Synonyms
Definition
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for security certification of software/system products.
Background
Common Criteria (CC) were developed through the effort of many governmental organizations and originated out of preexisting standards (The European ITSEC, the Canadian CTCPEC, and the United States Department of Defence TCSEC called the Orange Book).
CC allows the specification of security requirements for a particular product/system and the implementation of an evaluation process to establish the level of confidence that the product satisfies the security requirements.
The standard is concerning product evaluation and certification, while other security standards are related to the certification of processes. An example is ISO/IEC 27000 series, an information security management system.
The focus of Common Criteria is on the evaluation...
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsRecommended Reading
Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model (2009) Version 3.1, Revision 3 (CCMB-2009-07-001), July 2009
Common Criteria for Information Technology Security Evaluation, Part 2: Security functional components (2009) Version 3.1, Revision 3 (CCMB-2009-07-002), July 2009
Common Criteria for Information Technology Security Evaluation, Part 3: Security assurance components (2009) Version 3.1, Revision 3 (CCMB-2009-07-003), July 2009
Common Methodology for Information Technology Security Evaluation, Evaluation methodology (2009) Version 3.1, Revision 3 (CCMB-2009-07-004), July 2009
Vetterling M, Wimmel G, Wisspeintner A (2002) Secure systems development based on the common criteria: the PalME project. In: Proceedings of SIGSOFT 2002/FSE-10. Nov. 18–22, 2002. Charleston, SC. ACM, New York, pp 129–138
Keblawi F, Sullivan D (2006) Applying the common criteria in systems engineering. IEEE Secur Priv 4(2):50–55
Hearn J (2004) Does the common criteria paradigm have a future? IEEE Secur Priv 2(1):64–65
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Salvaneschi, P. (2011). Common Criteria, From a Security Policies Perspective. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_815
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_815
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering