Contents
What is Common Criteria (CC)? International standards for information security
Introduction
Common Criteria (CC) is an internationally recognized set of standards for evaluating and certifying the security of information technology products and systems. It provides a framework for defining and assessing security requirements, specifications, and assurance methods, allowing users to make informed decisions when selecting and implementing security solutions. In this blog post, we will delve into the details of Common Criteria, its purpose, and its significance in the realm of information security.
The Purpose of Common Criteria
The primary objective of Common Criteria is to establish a consistent and reliable approach to security evaluations. It aims to ensure that IT products and systems meet predetermined security requirements and provide a certain level of assurance to users and customers. By adhering to the Common Criteria, vendors can have their products tested and evaluated against internationally recognized standards, enabling users to confidently choose secure technologies for their specific needs.
Components of Common Criteria
Common Criteria consists of several essential components that collectively contribute to the evaluation and certification process. These components include:
1. Protection Profiles (PPs): Protection Profiles define security requirements for specific IT product types or classes. They serve as the basis for security evaluations and provide a standardized set of criteria, ensuring consistent evaluations across different products.
2. Security Targets (STs): Security Targets are documents that describe the security properties of an individual product or system under evaluation. They outline the security objectives, functionalities, and assurance requirements that the product or system should fulfill.
3. Evaluation Assurance Levels (EALs): The Evaluation Assurance Level is a numeric rating that represents the depth and rigor of the evaluation process. It ranges from EAL1 (the lowest) to EAL7 (the highest), with higher levels indicating more stringent evaluation methods and broader assurance requirements.
4. Security Functional Requirements (SFRs): Security Functional Requirements specify the expected security behaviors and capabilities of a product. They define the security functions and services a product should offer to mitigate known threats and vulnerabilities.
5. Security Assurance Requirements (SARs): Security Assurance Requirements define the criteria and methodologies used to demonstrate the security properties and capabilities of a product or system. They verify the correctness of the security functionality claimed by vendors.
Significance of Common Criteria
Common Criteria plays a vital role in ensuring trust, interoperability, and confidence in information security products and systems. By adhering to international standards and undergoing rigorous evaluation processes, vendors can effectively demonstrate the security capabilities and functionalities of their offerings. Users, on the other hand, can rely on the Common Criteria certification to assess the security of products and make informed decisions based on independent and trustworthy evaluations.
In conclusion, Common Criteria is a set of international standards that enhance the security of information technology products and systems. It provides a consistent framework for evaluating and certifying security properties, enabling vendors and users to build and trust secure solutions. By promoting a standardized approach to information security, Common Criteria establishes a foundation of trust and confidence in an ever-evolving digital landscape.
Reference Articles
Read also
[Google Chrome] The definitive solution for right-click translations that no longer come up.