CC Documentation
The Common Criteria is the result of the integration of information
technology and computer security criteria. In 1983 the US issued
the Trusted Computer Security Evaluation Criteria (TCSEC), which
became a standard in 1985. Criteria developments in Canada and
European ITSEC countries followed the original US TCSEC work. The
US Federal Criteria development was an early attempt to combine
these other criteria with the TCSEC, and eventually led to the
current pooling of resources towards production of the Common Criteria.
Version 1.0 of the CC was published for comment in January 1996.
Version 2.0 took account of extensive review and trials during
the next two years and was published in May 1998. Version 2.0 was
adopted by the International Organisation for Standards (ISO) as
an International Standard (ISO 15408) in 1999. Within the Common
Criteria project, this ISO standard is version 2.1.
The Common Criteria is composed of three parts: the Introduction
and General Model (Part 1), the Security Functional Requirements
(Part 2), and the Security Assurance Requirements (Part 3). While
Part 3 specifies the actions that must be performed to gained assurance,
it does no specify how those actions are to be conducted; to address
this, the Common Evaluation Methodology (CEM) was created for the
lower levels of assurance.
This common methodology is the basis upon which the member nations
have agreed to recognize the evaluation results of one another,
as specified in the "Arrangement on the Recognition of Common
Criteria Certificates in the field of Information Technology Security".
This was first signed in 2000 and additional member nations continue
to join this agreement.
The CC and CEM continue to evolve as its use spreads. This evolution
is propagated through the use of Interpretations, which are formal
changes periodically made to the CC/CEM that have been mutually
agreed by the participating producing nations.
The following links are to the CC, CEM, and their interpretations,
as well as to other informative documents.
Official Documents
Draft Documents
Useful Documents
(Note: the following have no official standing within the
Common Criteria Project or Arrangement on the Recognition of
Common Criteria Certificates)
|