The Common Criteria

The Common Criteria

This is a series of documents that are the technical basis for an international agreement, called the Common Criterial Recognition Arrangement (CCRA). The CCRA ensures that:

  • Products can be evaluated by competent and independent licensed laboratories to determine the fulfillment of particular security properties to a certain extent or assurance;
  • Supporting documents are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies;
  • The certification of the security properties of an evaluated product can be issued by a number of certified authorizing schemes with this certification being based on the result of their evaluation;
  • These certificates are recognized by all the signatories of the CCRA.

In effect, these documents represent best practices in the industry. The document below is the Common Criteria for Information Technology Security Evaluation.

The Common Criteria document is generally written to address the interests of five distinct groups:

  1. Consumers (the risk owners)
  2. Developers
  3. Technical working groups
  4. Evaluators
  5. Others

For each group, there is