Common Criteria

(redirected from CCEVS)
Also found in: Acronyms, Wikipedia.

Common Criteria

(Common Criteria for Information Technology Security) An international standard process for defining security objectives and for evaluating compliance with those objectives. The Common Criteria have largely replaced the Trusted Computer Security Evaluation Criteria (TCSEC), the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) and the European Information Technology Security Evaluation Criteria (ITSEC). See NCSC.

The Common Criteria comprise an extremely comprehensive program that is made up of many parts. For example, the Mutual Recognition Arrangement (MRA) is an informal agreement among countries that accepts the results of each other's security testing and evaluations. The U.S. signatories, NSA and NIST, working jointly for the National Information Assurance Partnership (NIAP) have developed an informal standard called the Common Criteria Evaluation and Validation Scheme (CCEVS). CCEVS summarizes all the standards used by the U.S. in order to conform to the Common Criteria.
References in periodicals archive ?
You can obtain a copy of this document from any CCTL or the NIAP CCEVS.
The evaluation results produced by these CCTLs and validated by the NIAP CCEVS Validation Body will be recognized by 12 other countries currently participating with the United States in the Common Criteria Recognition Arrangement signed during the 1st International Common Criteria Conference earlier this year.
The WS and AS distributions of the Red Hat Enterprise Linux 4 operating system platform were certified by the NIAP CCEVS as conformant to EAL4+ and the Controlled Access Protection Profile (CAPP), which specifies a set of security functional and assurance requirements for IT products.
The standard is referred to as the 'Common Criteria' (ISO/IEC 15408), with the CCEVS as the United States implementation of the Common Criteria standard.
The NIAP CCEVS maintains a "Validated Products List" and a separate list of products that are "In Evaluation".
Reinforcing its position as the federal government's premier IT governance, risk management and compliance (IT GRC) solution, Xacta IA Manager was the first risk management and regulatory compliance product to be CCEVS certified in 2005.