DN-Systems

Sections

Personal tools

You are not logged in
Log in

You are here: Home » Policy » Common Criteria » Common Criteria » Common Criteria » Common Criteria

Languages

Common Criteria

“Common Criteria for Information Technology Security Evaluation (CC), Version 2.0" have been released in its final version end of May 1998 with contributions by Germany, France, Great Britain, Canada, the Netherlands and the US.

These common criteria are applicable to evaluating the security features of practically any information technology product or system.

In Germany, the CC are represented by the Bundesamt für Sicherheit in der Informationstechnik (BSI)

CC 2.1 has been standardized by the International Organization for Standardization (ISO) as ISO 15408.

The few non-technical changes introduced by the ISO standardization process have been incorporated into the CC in its version 2.1.

This part contains an elaborate catalogue of functional requirements. The catalogue is meant as a recommendation for how to describe a product’s or system’s functionality but in any given case it might be more appropriate to choose a different approach and diverge from the catalogue. The appendix covers background information and the connection between threats, security targets and functional requirements.

Part 3: Evaluation Assurance

This part lists requirements regarding trustworthiness. It is crucial that every evaluation result is based on a certain level of trust possibly amended by further requirements. The CC defines seven evaluation assurance levels: