Definition: The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. The Standard provides a comprehensive set of guidelines and specifications for evaluating information security products and systems.
Common Criteria explained
Common Criteria is a framework in which computer system users can specify their security functional requirements (SFRs) and security functional assurance requirements (SARs) using Protection Profiles (PPs). Technology vendors can then implement and/or make claims about the security attributes of their products, and use testing laboratories to evaluate their products to determine if they meet these claims.
In summary, Common Criteria ensures that a computer security product's specification, implementation, and evaluation were carried out in a rigorous, standard, and repeatable manner at a level that corresponds to its intended use environment. A vendor receives Common Criteria certification after successfully completing this process.
The goal of CC certification is to provide customers with assurance that the products they are purchasing have been evaluated and that the vendor's claims have been verified by a vendor-neutral third party.
Visit Utimaco’s Common Criteria page to learn how Utimaco products meet with the standard.
