Common Criteria

(redirected from ISO 15408)

Common Criteria

The Common Criteria for Information Technology Security Evaluation (CC) is part of an international agreement for defining security objectives using agreed-upon terminology, for evaluating compliance with those objectives and for certifying products. The Common Criteria (CC) includes the Common Methodology for Information Technology Security Evaluation (CEM), which defines the minimum actions to conduct a CC evaluation. The Common Criteria Recognition Arrangement (CCRA) is an agreement whereby nations agree to accept the results of each other's security testing and evaluations.

The U.S. signatories, NSA and NIST, working jointly for the National Information Assurance Partnership (NIAP), have developed the Common Criteria Evaluation and Validation Scheme (CCEVS), which summarizes all the standards used by the U.S. that conform to the Common Criteria. For more information, visit www.commoncriteriaportal.org/cc and www.commoncriteriaportal.org/ccra.

The Common Criteria have largely replaced the Trusted Computer Security Evaluation Criteria (TCSEC), the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) and the European Information Technology Security Evaluation Criteria (ITSEC).
References in periodicals archive ?
In addition to satisfying Leonardos strict security policies against cyber threats, the OTO 76/62 SR cyber security assessment also demonstrated that the weapon system meets a number of security requirements put forward by expert bodies, specifically the NIST SP800-53, ISO 15408 and ISO 27002 standards.