General Interest - Common Criteria


What are the Common Criteria?

ISO/IEC 15408-1:1999

Information Technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model.

Part 1 defines general concepts and principles of IT security evaluation and presents a general model of evaluation. This part also presents the constructs for expressing IT security objectives, for selecting and defining IT security requirements, and for writing high-level specifications for products and systems. In addition, it provides the usefulness of each part of the Common Criteria in terms of each of the target audiences.

ISO/IEC 15408-2:1999

Information Technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements.

This part establishes a set of security functional components as a standard way of expressing the security requirements for IT products and systems. The catalog is organized into classes, families, and components.

ISO/IEC 15408-3:1999

Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 3: Security Assurance Requirements.

This part produces a catalog of establishes set of assurance components that can be used as a standard way of expressing the assurance requirements for IT products and systems. The Part 3 catalog is organized into the same class - family - component structure. Part 3 also defines evaluation criteria for PPs and STs. Part 3 presents the seven Evaluation Assurance Levels (EALs), which are predefined packages of assurance components that make up the Common Criteria scale for rating confidence in the security of IT products and systems.

Common Criteria tools are available from the National Information Assurance Program. You can visit the NIAP page directly at this link.