Common Criteria (CC)
The international standard for computer security certification
- About Common Criteria (CC)
- Solutions
- Related Products
- Resources
About Common Criteria (CC)
The Common Criteria for Information Technology Security Evaluation (Common Criteria, CC) is an internationally recognized certification standard for the security of IT products and systems. It was developed by Canada, France, Germany, the Netherlands, the UK, and the U.S. in the mid-90s.
The aim of these governments was to unify three major security evaluation standards and their criteria: the European ITSEC, the U.S. TCSEC and the Canadian CTCPEC. This way, products being sold into international markets should no longer be needed to be re-evaluated beforehand.
Common Criteria Key Concepts
The key concepts of Common Criteria include:
- Target of Evaluation (ToE) – The product or system evaluated against CC requirements.
- Security Functional Requirements (SFR) – The product’s or system’s security functions and capabilities
- Security Target (ST) – Description of the general functionality and especially the security functional requirements
- Protection Profile (PP) – Document to help identify the security requirements for a specific type of product, such as a smartcard or Hardware Security Module (HSM).
- Security Assurance Requirements (SAR) – Description of the measures taken to ensure compliance of an IT product with the claimed security features or levels
- Evaluation Assurance Level (EAL) - correspond to a group of SARs. They go from EAL 1 to EAL 7 and give insight into how extensively and rigorously an evaluation has been executed.
Solutions for Common Criteria (CC)
Common Criteria-Certified Hardware Security Modules
Utimaco’s General Purpose Hardware Security Modules are certified according to Common Criteria. Please find the respective certification reports of the different HSM platforms here:
u.trust General Purpose HSM Se-Series:
CryptoServer General Purpose HSM:
Related Products
Il offre une fonctionnalité multi-tenant évolutive, des performances supérieures et des possibilités de personnalisation pour une large gamme d'applications.
Le module de sécurité matériel est spécialisé dans la conformité eIDAS et les cas d'utilisation classifiés VS-NfD.
Resources
The u.trust General Purpose HSM Se-Series combines superior performance with multi-tenancy. From entry-level to high-performance use cases, all models are future-proof with post quantum cryptography readiness and are FIPS 140-2 Level 3 certified.
u.trust General Purpose HSM Se-Series
The u.trust General Purpose HSM Se-Series combines superior performance with multi-tenancy. From entry-level to high-performance use cases, all models are future-proof with post quantum cryptography readiness and are FIPS 140-2 Level 3 certified.
Téléchargement
The CC eIDAS compliance version for CryptoServer General Purpose HSM supports Trust Service Providers (TSPs) in fulfilling policy and security requirements defined in various ETSI technical standards (ETSI EN 319 401, EN 319 411, EN 319 421).
CryptoServer General Purpose HSM CC eIDAS
The CC eIDAS compliance version for CryptoServer General Purpose HSM supports Trust Service Providers (TSPs) in fulfilling policy and security requirements defined in various ETSI technical standards (ETSI EN 319 401, EN 319 411, EN 319 421).
Téléchargement
The data security standards for public authorities require the use of appropriate measures for ensuring the seamless protection of all sensitive data. One of the most efficient ways to do this is to use encryption tools that securely store and use keys in a VS-NfD HSM.
CryptoServer General Purpose HSM VS-NfD
The data security standards for public authorities require the use of appropriate measures for ensuring the seamless protection of all sensitive data. One of the most efficient ways to do this is to use encryption tools that securely store and use keys in a VS-NfD HSM.
Téléchargement
