By using the navigation bar to the
left, you will find information about the Common Criteria for IT Security
Evaluation (CC), the Common Evaluation Methodology (CEM), and their
use.
Common Criteria Background:
In June 1993, the sponsoring organizations
of the existing US, Canadian, and European criterias started the
CC Project to align their separate criteria into a single set of
IT security criteria. Version 1.0 of the CC was completed in January
1996. Based on a number of trial evaluations and an extensive public
review, Version 1.0 was extensively revised and CC Version 2.0 was
produced in April of 1998. This became ISO International Standard
15408 in 1999. The CC Project subsequently incorporated the
minor changes that had resulted in the ISO process, producing CC
version 2.1 in August 1999.
Today the international community has embraced
the CC through the Common
Criteria Recognition Arrangement (CCRA) whereby the signers
have agreed to accept the results of CC evaluations performed by
other CCRA members.
The Common
Criteria Project is represented on the web at www.CommonCriteriaPortal.org
Common Criteria in the United States:
The US is represented
within the CC Project by the National Information Assurance Partnership (NIAP),
a joint NIST and National Security Agency (NSA) project. NIAP,
in turn, has established the Common Criteria Evaluation and Validation
Scheme (CCEVS) to implement the CCRA compliant evaluation scheme
within the US.