Common Criteria
Certify your product to meet Government (NIAP & EAL) and Regulated Industry requirements for information assurance
Common Criteria
Certify your product to meet Regulated Industry and Government requirements for information assurance
What Is Common Criteria?
Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products against functional and assurance requirements.
Once completed, it provides assurance to buyers that the process of specification, implementation and evaluation for any certified computer security solution was conducted in a thorough and standard manner.
The Standard: Common Criteria
The National Information Assurance Acquisition Policy, NSTISSP No. 11, requires government agencies to purchase only those commercial security products that have met specified third-party assurance requirements and have been tested by an accredited national laboratory.
Completing your Common Criteria evaluation allows you to sell your solutions to the U.S. Federal Government, International Governments, and other highly regulated industries around the globe.
The Paths: Security Requirements
Thirty one countries, including the United States and Canada, have signed the Common Criteria Recognition Arrangement (CCRA), making it an unparalleled measure of security for the international commerce of IT products.
There are two available paths to completing Common Criteria certification. The requirements and features of your solution will dictate which path is more suitable for your company.
PROTECTION PROFILE
A Protection Profile (PP) is a product specific set of security criteria, each “product profile” contains varying requirements that must be addressed to pass CC certification
- All CC evaluations completed in the U.S. must adhere to a NIAP approved Protection Profile
- Your product must conform to ALL requirements specified within the PP
- PPs are accepted internationally
- There are currently 37 approved Protection Profiles and even more in development
EVALUATION ASSURANCE LEVEL
Common Criteria evaluations can be performed against a set of predetermined Evaluation Assurance Levels (EAL). The EAL is a grade given in relation to how the product addresses the functional and assurance requirements
- There are 7 Assurance Levels
- Each Level is more stringent then the previous one
- The CCRA established that evaluations up to an EAL 2 be recognized by all participating countries, regardless of where the evaluation was completed
Protection Profile
A Protection Profile (PP) is a product specific set of security criteria, each “product profile” contains varying requirements that must be addressed to pass CC certification
All CC evaluations completed in the U.S. must adhere to a NIAP approved Protection Profile
- Your product must conform to ALL requirements specified within the PP
- A PP is accepted internationally at an EAL 2+
- There are currently 37 approved Protection Profiles and even more in development
Evaluation Assurance Level
Common Criteria evaluations can be performed against a set of predetermined Evaluation Assurance Levels (EAL). The EAL is a grade given in relation to how the product addresses the functional and assurance requirements
- There are 7 Assurance Levels
- Each Level is more stringent then the previous one
- The CCRA established that evaluations up to an EAL 2 be recognized by all participating countries, regardless of where the evaluation was completed