ITWissen.info - Tech know how online

common criteria (CC)

"Common Criteria for Information Technology Security Evaluation"(CC) is the further development of Information Technology Security Evaluation Criteria( ITSEC), the Trusted Computer Security Evaluation Criteria( TCSEC) of the USA and the Canadian Trusted Computer Product Evaluation Criteria( CTCPEC). These are globally recognized security standards for the evaluation and certification of information technology systems.

The Common Criteria certification was founded in 1998 by government agencies in the USA, Canada, Germany, Great Britain and France and has already been adopted by several other countries. In this context, the German Federal Office for Information Security( BSI) has taken an active role in the development of the Common Criteria. The Common Criteria were published by NIST and are standardized internationally by the International Standards Organization( ISO). The ISO 15408 standard describes the evaluation of the security functions of IT products.

Security levels according to ITSEC and Common Criteria (CC)

Security levels according to ITSEC and Common Criteria (CC)

The Common Criterias describe the scope for security-related evaluation, as well as the functional requirements related to the threat and security objectives, and the trustworthiness requirements.

Development of the Common Criteria (CC)

Development of the Common Criteria (CC)

The classification of the IT security test within the framework of the Common Criteria is carried out in seven so-called EAL levels, which are also referred to as protection profiles. These range from EAL1 for insufficient trust to EAL7 for formally verified design and testing of IT equipment.


All rights reserved DATACOM Buchverlag GmbH © 2024