Common Criteria

The Common Criteria represents the outcome of efforts to develop criteria for evaluation of IT security that are widely useful within the international community. It is an alignment and development of a number of source criteria: the existing European, US and Canadian criteria (ITSEC, TCSEC and CTCPEC respectively). The Common Criteria resolves the conceptual and technical differences between the source criteria. It is a contribution to the development of an international standard, and opens the way to worldwide mutual recognition of evaluation results.

 

Criteria developments in Canada and European ITSEC countries followed the original US TCSEC work (Orange Book). The US Federal Criteria development was an early attempt to combine these other criteria with the TCSEC, and eventually led to the current pooling of resources towards production of the Common Criteria.

A great strength in the CC development is the close involvement of all the parties with experience of creating the original national Criteria documents. The CC benefits from their accumulated wisdom, and their intent for a fully flexible approach to the standardization of security functionality and evaluation assurance. The CC has been made sufficiently flexible to permit its evolutionary convergence with the numerous existing national schemes for IT security evaluation, certification and accreditation.

 

Read more at http://www.commoncriteriaportal.org