive (SSD) that conforms to a computer industry specification and is used in internally mounted ...

  • kilobyte (KB or Kbyte)

    A kilobyte (KB or Kbyte) is a unit of measurement for computer memory or data storage used by mathematics and computer science ...

  • virtual memory

    Virtual memory is a memory management capability of an operating system (OS) that uses hardware and software to allow a computer ...

Close