Common Criteria


Also found in: Dictionary, Medical, Acronyms, Wikipedia.

Common Criteria

The Common Criteria for Information Technology Security Evaluation (CC) is part of an international agreement for defining security objectives using agreed-upon terminology, for evaluating compliance with those objectives and for certifying products. The Common Criteria (CC) includes the Common Methodology for Information Technology Security Evaluation (CEM), which defines the minimum actions to conduct a CC evaluation. The Common Criteria Recognition Arrangement (CCRA) is an agreement whereby nations agree to accept the results of each other's security testing and evaluations.

The U.S. signatories, NSA and NIST, working jointly for the National Information Assurance Partnership (NIAP), have developed the Common Criteria Evaluation and Validation Scheme (CCEVS), which summarizes all the standards used by the U.S. that conform to the Common Criteria. For more information, visit www.commoncriteriaportal.org/cc and www.commoncriteriaportal.org/ccra.

The Common Criteria have largely replaced the Trusted Computer Security Evaluation Criteria (TCSEC), the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) and the European Information Technology Security Evaluation Criteria (ITSEC).
References in periodicals archive ?
"Common Criteria certification signifies that the Vision ONE and Vision 7303 network packet brokers meet the stringent security requirements of U.S.
The Leidos (formerly SAIC) Common Criteria Testing Laboratory conducted the testing of PowerBroker for Unix & Linux, and the National Information Assurance Partnership (NIAP), the United States approving authority, granted the Common Criteria certificate (# 10691) that became effective on August 30, 2016.
An electronically-controlled and logged two-factor access portal that exceeds Common Criteria requirements
"Common Criteria EAL4+ certification is a great achievement
"The growing number of Juniper Networks solutions achieving certification via testing frameworks such as Common Criteria and FIPS demonstrates our ongoing commitment to meet the most rigorous networking demands of global public sector clients and our systems integrator partners," said Brian Roach, vice president, Federal, Juniper Networks.
The Department of Defense (DoD) requires that commercial off-the-shelf (COTS) WLAN systems incorporate the toughest security measures to protect the integrity of voice and data traffic traveling across the wireless network, and meet the requirements of FIPS 140-2 and the Common Criteria, including the WLAN Access System Protection Profile requirements.
Gerald Krummeck, Common Criteria Lab Director, notes: "Assured security directly benefits IBM customers who entrust their business-critical operations to these certified products, but it also indirectly impacts every individual involved in any sort of financial, medical, or other transaction processed through an IBM mainframe computer.
The EU-wide blacklist will reportedly be based on common criteria for banning airlines.
(NASDAQ:SFNT), setting the standard for information security, has announced that the cryptographic platform on which the Luna SA and SP hardware security modules are based, has entered Common Criteria (CC) and German Digital Signature Law (SigG) evaluation process.
That policy mandates that government agencies only purchase information security products, including firewalls, which have been evaluated and certified according to internationally recognized Common Criteria. In August, the DoD issued a memorandum stating further that products must also meet protection profiles.
The consortium, known as the Smart Card Security Users Group (SCSUG), developed the security specifications using the new international security standard ISO/IEC 15408, which is known as the Common Criteria. A commercial testing laboratory evaluated the specifications, which then were validated by NIST and NSA under the NIAP Common Criteria Evaluation and Validation Scheme.
A uniform approach to reporting on internal control implies there must be a common definition of internal control and common criteria for evaluation--and both must be designed to make the reporting process useful and effective.

Full browser ?