Tuesday, March 13, 2007

Just the FAQs on Common Criteria

Entrust seems to sum it up nicely. Here's a portion.

The Common Criteria, which has become ISO standard 15408 in 1999, is an alignment and development of a number of source IT security evaluation criteria....The CC allows comparisons to be made between the results of independent security evaluations. By establishing such a common criteria base, the intent is for the results of an IT security evaluation to be meaningful to a wider audience. It does so by providing a common set of security functional and assurance requirements for IT security evaluations performed in different countries.

The CC divides the IT security requirements into functionality components (i.e., requirements that specify what the product should do) and in assurance components (i.e., requirements that provide the ‘trust’ the user can place in the product or system)....


Sphere: Related Content